liu.seSearch for publications in DiVA
Change search
Link to record
Permanent link

Direct link
BETA
Hiran, Rahul
Publications (5 of 5) Show all publications
Hiran, R., Carlsson, N. & Shahmehri, N. (2016). Does Scale, Size, and Locality Matter?: Evaluation of Collaborative BGP Security Mechanisms. In: 2016 IFIP NETWORKING CONFERENCE (IFIP NETWORKING) AND WORKSHOPS: . Paper presented at IFIP Networking Conference (IFIP Networking) and Workshops, Vienna, Austria, May 2016 (pp. 261-269). IEEE
Open this publication in new window or tab >>Does Scale, Size, and Locality Matter?: Evaluation of Collaborative BGP Security Mechanisms
2016 (English)In: 2016 IFIP NETWORKING CONFERENCE (IFIP NETWORKING) AND WORKSHOPS, IEEE , 2016, p. 261-269Conference paper, Published paper (Refereed)
Abstract [en]

The Border Gateway Protocol (BGP) was not designed with security in mind and is vulnerable to many attacks, including prefix/subprefix hijacks, interception attacks, and imposture attacks. Despite many protocols having been proposed to detect or prevent such attacks, no solution has been widely deployed. Yet, the effectiveness of most proposals relies on largescale adoption and cooperation between many large Autonomous Systems (AS). In this paper we use measurement data to evaluate some promising, previously proposed techniques in cases where they are implemented by different subsets of ASes, and answer questions regarding which ASes need to collaborate, the importance of the locality and size of the participating ASes, and how many ASes are needed to achieve good efficiency when different subsets of ASes collaborate. For our evaluation we use topologies and routing information derived from real measurement data. We consider collaborative detection and prevention techniques that use (i) prefix origin information, (ii) route path updates, or (iii) passively collected round-trip time (RTT) information. Our results and answers to the above questions help determine the effectiveness of potential incremental rollouts, incentivized or required by regional legislation, for example. While there are differences between the techniques and two of the three classes see the biggest benefits when detection/prevention is performed close to the source of an attack, the results show that significant gains can be achieved even with only regional collaboration.

Place, publisher, year, edition, pages
IEEE, 2016
National Category
Computer Sciences Communication Systems
Identifiers
urn:nbn:se:liu:diva-129430 (URN)10.1109/IFIPNetworking.2016.7497237 (DOI)000383224900030 ()978-3-9018-8283-8 (ISBN)
Conference
IFIP Networking Conference (IFIP Networking) and Workshops, Vienna, Austria, May 2016
Available from: 2016-06-19 Created: 2016-06-19 Last updated: 2018-01-10
Hiran, R., Carlsson, N. & Shahmehri, N. (2015). Crowd-based Detection of Routing Anomalies on the Internet. In: Proc. IEEE Conference on Communications and Network Security (IEEE CNS), Florence, Italy, Sept. 2015.: . Paper presented at Proc. IEEE Conference on Communications and Network Security (IEEE CNS), Florence, Italy, Sept. 2015. (pp. 388-396). IEEE Computer Society Digital Library
Open this publication in new window or tab >>Crowd-based Detection of Routing Anomalies on the Internet
2015 (English)In: Proc. IEEE Conference on Communications and Network Security (IEEE CNS), Florence, Italy, Sept. 2015., IEEE Computer Society Digital Library, 2015, p. 388-396Conference paper, Published paper (Refereed)
Abstract [en]

The Internet is highly susceptible to routing attacks and there is no universally deployed solution that ensures that traffic is not hijacked by third parties. Individuals or organizations wanting to protect themselves from sustained attacks must therefore typically rely on measurements and traffic monitoring to detect attacks. Motivated by the high overhead costs of continuous active measurements, we argue that passive monitoring combined with collaborative information sharing and statistics can be used to provide alerts about traffic anomalies that may require further investigation. In this paper we present and evaluate a user-centric crowd-based approach in which users passively monitor their network traffic, share information about potential anomalies, and apply combined collaborative statistics to identify potential routing anomalies. The approach uses only passively collected round-trip time (RTT) measurements, is shown to have low overhead, regardless if a central or distributed architecture is used, and provides an attractive tradeoff between attack detection rates (when there is an attack) and false alert rates (needing further investigation) under normal conditions. Our data-driven analysis using longitudinal and distributed RTT measurements also provides insights into detector selection and the relative weight that should be given to candidate detectors at different distances from the potential victim node.

Place, publisher, year, edition, pages
IEEE Computer Society Digital Library, 2015
National Category
Communication Systems
Identifiers
urn:nbn:se:liu:diva-129426 (URN)10.1109/CNS.2015.7346850 (DOI)000380401800048 ()978-1-4673-7876-5 (ISBN)
Conference
Proc. IEEE Conference on Communications and Network Security (IEEE CNS), Florence, Italy, Sept. 2015.
Available from: 2016-06-19 Created: 2016-06-19 Last updated: 2017-03-16
Hiran, R., Carlsson, N. & Shahmehri, N. (2014). PrefiSec: A Distributed Alliance Framework for Collaborative BGP Monitoring and Prefix-based Security. In: Proc. ACM CCS Workshop on Information Sharing and Collaborative Security (ACM WISCS @CCS): . Paper presented at Proc. ACM CCS Workshop on Information Sharing and Collaborative Security (ACM WISCS @CCS), Scottsdale, AZ, Nov. 2014. (pp. 3-12). ACM Digital Library
Open this publication in new window or tab >>PrefiSec: A Distributed Alliance Framework for Collaborative BGP Monitoring and Prefix-based Security
2014 (English)In: Proc. ACM CCS Workshop on Information Sharing and Collaborative Security (ACM WISCS @CCS), ACM Digital Library, 2014, p. 3-12Conference paper, Published paper (Refereed)
Abstract [en]

