Papers by Doug Montgomery
2019 IEEE Conference on Communications and Network Security (CNS)
Proceedings of the Symposium on SDN Research, 2018
Recent advances in Software-Defined Networking (SDN) have enabled flexible and programmable netwo... more Recent advances in Software-Defined Networking (SDN) have enabled flexible and programmable network measurement. A promising trend is to conduct network traffic measurement on widely deployed Open vSwitches (OVS) in data centers. However, little attention has been paid to the design options for conducting traffic measurement on the OVS. In this study, we set to explore different design choices and investigate the corresponding trade-offs among resource consumption, measurement accuracy, implementation complexity, and impact on switching speed. For this purpose, we empirically design and implement four different measurement schemes in OVS, by either closely integrating forwarding and measurement functions into a pipeline, or decoupling them into parallel operations. Through extensive experiments and comparisons, we quantitatively show the various trade-offs that the different schemes strike to balance, and demonstrate the feasibility of instrumenting OVS with monitoring capabilities. These results provide valuable insights into which design will best serve various measurement and monitoring needs.
Dynamic Agent Advertisement of Mobile IP to Provide Connectivity between Ad Hoc Networks and Internet
Lecture Notes in Computer Science, 2004
... 4.1 Simulation Model There are home agent and foreign agent running both AODV and MIP. There ... more ... 4.1 Simulation Model There are home agent and foreign agent running both AODV and MIP. There is one correspondent node on the wired network connected to both wireless domains through R0. Fig 3 illustrates this network configuration. ...
Mobility Agent with SIP Registrar for VoIP Services
Lecture Notes in Computer Science, 2003
ABSTRACT The Session Initiation Protocol (SIP) is likely to play a key role in the convergence of... more ABSTRACT The Session Initiation Protocol (SIP) is likely to play a key role in the convergence of Internet and the conventional cellular networks. Several issues related to mobility management in SIP enabled networks remain to be resolved. While other work has compared and contrasted mobility management in SIP and Mobile IP (MIP), in this paper we investigate possible integration techniques that combine the mobility management capabilities of both protocols. After illustrating some of the issues with each protocol when used in isolation in various mobile VoIP scenarios, we propose an integrated model (MIP+SIP), that reduces the disruption time during handovers. Our combination of network and application layer mobility management models reduces the global signaling load and provides fast handoff for ongoing conversations. Simulation results show that our proposed mechanisms achieve better performance than isolated SIP and MIP mobility management. Simulation results presented in this paper are based on the ns2 mobility package[6], which we extended with new capabilities to model SIP components (i.e., user agents, redirect servers, proxy servers, registrars) and SIP-based VoIP traffic.
IEEE Journal on Selected Areas in Communications, 2006
We present a detailed study of the potential impact of BGP peering session attacks and the result... more We present a detailed study of the potential impact of BGP peering session attacks and the resulting exploitation of Route Flap Damping (RFD) that cause network-wide routing disruptions. We consider canonical grid as well as down-sampled realistic Autonomous System (AS) topologies and address the impact of various typical service provider routing policies. Our modeling focuses on three dimensions of routing performance sensitivity: (a) Protocol aware attacks (e.g., tuned to RFD), (b) Route selection policy, and (c) Attack-region topology. Analytical results provide insights into the nature of the problem and potential impact of the attacks. Detailed packet-level simulation results complement the analytical models and provide many additional insights into specific protocol interactions and timing issues. Finally, we quantify the potential effect of the BGP Graceful Restart mechanism as a partial mitigation of the BGP vulnerability to peering session attacks.
IEEE Security & Privacy Magazine, 2006
In the early 2000s, the IETF formed the Secure Inter-Domain Routing (SIDR) working group which wa... more In the early 2000s, the IETF formed the Secure Inter-Domain Routing (SIDR) working group which was tasked with developing a security model for the Border Gateway Protocol (BGP) with the intent to eliminate or reduce the rate of successful BGP hijacks and other attacks against the core routing infrastructure. The result was the development of a two-stage security approach, one based on the prefix (IP address range) origination of an autonomous system's (AS) announcement and the other one dealing with the validation of the path such an announcement traversed on. The first stage is called the Resource Public Key Infrastructure (RPKI) and has been in its deployment stage since early 2013 and the second one is called BGPsec and includes a modification to the BGP specification RFC 4721. BGPsec became an RFC standard in late 2017. During that time, NIST actively participated in the development of the necessary RFCs and developed in parallel a reference implementation that addresses both tiers of the developed security model.
USGv6-V1.0 A Profile for IPv6 in the U.S. Government – Version 1.0 NIST Special Publication 500-267 A Profile for IPv6 in the U.S. Government –
Version 1.0
1 Architectural Considerations for Mapping Distribution Protocols
In this contribution, we present a discussion of some architectural ideas pertaining to the mappi... more In this contribution, we present a discussion of some architectural ideas pertaining to the mapping distribution protocol. The efficiency of this protocol in terms of response time and the volume of traffic load it generates are important considerations. We consider how Egress Tunnel Routers (ETRs) can perform aggregation of end point ID (EID) address space belonging to their downstream delivery networks. This aggregation may be useful for reducing the processing load and memory consumption associated with mapping messages, especially in some resource-constrained components of the mapping distribution system. Some interesting architectural issues, their potential solutions and trade-offs are discussed. The overarching goal is to expose and discuss some subtleties in design considerations for mapping distribution and management. I.
