An Analysis of Service Degradation Attacks against Real-Time MPLS Networks

Abdulrahman Almutairi, Stephen D. Wolthusen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

While the robustness of the communication network infastructure against attacks on the integrity of backbone protocols such as the Border Gateway Protocol (BGP) and MultiProtocol Label Switching (MPLS) protocols has been the subject of significant earlier work, more limited attention has been paid to the problem of availability and timeliness that is crucial for service levels needed in areas such as some financial services and particularly for the interconnection of smart grid components requiring hard real-time communication which are not necessarily over completely isolated networks. In such networks, an adversary will be successful if a targeted flow or set of flows no longer meets CoS and QoS boundaries, particularly delay and jitter, even where no outright compromise of either the flow itself or the control flow is achieved. The attacker's objective can be accomplished by interfering with the operation of the control signalling protocol, but also by influencing the policy of MPLS nodes and the mitigation mechanisms itself. In this paper we therefore describe an adversary model and analysis of attacks based on manipulation of Label Distribution Protocol (LDP) messages for the purpose of affecting the required (QoS) and Class of Service (CoS) for a targeted traffic where the adversary may intentionally modify the policy state of LSRs that the targeted traffic passes though.
Original languageEnglish
Title of host publicationProceedings of the 2013 Information Security South Africa Conference (ISSA 2013)
PublisherIEEE Computer Society Press
Pages1-8
DOIs
Publication statusPublished - 2013

Cite this