Network infrastructure security : a design of secure spanning-tree protocol and an analysis on distributed denial of service attack

Abstract

Two problems of network infrastructure security are addressed in this thesis. The first one is the security problem of Spanning-Tree Protocol (STP), and the second one is Distributed Denial of Service (DDoS) attack. Although STP is widely used in switching networks, it is vulnerable to STP attacks. In this thesis, we solve this problem of STP by proposing an enhanced STP. The proposed solution partitions a STP network into multiple tiers of switching networks. The reason of the partitioning is to hide the STP operations of the network infrastructure (i.e. higher tiers switching networks) from the lower tiers of switching networks (those are closer to end computers). To realise the partitioning, a new kind of Ethernet boundary switches is designed and implemented. These boundary switches will on one hand participate in the normal STP operations. On the other hand, the enhanced STP operations inside the boundary switches actually partition the STP operations between tiers. To quantify the security performance of the enhanced STP protocol, performance evaluation on the new switches is studied and compared with that of the conventional STP under all known STP attacks. The results show significant reduction in number of affected switches under the Non-DoS STP attacks when the enhanced STP is used. For DoS STP attacks, the CPU utilization of switches in handling STP topology changes can also be reduced by orders of magnitude. The implementation on the Ethernet boundary switches were based on Linux bridge implementation and bridge configuration tools. Experiments were run to verify the design and to study the switches’ performance. The results show that these new switches can provide better security for STP networks. This practical implementation also demonstrates how kernel programming on Linux and some modifications on configuration tools can be made to develop new switching devices. In the second part of the thesis, the problem of unknown impacts on networks under DDoS attacks is addressed. A scale free network (constructed by 1000 nodes) is investigated and the congestion level is measured. In the scale free network which models the Internet, each node is assumed to have links with finite buffers. Unlike previous works on complex networks, nodes under attacked are not assumed to be removed. This will give more realistic results. The results show that the scale free network becomes easily congested under DDoS attack. It is also found that the robustness of the scale free network depends more on the number of attackers than the degree of the victim node.