Internet Routing Research Articles

A forensically-sound methodology for advanced data acquisition from embedded devices at-scene

This paper presents a methodology for advanced extraction of data from embedded devices such as Internet routers. The use of different access techniques are considered, in order to gain access to device memory memory, and an investigative methodology is proposed. Lessons learnt from “hardware hacking” are considered and presented. Preparatory steps are discussed to maximise efficiency and likelihood of success for data acquisition. At scene actions and practice are discussed. The results show that, under the right circumstances, a full ‘filesystem’ and a full 'physical' acquisition of the device’s internal flash memory can be achieved. That this data can be decoded and extracted into a format which may subsequently be examined in industry-standard digital forensic tools is also presented and explored.

Advanced hybrid secure multipath optimized routing in Internet of Things (IoT)‐based WSN

SummaryExploration has been done on Internet of Things (IoT) with accentuation on the security like remote system security, correspondence security, sensor information security, respectability of physical signals, and impelling gadgets. The procedure for current security is not reasonable for IoT applications as gadgets that are included at the ground level have some of the restricted assets, low multifaceted nature, and vitality requirements. IoT being a system of systems permits billions of people and machines to connect with each other. IoT offers us a chance to build compelling organizations, applications for assembling, lifesaving arrangements, appropriate development, and the sky is the limit from there. The manuscript proposes a broad review of the IoT innovation and its differed applications in life sparing, brilliant urban communities, rural, mechanical by looking into the ongoing examination work. Existing strategies manage static remote sensor web to reason the interruptions in which the sensor hubs are conveyed in a uniform way to hold the consistency. Since the sensor hubs are referred to through various transmission locales having a determination of sensor checking hubs has become a difficult activity in ongoing examination. The enemies are additionally moving starting with one area then onto the next to investigate its particular tasks around the system. Hence, to given adaptable security, a protected routing along with the observing convention with multivariation tuples utilizing two‐fish symmetric key (TFSK) way to deal with the foes in the worldwide sensor organize. The proposed approach is the advanced hybrid secure multipath optimized routing in Internet of Things (IoT)‐based WSN. The two methodologies that are involved making a better routing protocol is the enhanced‐multipath optimized link state routing (E‐MP‐OLSR) and secure and efficient ad hoc on‐demand multipath distance vector (SE‐AOMDV) protocols. Besides, the proposed directing system is tough to different versatile foes; and henceforth, it guarantees multipath conveyance.

A Comprehensive Review on Secure Routing in Internet of Things: Mitigation Methods and Trust-Based Approaches

Internet of Things (IoT) is a network of “things,” connected via Internet, to collect and exchange data. These “things” can be sensors, actuators, smartphones, wearables, computers, or any object that is interconnected to provide specific services. Similarly, wireless sensor network (WSN), as a part of IoT, forwards the gathered data after sensing any event. The scalability and heterogeneity of IoT offer limited protection and is prone to diverse attacks, including WSN-inherited attacks. Moreover, IPv6 routing protocol for low power and lossy networks (RPL), a de facto routing protocol for IoT networks, also suffers from certain vulnerabilities based on its features and functionalities. Researchers have proposed various mitigation mechanisms for secure networks and routing in IoT. Recently, trust-based approaches have gained tremendous interest from the research community to embed security in IoT networks and routing protocols. In the existing literature, several trust models have been introduced according to the security needs of the IoT system, such as SecTrust, DCTM-IoT, CTRUST, etc. In this research, security issues and requirements of IoT networks and RPL routing protocol are studied with respect to various attacks, such as Blackhole, Spoofing, Rank, etc. Additionally, various mitigation methods and significance of trust models in IoT for secure routing are analyzed. Further, trust metrics in IoT environments, including the open issues and research challenges, as well as the implication of trust as a security paradigm in IoT networks and routing protocols are discussed.

Fuzzy Logic Approach for Routing in Internet of Things Network

A performance of network is evaluated by considering different parameters. The network lifetime depends on many factors Residual energy, Link lifetime and Delay. The Major Challenge in IoT is to the increased lifetime of low power and lossy network (RPL).The process considering input and output to evaluate Network performance by considering the above factors. The proposed system makes use of FIS (Fuzzy Inference System) for selecting the best path to maximize network lifetime. The outcome obtained by using MATLAB and Network performance is increased. The excellent route is selected if Residual Energy is 194, Link quality is 51.2 and Delay is 1.05 then excellent route quality is 73.4%.

DETECTION OF MALEVOLENT NODES IN INTERNET OF THINGS NODES USING A TRUST BEHAVIOURAL FRAMEWORK

Secured internet routing in IoT has been an important study since last decade, but it has seriously threatened the data protection due to the impact of malicious nodes. An effective mechanism is therefore essential, since most of them are vulnerable to attack, to detect and prevent malicious nodes in IoT. A Trust Framework (TF) for improving diagnosis and preventing malignant nodes in IoTs is suggested in this article. This system monitors the disruptive activity of nodes in the network during agility and connectivity. It helps prevent the malicious node from affecting the packets that are run on the level of the confidence. This identification and avoidance helps to enhance packet routing with high privacy between IoT nodes.