This paper presents the design and data-driven overhead analysis of PrefiSec, a distributed framework that helps collaborating organizations to effectively maintain and share network information in the fight against miscreants. PrefiSec is a novel distributed IP-prefix-based solution, which maintains information about the activities associated with IP prefixes (blocks of IP addresses) and autonomous systems (AS). Within PrefiSec, we design and evaluate simple and scalable mechanisms and policies that allow participating entities to effectively share network information, which helps to protect against prefix/subprefix attacks, interception attacks, and a wide range of edge-based attacks, such as spamming, scanning, and botnet activities. Timely reporting of such information helps participants improve their security, keep their security footprints clean, and incentivizes participation. Public wide-area BGP-announcements, traceroutes, and simulations are used to estimate the overhead, scalability, and alert rates. Our results show that PrefiSec helps improve system security, and can scale to large systems.

Place, publisher, year, edition, pages
ACM Digital Library, 2014
Keywords
BGP Monitoring; Prefix-based Security; Collaboration; Distributed Alliance Framework; Interception; Hijack
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-118733 (URN)10.1145/2663876.2663879 (DOI)978-1-4503-3151-7 (ISBN)
Conference
Proc. ACM CCS Workshop on Information Sharing and Collaborative Security (ACM WISCS @CCS), Scottsdale, AZ, Nov. 2014.
Available from: 2015-06-03 Created: 2015-06-03 Last updated: 2018-01-11
Hiran, R., Carlsson, N. & Gill, P. (2013). Characterizing Large-scale Routing Anomalies: A Case Study of the China Telecom Incident. In: Matthew Roughan, Rocky Chang (Ed.), Passive and Active Measurement: . Paper presented at 14th International Conference on Passive and Active Measurement, PAM 2013; Hong Kong; China (pp. 229-238). Springer Berlin/Heidelberg
Open this publication in new window or tab >>Characterizing Large-scale Routing Anomalies: A Case Study of the China Telecom Incident
2013 (English)In: Passive and Active Measurement / [ed] Matthew Roughan, Rocky Chang, Springer Berlin/Heidelberg, 2013, p. 229-238Conference paper, Published paper (Refereed)
Abstract [en]

China Telecom’s hijack of approximately 50,000 IP prefixes in April 2010 highlights the potential for traffic interception on the Internet. Indeed, the sensitive nature of the hijacked prefixes, including US government agencies, garnered a great deal of attention and highlights the importance of being able to characterize such incidents after they occur. We use the China Telecom incident as a case study, to understand (1) what can be learned about large-scale routing anomalies using public data sets, and (2) what types of data should be collected to diagnose routing anomalies in the future. We develop a methodology for inferring which prefixes may be impacted by traffic interception using only control-plane data and validate our technique using data-plane traces. The key findings of our study of the China Telecom incident are: (1) The geographic distribution of announced prefixes is similar to the global distribution with a tendency towards prefixes registered in the Asia-Pacific region, (2) there is little evidence for subprefix hijacking which supports the hypothesis that this incident was likely a leak of existing routes, and (3) by preferring customer routes, providers inadvertently enabled interception of their customer’s traffic.

Place, publisher, year, edition, pages
Springer Berlin/Heidelberg, 2013
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 7799
Keywords
Measurement, Routing, Security, Border Gateway Protocol
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:liu:diva-92564 (URN)10.1007/978-3-642-36516-4_23 (DOI)978-3-642-36515-7 (ISBN)978-3-642-36516-4 (ISBN)
Conference
14th International Conference on Passive and Active Measurement, PAM 2013; Hong Kong; China
Available from: 2013-05-12 Created: 2013-05-12 Last updated: 2018-01-30Bibliographically approved
Shahmehri, N., Byers, D. & Hiran, R. (2011). TRAP: Open Decentralized Distributed Spam Filtering. In: Furnell, Steven; Lambrinoudakis, Costas; Pernul, Günther (Ed.), Trust, Privacy and Security in Digital Business: (pp. 86-97). Berlin / Heidelberg: Springer
Open this publication in new window or tab >>TRAP: Open Decentralized Distributed Spam Filtering
2011 (English)In: Trust, Privacy and Security in Digital Business / [ed] Furnell, Steven; Lambrinoudakis, Costas; Pernul, Günther, Berlin / Heidelberg: Springer , 2011, p. 86-97Chapter in book (Refereed)
Abstract [en]

Spam is a significant problem in the day-to-day operations of large networks and information systems, as well as a common conduit for malicious software. The problem of detecting and eliminating spam remains of great interest, both commercially and in a research context. In this paper we present TRAP, a reputation-based open, decentralized and distributed system to aid in detecting unwanted e-mail. In TRAP, all participants are equal, all participants can see how the system works, and there is no reliance on any member or subset of members. This paper outlines the TRAP system itself and shows, through simulation, that the fundamental component of TRAP, a distributed low-overhead trust management system, is efficient and robust under the normal conditions present on the Internet.

Place, publisher, year, edition, pages
Berlin / Heidelberg: Springer, 2011
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 6863
Keywords
reputation; trust; spam; electronic mail
National Category
Engineering and Technology
Identifiers
urn:nbn:se:liu:diva-71709 (URN)10.1007/978-3-642-22890-2_8 (DOI)978-3-642-22889-6 (ISBN)
Available from: 2011-11-01 Created: 2011-11-01 Last updated: 2014-06-24Bibliographically approved
Organisations

Search in DiVA

Show all publications