Skip to main content
SpringerLink
Log in

A high availability internetwork capable of accommodating compromised routers

  • Published:
BT Technology Journal

Abstract

It is a myth the Internet has been designed to withstand a denial of service attack. At the BlackHat 2005 conference it was shown that potential attacks against routers are far from hypothetical. These attacks are about compromising the integrity of routers and hence the Internet. Current TCP/IP protocols, even including IPsec, do not have the resilience to deal with routers taken over by the adversary. Indeed, IPsec only provides point-to-point cryptography–hence if a point is compromised, it fails.

We survey the research done in the area of how to communicate reliably and/or privately in the presence of different types of adversary, particularly denial of service attacks against nodes/routers. Evidently, if the adversary can control all nodes (routers) in the network, no solution exists. The nodes that can be attacked by the adversary can be described using a threshold, or by what is called an adversary structure. The types of network in question can be point-to-point or broadcast/multicast.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Joint Economic Committee United States Congress: ’Security in the information age: new challenges, new strategies’, (2002).

  2. Zetter K: ’Cisco security hole a whopper’, (July 2005) — http://www.wired.com/news/privacy/0,1848,68328,00.html?tw=wn tophead 2

  3. Kuehl D: ’Defining information power’, Strategic Forum, (115), June 1997.

  4. Dolev D: ’The Byzantine generals strike again’, Journal of Algorithms, 3, pp 14–30 (1982).

    Article  MATH  MathSciNet  Google Scholar 

  5. Hadzilacos V: ’Issues of Fault Tolerance in Concurrent Computations’, PhD thesis, Harvard University, Cambridge, Massachusetts (1984).

    Google Scholar 

  6. Burmester M and Desmedt Y: ’Secure communication in an unknown network using certificates’, in Lam K L, Okamoto E and Xing C (Eds): ’Advances in Cryptology’, Asiacrypt ’99, Proceedings Lecture Notes in Computer Science, LNCS 1716, pp 274–287, Springer-Verlag, Singapore (November 1999).

    Google Scholar 

  7. Dolev D, Dwork C, Waarts O and Yung M: ’Perfectly secure message transmission’, Journal of the ACM, 40, No 1, pp 17–47 (January 1993).

    Article  MATH  MathSciNet  Google Scholar 

  8. Franklin M and Yung M: ’Secure hypergraphs: Privacy from partial broadcast’, SIAM J Discrete Math, 18, No 3, pp 437–450 (2004).

    Article  MATH  MathSciNet  Google Scholar 

  9. Franklin M K and Yung M: ’Secure hypergraphs: Privacy from partial broadcast’, in Proceedings of the twenty seventh annual ACM Symp, Theory of Computing, STOC, pp 36–44 (1995).

  10. Desmedt Y, Wang Y, Safavi-Naini R and Wang H: ’Radio networks with reliable communication’, in Wang L (Ed): ‘Computing and Combinatorics’, 11th Annual International Conference, COCOON, Proceedings, Lecture Notes in Computer Science, LNCS 3595, Kunming, Yunnan, China, pp 156–166 (August 2005).

  11. Lerner E L: ’Electromagnetic pulses: potential crippler’, IEEE Spectrum, 18, No 5, pp 41–46 (May 1981).

    Google Scholar 

  12. Teller E: ’Electromagnetic pulses from nuclear explosions’, IEEE Spectrum, pp 65 (October 1982).

  13. Kautz W H and Singleton R C: ’Nonrandom binary superimposed codes’, IEEE Tr Inform Theory, 10, No 4, pp 363–377 (1964).

    Article  MATH  Google Scholar 

  14. Desmedt Y, Safavi-Naini R, Wang H, Batten L, Charnes C and Pieprzyk J: ’Broadcast anti-jamming systems’, Computer Networks, 35, Nos 2—3, pp 223–236 (February 2001).

    Article  Google Scholar 

  15. Hirt M and Maurer U: ’Player simulation and general adversary structures in perfect multiparty computation’, Journal of Cryptology, 13, No 1, pp 31–60 (2000).

