Secure Routing Protocols Using Consistency Checks and S-RIP

Internet routing infrastructures are vulnerable to various attacks due to the lack of strong authentication mechanisms, software vulnerabilities/misconfiguration, and the risky assumption of a trustworthy and cooperative environment. Existing solutions do not solve the problem because they neither validate factual correctness of routing updates nor support incremental deployment. In this paper, we propose a data correlation approach for validating routing information. A routing update is validated for its factual correctness before being used to update a routing table by cross checking its consistency among selected nodes which are informed of that update. The notion of trust or distrust is replaced by node reputation measured by numerical values. The tradeoff between security and efficiency is made by configurable thresholds and a sized window which determines how many nodes to involve in a consistency check. As a first example of applying the framework, we develop an incrementally deployable protocol, namely (S-RIP), for securing Routing Information Protocol (RIP). We have implemented S-RIP in the network simulator NS2. We show that with S-RIP, a nonfaulty node can uncover inconsistent routing information in a network with many misbehaving nodes given that no two of them are in collusion. Additional routing overhead generated by S-RIP is adjustable and can be reduced to a reasonalbe level.