Congestion Avoidance and Control in Internet Router Based on Fuzzy AQM

The internet has made the world a little community, linking millions of people, organizations, and equipment for different purposes. The great impact of these networks in our lives makes their efficiency a vital matter to take care of, and this needs handling some problems including congestion. In this paper, the fuzzy-PID controller is used to control the nonlinear TCP / AQM model. This controller adjusts congestion of the computer network and commits controlled pressurized signaling features. Many experiments were carried out using different network parameter values, various queue sizes, and additional disturbances to verify the robustness and efficiency of the proposed controller. From all experiments carried out in the NS-2 simulator version (2.35), the results show the superiority of the FPID controller under different network traffic conditions.

Identifying Networks Vulnerable to IP Spoofing

The lack of authentication in the Internet's data plane allows hosts to falsify (spoof) the source IP address in packet headers. IP source spoofing is the basis for amplification denial-of-service (DoS) attacks. Current approaches to locate sources of spoofed traffic lack coverage or are not deployable today. We propose a mechanism that a network with multiple peering links can use to coarsely locate the sources of spoofed traffic in the Internet. The idea behind our approach is that a network can monitor and map spoofed traffic arriving on a peering link to the set of sources routed toward that link. We propose mechanisms the network can use to systematically vary BGP announcement configurations to induce changes to Internet routes and to the set of sources routed to each peering link. A network using our technique can correlate observations over multiple configurations to more precisely delineate regions sending spoofed traffic. Evaluation of our techniques on the Internet shows that they can partition the Internet into small regions, allowing targeted intervention.

A security‐driven network architecture for routing in industrial Internet of Things

AbstractIndustrial Internet of Things (IIoT), as the integration of industrial network and IoT, has attracted a lot of attention from both academia and industry. However, with such integration deepens, many issues suffered by the industrial networks are exposed and magnified. The secure routing is a key focus, since the industrial environment is extremely vulnerable and many potential threats (eg, distributed denial of service and selfish attacks) are introduced due to the connection to the Internet. In order to prevent the threats from the Internet and embrace the benefits of IIoT, a security‐driven network framework for routing is particularly designed. Specifically, we first leverage the technologies of software‐defined networking (SDN), network function virtualization (NFV), and blockchain to create the overall framework which is flexible, programmable, and secure. On one hand, the three‐level structure of SDN/NFV is applied to each domain, based on which we can flexibly control and program the underlying forwarding devices in this domain for the purpose of calculating the optimal routing policies. On the other hand, the blockchain is applied among different SDN controllers to create a trust and untamperable environment. Then, under this framework, a secure routing mechanism is proposed as well to prevent the attacks on the basis of node identity authentication and node behavior authentication. The simulation experiments are carried out on the OMNet++ platform and the experimental results indicate that the proposed mechanism outperforms the other state‐of‐the‐art methods in terms of scalability and robustness especially when encountering malicious attacks.

Synthetic Adaptive Fuzzy Disturbance Observer and Sliding-Mode Control for Chaos-Based Secure Communication Systems

This paper aims to present secure communication based on master and slave Lorenz chaotic systems. To apply a form of the linear synchronization control method, the mathematical models of master and slave systems were reformed into Takagi-Sugeno (T-S) fuzzy systems. First, the Lorenz chaotic system was completely changed to the form of the T-S fuzzy model with two sublinear systems and two boundary fuzzy membership functions. Second, a newly adaptive disturbance observer (ADOB) was proposed with a high convergent speed for the synchronization system, which was based on the basic nonlinear disturbance observer. Third, adaptive sliding-mode control (ASMC) has been constructed to synchronize the master and slave systems of a secure communication system. The stability of the proposed control algorithms was shown by solving the Lyapunov condition with the support of Young's inequality. The synchronization of two nonidentical chaotic Lorenz systems was utilized to encrypt and decrypt the data. Transmitted and decrypted signals are used to show that the proposed algorithms are adequate for the secure communication system. To confirm the originality and power of the proposed algorithms, secure communication between two computers was implemented perfectly through an internet router and electronic circuit communication scenarios.

Modelling and Simulation Analysis of Power Flow Router in Energy Internet

With a large number of distributed generation (DG) and controllable load connected to the power grid under the background of energy Internet development, the security and stability of the grid are challenged. Power flow control has become a problem of the operation of the power grid. Power flow router (PFR) has become an important element of energy Internet. It is an effective way to realize the power flow control of active distribution network when abundant distributed resources are connected to the grid. In this paper, the steady-state and dynamic operation characteristics of PFR are studied, and the corresponding mathematical model is established. The effect of PFR on optimizing the power flow and improving the dynamic characteristics of distribution network is analysed by the 14-node distribution network case simulating.

