| Presentation | 2014/6/26 A Proposal of Multi-Layer-Binding Router to Prevent Cyber-Attacks, and its Implementation and Evaluation using OpenFlow HIROSHI KOBAYASHI, HIROFUMI YAMAKI, YUKI SUEHIRO, YOICHIRO UENO, KAORU SANO, RYOICHI SASAKI, |
|---|---|
| PDF Download Page | PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | An architecture of a multi-layer-binding router (MLBR) that aims for preventing outflow and inflow of IP spoofing packets or cyber-attack packets to the Internet is proposed. It consists of the following functions; (1) When a node or entity requests connection, an MLBR judges its authenticity and authenticates it, and then decides the quality of service (QoS) to be offered according to the authenticity level. (2) the MLBR registers the pair of the IP and the MAC addresses of the node or entity into a binding table, using the connection requested port or channel as the key of the entry. (3) When the MLBR receives a packet, it searches the binding table using the port or channel that received the packet as the key. If the pair of source the IP and the MAC addresses exists on the table, the MLBR forwards the packet to the next-hop node at the assigned QoS. If not, the MLBR discards the packet regarding it as a spoofed IP packet. (4) After receiving destruction requests from other nodes, the MLBR discards the corresponding attack packets. (5) Cyber-attack packet outflow and inflow to the Internet are prevented by deploying an egress MLBR to user side and an ingress MLBR to the Internet side. A small-size test-bed using OpenFlow was constructed. Certification processing experiment by ARP reflection for IEEE802.1X non-compliant node such as TV, interception experiment of IP spoofing packets using SYN-flood attack tool, and performance evaluation of OpenFlow switch were performed. As a result, it was confirmed that it exerts the expected function and performance. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | |
| Paper # | |
| Date of Issue |
| Conference Information | |
| Committee | ICSS |
|---|---|
| Conference Date | 2014/6/26(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information and Communication System Security (ICSS) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A Proposal of Multi-Layer-Binding Router to Prevent Cyber-Attacks, and its Implementation and Evaluation using OpenFlow |
| Sub Title (in English) | |
| Keyword(1) | |
| 1st Author's Name | HIROSHI KOBAYASHI |
| 1st Author's Affiliation | Tokyo Denki University() |
| 2nd Author's Name | HIROFUMI YAMAKI |
| 2nd Author's Affiliation | Tokyo Denki University |
| 3rd Author's Name | YUKI SUEHIRO |
| 3rd Author's Affiliation | Tokyo Denki University |
| 4th Author's Name | YOICHIRO UENO |
| 4th Author's Affiliation | Tokyo Denki University |
| 5th Author's Name | KAORU SANO |
| 5th Author's Affiliation | Tokyo Denki University |
| 6th Author's Name | RYOICHI SASAKI |
| 6th Author's Affiliation | Tokyo Denki University |
| Date | 2014/6/26 |
| Paper # | |
| Volume (vol) | vol.114 |
| Number (no) | 117 |
| Page | pp.pp.- |
| #Pages | 8 |
| Date of Issue | |