Intrusion Monitoring of LinkState Routing Protocols

1
Intrusion Monitoring of Link-StateRouting
Protocols

• Akshay Aggarwal
• Poornima Balasubramanyam
• Karl Levitt
• Computer Security Laboratory
• Department of Computer Science
• UCDavis

2
Outline Part 1

• Application to OSPF routing protocol
• Augmented OSPF
• Betweenness centrality computation
• Sample Topology
• Ongoing work

3
Application to OSPF Routing

• OSPF NOW
• At each router participating in OSPF Link-State
  Routing, the router employs the Dijkstra SPF Alg.
  and determines the shortest path tree originating
  at that router
• Every link update received by router results in
  SPF algorithm execution
• Employing a Fibonacci heap sort, algorithm
  executes in O(enlog(n)) time for e edges and n
  nodes

4

• OSPF AUGMENTED
• Modified Definition of Betweenness Centrality
• Centrality of a node is determined with
• respect to root router of SPF tree
• Advantages
• Each router independently computes betweenness
  centrality indices of other routers in its
  routing network
• Each router can adopt independent response
  decisions based on this metric

5

• Betweenness Centrality Computation
• Piggyback betweenness centrality computation
  within Dijkstra SPF algorithm at each router
  executing OSPF, for all routers in the routing
  network
• Order of computational time requirements for
• determining this index remain UNCHANGED from
• existing Dijkstra computation, i.e.,
  O(enlogn) at each router

6
Augmented Dijkstras SPF Algorithm

• Given a graph with n nodes, find a shortest path
  tree from source node S
• S Source node
• E set of evaluated nodes for which shortest
  paths are known
• R set of remaining nodes, Vi
• O ordered list of paths
• C_B(V_i), i 1,.., n / Centrality index of all
  nodes, V_i, with respect to source node, S /
• Step 1
• C_B(V_i) 0
• E S
• R V_1, V_2, , V_(n-1)
• O set of 1-edge paths starting from S
• P_1, P_2, , P_i / Each path has
  a cost corresponding to the link
• 
  metric, and the paths are sorted by increasing
• 
  metrics /
• Step 2
• if O Ø or if metric(P_1) 8 / All
  paths have been considered, or the first path has
  infinite metric /
• mark all remaining nodes in R as
  unreachable

7
Augmented Dijkstras SPF Algorithm contd.

• Step 3
• Let V last node in P_1
• If V ? E , go to Step 2
• else P_1 is the shortest path to V
• Move V from R to E
• Increment C_B(V_i) for all V_i ? path
  P_1, where V_i ? S or V / Centrality index is
• 
  
  incremented for all nodes
• 
  
  in the path between
• 
  
  S and V /
• Step 4
• Build new set of paths by concatenating
  P_1 with each of the new edges from V
• Cost of the new paths cost of P link
  metric of new edge
• Insert new links in O, while sorting O
• Go to Step 2

8
Initial Network Topology
C
B
4
A
2
3
D
Topology after Link FE fails
1
3
6
2
2
2
G
F
E
C
B
4
2
A
3
D
1
3
6
Topology after Link GF fails
2
2
2
G
E
F
9

2. Link FE Failure
F
D
E
Node B has more control of the network Node
F is more isolated
10

• Ongoing Work
• Augmented current link-state algorithm
  (rtProtoLS) implemented in network simulator,
  ns-2, to incorporate centrality computations and
  perform comparative performance analysis on this
  augmented algorithm
• Running simulations on ns-2 for realistic
  network scenarios to test validity of centrality
  indices for various cases of spatial and temporal
  as well as random and correlated link failures

11
Outline Part 2 Simulation Results

• Requirements of betweenness centrality
  calculation
• Simulator choice and reasons
• Test topologies and derived results
• Issues with simulation
• Conclusion

12
Requirements of betweeness centrality calculation

• Need to maintain state of all the shortest paths
  from a given node.All hops along the path need
  to be maintained to calculate their betweenness
• An efficient method of calculation of the
  centralitypiggybacking of calculation on
  shortest path calculation

13
NS

• Reasons used
• In-house expertise
• An implementation of linkstate available
• A popular simulator among networking researchers
• Proof of concept prototype development
• Open to use of any suitable simulator for future
  work

14
Topology 1

• 23 nodes
• All links are duplex
• Cost of links between
• node 0 node 1 10
• node 4 node 5 10
• node 2 node 3 variable
• All other links cost 1

15
Topology 1
16
Results Topology 1
17
Topology 2
18
Results Topology 2
19
Topolgy 3

• 24 nodes
• All links duplex
• Cost of links between node pairs
• (2,3) (3,5) (2,4) (4,5) (0,2) (13,16) 2
• (9,19) 6
• (0,1) variable
• All other links cost 1

20
Topology 3
21
Results Topology 3
22
Issues With NS

• Linkstate documentation non-existent
• Extensive use of STL makes linkstate inefficient
• State for the paths not maintained

23
Other Issues

• Stable view of OSPF centrality is difficult to
  obtain heuristic needed to determine the
  stability of the centrality
• Method of dealing with multiple equal shortest
  paths needed

24
Conclusion

• Demonstrated that the betweenness centrality
  index is an important metric for security and
  traffic flow.
• Can be calculated by piggybacking onto the
  calculation of the OSPF shortest path.

25
Contact Information

• Akshay Aggarwal
• aggarwal_at_cs.ucdavis.edu
• Poornima Balasubramanyam
• poornima_at_cs.ucdavis.edu