Attacking the Quantum Internet

The main service provided by the coming quantum Internet will be creating entanglement between any two quantum nodes. We discuss and classify attacks on quantum repeaters, which will serve roles similar to those of classical Internet routers. We have modeled the components for and structure of quantum repeater network nodes. With this model, we point out attack vectors, then analyze attacks in terms of confidentiality, integrity, and availability. While we are reassured about the promises of quantum networks from the confidentiality point of view, integrity and availability present new vulnerabilities not present in classical networks and require care to handle properly. We observe that the requirements on the classical computing/networking elements affect the systems’ overall security risks. This component-based analysis establishes a framework for further investigation of network-wide vulnerabilities.

Performance analysis of asynchronous priority-based internet router under self-similar traffic input - queueing system with Markovian input and hyper-exponential services

In this paper, queueing behaviour of asynchronous priority-based internet router with self-similar traffic input is analysed. As Markov modulated Poisson process (MMPP) emulates self-similar traffic, it is used as input process of pertinent queueing system. For quality of service (QoS) guarantee in a broadband integrated services digital network (B-ISDN), partial buffer sharing (PBS) mechanism is promising one. Since, network traffic is asynchronous and of variable packet lengths, wavelength division multiplexing (WDM) technology is to be employed, according to which, each output port is modelled as multi server queueing system. The service times (packet lengths) are assumed to follow hyper-exponential (Hk) distribution. For the said reasons, router here is modelled as MMPP/Hk/s/C queueing system employing PBS mechanism. High and low priority packet loss probabilities, and mean lengths of non-critical and critical periods are computed, and presented graphically. This analysis is useful in dimensioning the priority-based asynchronous router with self-similar traffic input.

Performance analysis of asynchronous priority-based internet router under self-similar traffic input - queueing system with Markovian input and hyper-exponential services

In this paper, queueing behaviour of asynchronous priority-based internet router with self-similar traffic input is analysed. As Markov modulated Poisson process (MMPP) emulates self-similar traffic, it is used as input process of pertinent queueing system. For quality of service (QoS) guarantee in a broadband integrated services digital network (B-ISDN), partial buffer sharing (PBS) mechanism is promising one. Since, network traffic is asynchronous and of variable packet lengths, wavelength division multiplexing (WDM) technology is to be employed, according to which, each output port is modelled as multi server queueing system. The service times (packet lengths) are assumed to follow hyper-exponential (Hk) distribution. For the said reasons, router here is modelled as MMPP/Hk/s/C queueing system employing PBS mechanism. High and low priority packet loss probabilities, and mean lengths of non-critical and critical periods are computed, and presented graphically. This analysis is useful in dimensioning the priority-based asynchronous router with self-similar traffic input.

Detection of Distributed Denial of Service Flooding Attack Using Odds Ratio

Computer networks are vulnerable to many types of attacks while the Distributed Denial of Service attack (DDoS) serves as one of the top concerns for security professionals. The DDoS flooding attack denies the services by consuming the server resources to prevent the legitimate users from using their desired services. The hardness of detecting this attack lies in sending a stream of packets to the server with spoofed IP addresses, so that the internet routing infrastructure cannot distinguish the spoofed packets. Based on the odds ratio (OR) statistical measurement, in this work we propose a new detection method for the DDoS flooding attacks. By exploring the odds ratio to determine the risk factor of any incoming traffic to the server, the legitimate and attack traffic packets can be easily differentiated. Experimental results demonstrate the efficiency of the presented detection method in terms of its detection probability and detection time.

A Location Based Energy Proficient Path Routing for Internet of Things and Its Applications

The Internet of Things (IoT) is an establishment with sensors, base station, gateway, and network servers. IoT is an efficient and intellectual system that minimizes human exertion as well as right to use to real devices. This method also has an autonomous control property by which any device can control without any human collaboration. IoT-based automation has become very reasonable and it has been applied in several sectors such as manufacturing, transport, health care, consumer electronics, etc. In WSN’s smaller energy consumption sensors are expected to run independently for long phases. So much ongoing researches on implementing routing protocols for IoTbased WSNs.Energy consciousness is an essential part of IoT based WSN design issue. Minimalizing Energy consumption is well-thought-out as one of the key principles in the Expansion of routing protocols for the Internet of things. In this paper, we propose a Location based Energy efficient path routing for Internet of things and its applications its sensor position and clustering based finding the shortest path and real time implementation of Arduino based wireless sensor network architecture with the ESP8266 module. Finally, analyze the principles of Location-based energy-efficient routing and performance of QoS parameters, and then implemented automatic gas leakage detection and managing system.

