{"title":"针对MPLS实时网络的业务降级攻击分析","authors":"Abdulrahman Al-Mutairi, S. Wolthusen","doi":"10.1109/ISSA.2013.6641057","DOIUrl":null,"url":null,"abstract":"While the robustness of the communication network infastructure against attacks on the integrity of backbone protocols such as the Border Gateway Protocol (BGP) and MultiProtocol Label Switching (MPLS) protocols has been the subject of significant earlier work, more limited attention has been paid to the problem of availability and timeliness that is crucial for service levels needed in areas such as some financial services and particularly for the interconnection of smart grid components requiring hard real-time communication which are not necessarily over completely isolated networks. In such networks, an adversary will be successful if a targeted flow or set of flows no longer meets CoS and QoS boundaries, particularly delay and jitter, even where no outright compromise of either the flow itself or the control flow is achieved. The attacker's objective can be accomplished by interfering with the operation of the control signalling protocol, but also by influencing the policy of MPLS nodes and the mitigation mechanisms itself. In this paper we therefore describe an adversary model and analysis of attacks based on manipulation of Label Distribution Protocol (LDP) messages for the purpose of affecting the required (QoS) and Class of Service (CoS) for a targeted traffic where the adversary may intentionally modify the policy state of LSRs that the targeted traffic passes though.","PeriodicalId":300864,"journal":{"name":"2013 Information Security for South Africa","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An analysis of service degradation attacks against real-time MPLS networks\",\"authors\":\"Abdulrahman Al-Mutairi, S. Wolthusen\",\"doi\":\"10.1109/ISSA.2013.6641057\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"While the robustness of the communication network infastructure against attacks on the integrity of backbone protocols such as the Border Gateway Protocol (BGP) and MultiProtocol Label Switching (MPLS) protocols has been the subject of significant earlier work, more limited attention has been paid to the problem of availability and timeliness that is crucial for service levels needed in areas such as some financial services and particularly for the interconnection of smart grid components requiring hard real-time communication which are not necessarily over completely isolated networks. In such networks, an adversary will be successful if a targeted flow or set of flows no longer meets CoS and QoS boundaries, particularly delay and jitter, even where no outright compromise of either the flow itself or the control flow is achieved. The attacker's objective can be accomplished by interfering with the operation of the control signalling protocol, but also by influencing the policy of MPLS nodes and the mitigation mechanisms itself. In this paper we therefore describe an adversary model and analysis of attacks based on manipulation of Label Distribution Protocol (LDP) messages for the purpose of affecting the required (QoS) and Class of Service (CoS) for a targeted traffic where the adversary may intentionally modify the policy state of LSRs that the targeted traffic passes though.\",\"PeriodicalId\":300864,\"journal\":{\"name\":\"2013 Information Security for South Africa\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-10-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 Information Security for South Africa\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISSA.2013.6641057\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 Information Security for South Africa","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSA.2013.6641057","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An analysis of service degradation attacks against real-time MPLS networks
While the robustness of the communication network infastructure against attacks on the integrity of backbone protocols such as the Border Gateway Protocol (BGP) and MultiProtocol Label Switching (MPLS) protocols has been the subject of significant earlier work, more limited attention has been paid to the problem of availability and timeliness that is crucial for service levels needed in areas such as some financial services and particularly for the interconnection of smart grid components requiring hard real-time communication which are not necessarily over completely isolated networks. In such networks, an adversary will be successful if a targeted flow or set of flows no longer meets CoS and QoS boundaries, particularly delay and jitter, even where no outright compromise of either the flow itself or the control flow is achieved. The attacker's objective can be accomplished by interfering with the operation of the control signalling protocol, but also by influencing the policy of MPLS nodes and the mitigation mechanisms itself. In this paper we therefore describe an adversary model and analysis of attacks based on manipulation of Label Distribution Protocol (LDP) messages for the purpose of affecting the required (QoS) and Class of Service (CoS) for a targeted traffic where the adversary may intentionally modify the policy state of LSRs that the targeted traffic passes though.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
