TR-03-09: Secure Routing Protocols Using Consistency Checks and S-RIP

Internet routing infrastructures are vulnerable to various attacks due to the lack of strong authenti-cation mechanisms, software vulnerabilities/misconfiguration, and the risky assumption of a trustworthy and cooperative environment. Existing solutions do not solve the problem because they neither validate factual correctness of routing updates nor support incremental deployment. Inthis paper , we propose a data correlation approach for validating routing information. A routing update is validated for its factual correctness before being used to update a routing table by cross checking its consistency among selected nodes which are informed of that update . The notion of trust or distrust is replaced by node reputation measured by numerical values. The tradeoff between security and efficiency is made by configurable thresholds and a sized window which determines how many nodes to involve in a consistency check. As a first example of applying the frame work, we develop an incrementally deployable protocol, namely (S-RIP), for securing Routing Information Protocol (RIP). We have implemented S-RIP in the network simulator NS2. We show that with S-RIP, a nonfaulty node can uncover inconsistent routing information in a network with many misbehaving nodes given that no two of them are in collusion. Additional routing overhead generated by S-RIP is adjustable and can be reduced to a reasonalbe level.