Abstract
Inter & intra domain adaptive routing protocols are required to propagate reachability information to locate other hosts/routers/contents amongst disparate parts of the Internet. Border Gateway Protocol (BGP), for instance, is the defacto inter-domain routing protocol operating amongst divergent Internet components known as Autonomous Systems (ASes). Nonetheless, the protocol can suffer from Byzantine failure whereby a legitimate node simply misbehaves. While security should be a built-in element of any trustworthy forwarding design, it appears to be an arduous add-on process for BGP. This research addresses such vulnerabilities and can be summarised into the following: 1. A Detailed Survey on the BGP State-of-the-art Security Challenges and Solutions: these analyses proved that Byzantine failure remains the inherent deficiency here. Results also stressed the potential solution should be an incrementally deployable remedy, involve minimum/standard crypto, be placed on a higher layer than BGP and not be an option. 2. Robust Modelling/Visual Analytics of BGP & its Security Vulnerabilities/Schemes: the experimental results from the emulated Cisco infrastructure evidenced that the magnitude of the adverse effect of accepting false or malicious reachability information is reliant directly on the location of the origin and thus the Byzantine attacker’s position in relation to the victim’s location becomes determinative. The OPNET-based modelling visualised and validated that the richer the attacker is in the interconnectivity, the larger the adversary impact is. Additionally, the closer the attacker is to the victim, the higher the attack’s success rate. 3. Analysis, Design, Implementation & Evaluation of a Novel Method for Byzantine Robust BGP: studying the hierarchical structure as well as the power-law structure properties of the Internet in addition to the thorough OPNET-based analyses, Localised Overlay Management Plane (LOMP) was proposed. LOMP demonstrates that having only a few security-conscious ASes, placed over particular vantage points, can add Byzantine robustness to BGP to a large extent. This research then realised LOMP architecture based on Cisco infrastructure and evaluated the deployment critically in terms of the added overhead and protocol message signalling. 4. Analysing the “Trust” in the Future Internet (FI) Forwarding Plane Proposals: two promising FI proposals namely CURLING as an information-centric networking approach for accessing contents at the Internet scale and OpenFlow, the most commonly deployed software-defined networking technology, are analysed as a final contribution. With the former, five distinct attack scenarios for hijacking contents are revealed and addressed through our synthesis design proposal. With the latter, this research integrates the forwarding of IPsec flows into the OpenFlow architecture in order to facilitate the secure group communication based on a novel method.