The knowledge plane will be highly dependent upon knowledge derived from information contained in... more The knowledge plane will be highly dependent upon knowledge derived from information contained in participating nodes. Such information will comprise data generated by a participating node’s hardware (e.g., CPU and network devices) and software (e.g., operating system and network applications) that conforms to one of many distinct ontologies or information models. Before node information can be utilized by the knowledge plane, it must first be acquired and translated from its native forms. In this paper, we suggest possible alternative architectures for acquiring, translating and representing sensor information that could ultimately serve as knowledge for the knowledge plane. We posit these architectures in order to identify and discuss the pros and cons of various approaches for deriving knowledge for the knowledge plane. 1
– Draft for Comments – Autonomous System Isolation under BGP Session Attacks with Exploitation of Route Flap Damping∗
There is a growing apprehension in the Internet community that there are potentially significant ... more There is a growing apprehension in the Internet community that there are potentially significant vul-nerabilities in the deployed Border Gateway Protocol (BGP) routing system. Researchers speculate and debate the potential of targeted attacks to trigger large scale, potentially cascading, failures and persistent instability in the global routing system. To date, most modeling and analysis of BGP behavior under threat-ening scenarios has been limited to post mortem analysis of global routing exchanges during worm and virus attacks of Internet hosts; but these are not attacks focused on BGP. In this paper, we present results from our effort to conduct “what if ” analyses of yet unseen attacks and to develop means to characterize the impact of various attacks on a distributed BGP routing system. In particular, we present a detailed study of the impact of BGP peering session attacks and the resulting exploitation of RFD that cause network-wide routing disruptions. Analytical results pro...
BGPsec Validation State Signaling
This document updates RFC 8097 by adding the BGPsec path validation state to the reserved portion... more This document updates RFC 8097 by adding the BGPsec path validation state to the reserved portion of the extended community in RFC 8097. BGP speakers that receive this community string can use the embedded BGPsec validation state and configure local policies that allow it being used to influence their decision process. This is especially helpful because Section 5 of RFC 8205 specifically allows putting BGPsec path validation temporarily on hold. This allows reducing the load of validation particularly from IBGP learned routes or EBGP learned routes when warranted.
RPKI Route Origin Validation State Unverified
In case operators decide not to evaluate BGP route prefixes according to RPKI route origin valida... more In case operators decide not to evaluate BGP route prefixes according to RPKI route origin validation (ROV), none of the available states as specified in RFC 6811 do properly represent this decision. This document introduces "Unverified" as well-defined validation state which allows to properly identify route prefixes as not evaluated according to RPKI route origin validation.
This document defines the scope of accreditation for the USGv6 Test Program, including test metho... more This document defines the scope of accreditation for the USGv6 Test Program, including test method validation procedures, laboratory accreditation process and roles of the accreditor.
In the context of BGPsec, a withdrawal suppression occurs when an adversary AS suppresses a prefi... more In the context of BGPsec, a withdrawal suppression occurs when an adversary AS suppresses a prefix withdrawal with the intension of continuing to attract traffic for that prefix based on a previous (signed and valid) BGPsec announcement that was earlier propagated. Subsequently if the adversary AS had a BGPsec session reset with a neighboring BGPsec speaker and when the session is restored, the AS replays said previous BGPsec announcement (even though it was withdrawn), then such a replay action is called a replay attack. The BGPsec protocol should incorporate a method for protection from Replay Attack and Withdrawal Suppression (RAWS), at least to control the window of exposure. This informational document provides design discussion and comparison of multiple alternative RAWS protection mechanisms weighing their pros and cons. This is meant to be a companion document to the standards track draft-ietf-sidrops-bgpsec- rollover that will specify a method to be used with BGPsec for RAW...
Deployment of Resource Public Key Infrastructure (RPKI) and Route Origin Authorizations (ROAs) is... more Deployment of Resource Public Key Infrastructure (RPKI) and Route Origin Authorizations (ROAs) is expected to occur gradually over several or many years. During the incremental deployment period, network operators would wish to have a meaningful policy for dropping Invalid routes. Their goal is to balance (A) dropping Invalid routes so hijacked routes can be eliminated, versus (B) tolerance for missing or erroneously created ROAs for customer prefixes. This document considers a Drop Invalid if Still Routable (DISR) policy that is based on these considerations. The key principle of DISR policy is that an Invalid route can be dropped if a Valid or NotFound route exists for a subsuming less specific prefix.
CSRIC III WORKING GROUP 4 Network Security Best Practices FINAL Report – BGP Security Best Practice
Self-Adaptive Discovery Mechanisms for Optimal Performance in Fault-Tolerant Networks
Emerging designs for fault-tolerant systems rely on discovery-based component architectures to en... more Emerging designs for fault-tolerant systems rely on discovery-based component architectures to enable self-organizing and self-healing systems. The underlying service discovery and composition technologies for such systems include mechanisms that permit the network to continue to function even as its configuration changes continuously over time. Unfortunately, in very dynamic environments, such as found in military applications, little is known about the behavior and performance of emerging service discovery protocols. Many aspects of the performance of these protocols appear highly sensitive to parameter settings whose optimum values depend upon the composition of the network. While such parameters may be manually tuned in relatively small, static environments, their management in large-scale, highly dynamic environments requires real-time measurement and control. NIST proposes to research, design, evaluate, and implement self-adaptive algorithms to improve the performance of servi...
Enhancement to BGPSEC for Protection against Route Leaks
This document enumerates different types of route leaks based on observed events on the Internet.... more This document enumerates different types of route leaks based on observed events on the Internet. It illustrates how BGPSEC in its current form (as described in draft-ietf-sidr-bgpsec-protocol-09) already provides protection against all but one of these route-leaks scenarios. The document further discusses a design enhancement to the BGPSEC protocol that will extend protection against this one remaining type of route-leak attack as well. With the inclusion of this enhancement, BGPSEC is expected to provide protection against all types of route-leaks. The document also includes a stopgap method for detection and mitigation of route leaks for the phase when BGPSEC (path validation) is not yet deployed but only origin validation is deployed.
Uploads
Papers by Doug Montgomery