The Internet has witnessed an enormous growth over the last decade and has become ubiquitous. Most of the research focus in the past has been on improving the performance and scalability of the Internet. In the past decade or so, there have a seen a surge of Internet security research activities in the field of “information security,” which primarily focused on protecting the information exchange between communicating users; and its primary goal is to satisfy properties such as confidentiality, integrity, authenticity, and non-repudiation using techniques such as encryption, digital signatures, and the public-key infrastructure.
However, information security assumes that the devices responsible for implementing security functions and packet forwarding are trustworthy. Experts are now questioning these assumptions, as instances have taken place wherein the network infrastructure elements -- routers, servers, protocols -- were misconfigured or compromised to the extent that it caused service noticeable disruptions in the Internet. Moreover, the growing concerns for “cyber terrorism” highlight the importance of securing the Internet infrastructure.
Internet infrastructure security is about protecting infrastructure elements such as routers, DNS servers, communication links, and the protocols themselves. Several infrastructure security solutions have been and/or are being developed, such as firewalls, intrusion detection systems, denial of service (DoS) prevention, DoS mitigation, and DoS traceback schemes, secure Internet protocols, and wireless infrastructure security solutions.
The goal of this tutorial is to provide a comprehensive understanding of the issues and solutions in the emerging area of Internet Infrastructure Security. Specifically, this tutorial discusses a taxonomy of attacks, a taxonomy of countermeasures and their implementation methods. The tutorial also discusses issues such as performance, scalability, deployability, and high speed implementations for several countermeasures.
The tutorial is made self-contained to provide a comprehensive understanding of issues and solutions, based on recent research articles, journal and conference papers, and relevant IETF drafts. This tutorial is beneficial to security researchers, practitioners, students, and to a limited extent to policy makers. The listeners of this tutorial are expected to have basic knowledge in the operation of the Internet.
Module I: A Taxonomy of Internet Infrastructure Attacks
Module 1a: Information Security vs. Infrastructure Security
Module 1b: DNS Attacks, Internet Worms
Module 1c: Routing Attacks, DoS Attacks
Module II: DoS/DDoS Attacks and Countermeasures
Module 2a: DoS Prevention
Module 2b: DoS Mitigation
Modules 2c, 2d, 2e: DoS Traceback
Module III: Routing Attacks and Countermeasures
Module 3a: Introduction to Routing Attacks
Module 3b: Link State Protocol Attacks and Countermeasures
Module 3c: Distance Vector Protocol Attacks and Countermeasures
Modules 3d, 3e: Path Vector (BGP) Protocol Attacks and Countermeasures
Module IV: Wireless Infrastructure Security
Module 4a: Wireless LAN Security
Module 4b: Mobile Adhoc Networks Security
Module 4c: Sensor Networks Security
Total presentation time: 5 hours 15 minutes; plus 5 minutes preview
Total number of slides: 215 slides; plus 5 preview slides
.gif){kind=spacer}
.gif){kind=spacer}
Available for purchase at US$50 for Communications Society Members and US$250 for Non-Members.