Determination of components of route hijack risk by Internet connections topology analysis

The possibility of dynamic routes change between nodes that are not physically connected is a key feature of the Internet routing. The exterior gateway protocol BGP‑4 has been developed to deliver this feature, along with policies and procedures of inter-domain routing. Developed for the network of hundreds nodes that rely on information from each other, after decades BGP-4 is still the same with tens thousands nodes and its crucial lack of routing data integrity. One of the most significant problems deriving from its weaknesses is route leaks and route hijacks. None of the proposed and partially implemented upgrades and add-ons like MANRS and RPKI can not deliver reliable defense against those types of attacks. In this paper, the approach of risk assessment via internetworking links analysis is developed. Although modern information security is based on risk management, in this paper it is proposed to mitigate route hijack risks by enhancing links topology. Estimating the risks of route hijack requires quantitative measurement of the impact of an attack on the routing distortion, and therefore, the loss of information security breach. For this assessment, this paper proposes to use knowledge of the features of the Internet topology at the layer of global routing, which is determined by the interaction of autonomous systems - groups of subnets under common control - according to the routing protocol BGP-4. Based on our formal representation of IP routing, the relationship between topology and the risk of route hijack is shown. A new approach to quantifying information risk using a new risk-oriented model of global routing, which will reflect the properties of Internet nodes in terms of the risk of routes hijack.

Atom search sunflower optimization for trust‐based routing in internet of things

AbstractInternet of Things (IoT) is a ubiquitous network that assists the system to monitor and organize the world by processing, collection, and analysis of produced data by IoT nodes. The IoT is susceptible to numerous attacks, wherein the sinkhole attack is the most destructive one, which affects the communication amongst network devices. The security of the IoT is affected due to the lack of dynamic network topology, centralized control, and network communications, so that the trust‐based routing is important. The conventional trust‐based routing strategies are ineffective to offer protection against attack and thus, trust management remains a major challenge in routing. This paper proposes a novel technique namely Atom Search Sunflower Optimization (ASSFO) for providing trust‐based routing in IoT network. The proposed ASSFO is designed by incorporating Sunflower Optimization (SFO) in Atom Search Optimization (ASO). The method utilizes several trust factors for determining and isolating attacks while optimizing the performance of the network. The trust factors considered in the method include indirect trust, recent trust, integrity factor, direct trust, and availability factor. Moreover, the trusted nodes are selected using the trust factor and further used for secure routing using the proposed ASSFO algorithm. The proposed ASSFO outperformed other methods with maximal energy of 0.908, maximal trust of 0.845, maximal PDR of 0.907, and maximal throughput of 0.909.

Побудова та візуалізація нової ризикорієнтованої моделі глобальної маршрутизації в комп’ютерній мережі Інтернет

Побудова та візуалізація нової ризикорієнтованої моделі глобальної маршрутизації в комп’ютерній мережі Інтернет

Pandemic accelerates supply chain shift

Input queued switch is the most preferred switching fabric at various high speed switching systems such as data-center switches and Internet routers. In this paper, we reviewed various ground-breaking scheduling algorithms for input queued switches from the last two decades. It includes several classes of algorithms such as Maximum Weight Matching, Maximum Size Matching, Maximal Matching, Iterative, Randomized, Frame-based and Flow-based arbitration schemes. The throughput-delay performance of all the algorithms is discussed with various traffic patterns. The computational complexity of the algorithms is compared to understand the suitability of these algorithms in high-speed switching systems.

Handling risks from intercepting a route on the internet using a risk-oriented global routing model

Global routing incidents have increasingly occurred in recent years, becoming a new large-scale cyber threat. Cyberattacks on global internet routing are used to unauthorizedly change package forwarding paths in order to intercept information, destabilize whole or part of the network, disrupt access to certain information resources, etc. The mechanisms of these cyberattacks are aimed at imposing on the subjects of global routing a misconception about the topology of the network in the absence of mechanisms for validation of this information in the global routing protocol BGP-4. In any case, a complete replacement should not be expected in the coming decade. Thus, the problem of information security during firewall exchange requires a new methodology. The methodology proposed in the article is based on the analysis of internet topology, subjects, objects and processes of global routing, as well as risk management, which is a modern approach in information security. The owner of the risk has been identified, the risks themselves have been identified. New metrics have been introduced to assess the risk of intercepting routes – trust metrics and metrics of significance. As a result, a risk-oriented model of global routing is obtained, describing the relationship of Internet nodes in terms of the risk of route interception. This allows you to simulate the most effective topology, where the effectiveness criterion is risk assessment as a measure of information security. The article demonstrates the practical results of the use of risk-oriented models of global routing for the assessment and modeling of inter-network relations in the Ukrainian segment of the Internet.