    Article  MATH  MathSciNet  Google Scholar 

  16. Ito M, Saito A and Nishizeki T: ’Secret sharing schemes realizing general access structures’, in Proc IEEE Global Telecommunications Conf, Globecom’87, IEEE Communications Society Press, pp 99–102 (1987).

  17. Kumar M, Goundan P, Srinathan K and Rangan C: ’On perfectly secure communication over arbitrary networks’, in Proceedings of the Annual ACM Symposium on Principles of Distributed Computing (PODC), pp 193–202 (2002).

  18. Franklin M and Wright R: ’Secure communication in minimal connectivity models’, in Nyberg K (Ed): ’Advances in Cryptology’, Eurocrypt ’98, Proceedings, Lecture Notes in Computer Science, LNCS 1403, pp 346–360, Springer-Verlag, Espoo, Finland (May–June 1998).

    Chapter  Google Scholar 

  19. Farmer S: Question asked during the IEE seminar on Signal Processing Solutions for Homeland Security, (October 2005).

  20. Desmedt Y and Wang Y: ’Perfectly secure message transmission revisite’, in Knudsen L (Ed): ’Advances in Cryptology’, Eurocrypt 2002, Proceedings, Lecture Notes in Computer Science, LNCS 2332, pp 502–517, Springer-Verlag, Amsterdam, The Netherlands (April–May 2002).

    Google Scholar 

  21. Wang Y and Desmedt Y: ’Perfectly secure message transmission revisited’, Unpublished.

  22. Srinathan K and Rangan C P: ’(Im)possibility and complexity of probabilistic reliable communications in directed networks’, in Proceedings of the Annual ACM Symposium on Principles of Distributed Computing (PODC) (2006).

  23. Desmedt Y, Wang Y and Burmester M: ’A complete characterization of tolerable adversary structures for secure point-to-point transmissions without feedback’, in Deng X and Du D (Eds): ’Algorithms and Computation’, 16th Annual International Conference, ISAAC 2005, Lecture Notes in Computer Science, LNCS 3827, Sanya, Hainan, China, pp 277–287 (December 2005).

  24. Burmester M and Desmedt Y: ’Is hierarchical public-key certification the next target for hackers?’, Communications of the ACM, 47, No 8, pp 68–74 (August 2004).

    Article  Google Scholar 

  25. Wang Y and Desmedt Y: ’Secure communication in broadcast channels’, Journal of Cryptology, 14, No 2, pp 121–135 (2001).

    Article  MATH  MathSciNet  Google Scholar 

  26. Wang Y and Desmedt Y: ’Secure communication in broadcast channels’, in Stern J (Ed): ’Advances in Cryptology’, Eurocrypt ’99, Proceedings, Lecture Notes in Computer Science, LNCS 1592, pp 446–458, Springer-Verlag, Prague, Czech Republic (May 1999).

    Google Scholar 

  27. Desmedt Y: ’Unconditionally private and reliable communication in an untrusted network’, in IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security, Proceedings, pp 38–41, Awaji Island, Japan (October 2005).

  28. Beimel A and Franklin M K: ’Reliable communication over partially authenticated networks’, in Mavronicolas M and Tsigas P (Eds): ’Distributed Algorithms’, 11th International Workshop, WDAG ’97, Lecture Notes in Computer Science, LNCS 1320, pp 245–259, Springer-Verlag, Saarbrucken, Germany (September 1997).

    Google Scholar 

  29. Beimel A and Malka L: ’Efficient reliable communication over partially authenticated networks’, Distributed Computing, in press (2005).

  30. Wright R N, Lincoln P and Millen J K: ’Efficient fault-tolerant certificate revocation’, in ACM Conference on Computer and Communications Security, pp 19–24 (2000).

Download references

Authors
  1. Y. Desmedt
    View author publications

    You can also search for this author in PubMed Google Scholar

About this article

Cite this article

Desmedt, Y. A high availability internetwork capable of accommodating compromised routers. BT Technol J 24, 77–83 (2006). https://doi.org/10.1007/s10550-006-0079-9

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10550-006-0079-9

Keywords

Search

Navigation