Malicious MPLS Policy Engine Reconnaissance. / Almutairi, Abdulrahman; Wolthusen, Stephen D.

Proceedings of the 15th Joint IFIP TC6/TC11 Conference on Communications and Multimedia Security (CMS 2014)}. Vol. 8735 Springer-Verlag, 2014. p. 3.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

Malicious MPLS Policy Engine Reconnaissance. / Almutairi, Abdulrahman; Wolthusen, Stephen D.

Proceedings of the 15th Joint IFIP TC6/TC11 Conference on Communications and Multimedia Security (CMS 2014)}. Vol. 8735 Springer-Verlag, 2014. p. 3.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Almutairi, A & Wolthusen, SD 2014, Malicious MPLS Policy Engine Reconnaissance. in Proceedings of the 15th Joint IFIP TC6/TC11 Conference on Communications and Multimedia Security (CMS 2014)}. vol. 8735, Springer-Verlag, pp. 3. https://doi.org/10.1007/978-3-662-44885-4_1

APA

Almutairi, A., & Wolthusen, S. D. (2014). Malicious MPLS Policy Engine Reconnaissance. In Proceedings of the 15th Joint IFIP TC6/TC11 Conference on Communications and Multimedia Security (CMS 2014)} (Vol. 8735, pp. 3). Springer-Verlag. https://doi.org/10.1007/978-3-662-44885-4_1

Vancouver

Almutairi A, Wolthusen SD. Malicious MPLS Policy Engine Reconnaissance. In Proceedings of the 15th Joint IFIP TC6/TC11 Conference on Communications and Multimedia Security (CMS 2014)}. Vol. 8735. Springer-Verlag. 2014. p. 3 https://doi.org/10.1007/978-3-662-44885-4_1

Author

Almutairi, Abdulrahman ; Wolthusen, Stephen D. / Malicious MPLS Policy Engine Reconnaissance. Proceedings of the 15th Joint IFIP TC6/TC11 Conference on Communications and Multimedia Security (CMS 2014)}. Vol. 8735 Springer-Verlag, 2014. pp. 3

BibTeX

@inproceedings{f3ed4f24f0a748c39032d53581523497,
title = "Malicious MPLS Policy Engine Reconnaissance",
abstract = "Multi-Protocol Label Switching (MPLS) is widely used on telecommunications carrier and service provider backbone networks, complex network infrastructures, and also for the interconnection of distributed sites requiring guaranteed quality of service (QoS) and service levels such as the financial services sector, government and public safety, or control networks such as the electric power grid.MPLS is a policy-based system wherein router behaviour is determined not only by the base protocols, but also by a set of further policies that network operators will typically wish not to reveal. However, sophisticated adversaries are known to conduct network reconnaissance years before executing actual attacks, and may also wish to conduct deniable attacks that may not be visible as such that appear as service degradation or which will cause re-configuration of paths in the interest of the attacker. In this paper we therefore describe a probing algorithm and a model of MPLS state space allowing an adversary to learn about the policies and policy state of an MPLS speaker. In spite of the restrictions on the adversary, our probing algorithm revealed the policy states of non-directly connected routers. Also, we analyse the confirmed information using a Bayesian network and provide simulative validation of our findings.",
author = "Abdulrahman Almutairi and Wolthusen, {Stephen D.}",
year = "2014",
doi = "10.1007/978-3-662-44885-4_1",
language = "English",
volume = "8735",
pages = "3",
booktitle = "Proceedings of the 15th Joint IFIP TC6/TC11 Conference on Communications and Multimedia Security (CMS 2014)}",
publisher = "Springer-Verlag",

}

RIS

TY - GEN

T1 - Malicious MPLS Policy Engine Reconnaissance

AU - Almutairi, Abdulrahman

AU - Wolthusen, Stephen D.

PY - 2014

Y1 - 2014

N2 - Multi-Protocol Label Switching (MPLS) is widely used on telecommunications carrier and service provider backbone networks, complex network infrastructures, and also for the interconnection of distributed sites requiring guaranteed quality of service (QoS) and service levels such as the financial services sector, government and public safety, or control networks such as the electric power grid.MPLS is a policy-based system wherein router behaviour is determined not only by the base protocols, but also by a set of further policies that network operators will typically wish not to reveal. However, sophisticated adversaries are known to conduct network reconnaissance years before executing actual attacks, and may also wish to conduct deniable attacks that may not be visible as such that appear as service degradation or which will cause re-configuration of paths in the interest of the attacker. In this paper we therefore describe a probing algorithm and a model of MPLS state space allowing an adversary to learn about the policies and policy state of an MPLS speaker. In spite of the restrictions on the adversary, our probing algorithm revealed the policy states of non-directly connected routers. Also, we analyse the confirmed information using a Bayesian network and provide simulative validation of our findings.

AB - Multi-Protocol Label Switching (MPLS) is widely used on telecommunications carrier and service provider backbone networks, complex network infrastructures, and also for the interconnection of distributed sites requiring guaranteed quality of service (QoS) and service levels such as the financial services sector, government and public safety, or control networks such as the electric power grid.MPLS is a policy-based system wherein router behaviour is determined not only by the base protocols, but also by a set of further policies that network operators will typically wish not to reveal. However, sophisticated adversaries are known to conduct network reconnaissance years before executing actual attacks, and may also wish to conduct deniable attacks that may not be visible as such that appear as service degradation or which will cause re-configuration of paths in the interest of the attacker. In this paper we therefore describe a probing algorithm and a model of MPLS state space allowing an adversary to learn about the policies and policy state of an MPLS speaker. In spite of the restrictions on the adversary, our probing algorithm revealed the policy states of non-directly connected routers. Also, we analyse the confirmed information using a Bayesian network and provide simulative validation of our findings.

U2 - 10.1007/978-3-662-44885-4_1

DO - 10.1007/978-3-662-44885-4_1

M3 - Conference contribution

VL - 8735

SP - 3

BT - Proceedings of the 15th Joint IFIP TC6/TC11 Conference on Communications and Multimedia Security (CMS 2014)}

PB - Springer-Verlag

ER -