Secure Optical Internet: An Attack on OBS node in a TCP over OBS network

Document Sample
Secure Optical Internet: An Attack on OBS node in a TCP over OBS network Powered By Docstoc
					    International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
       Web Site: Email:,
Volume 1, Issue 4, November – December 2012                                    ISSN 2278-6856

          Secure Optical Internet: An Attack on OBS
              node in a TCP over OBS network
                                              K. Muthuraj1 and N.Sreenath2
                               Research Scholar, Department of Computer science and Engineering,
                                  Pondicherry Engineering College, Puducherry 605014, India
                                   Professor, Department of Computer science and Engineering,
                                   Pondicherry Engineering College, Puducherry 605014, India

Abstract: Optical Internet has become the main conduit for        not practical in the foreseeable future. The two main
all types of virtually sharing communications around the          obstacles are lack of random access optical buffers, and
world as it continues its phenomenal growth of in traffic         optical synchronization of the packet header and payload.
volumes and reaches using dedicated optical routers. Optical
                                                                  Optical burst switching can provide fine granularity than
burst switching (OBS) is a predominant switching technology
for Optical network to cater the huge bandwidth demands and
                                                                  optical circuit switching, and does not encounter the
Transmission control protocol (TCP) is the prevailing             technical obstacles that optical packet switching faces.
mechanism to support the Internet. Hence TCP over OBS has         OBS is considered the most promising form of optical
become standard for Optical Internet. However OBS networks        switching technology, which combines the advantages
are more vulnerable from security aspects since its control       and avoids the shortcomings of OCS and OPS as
packet header and data burst pass separately through the          tabulated in Table1 [4-7].
OBS routers. If any one of the OBS node in TCP over OBS
network is compromised, there is a possibility of regenerating
of control packets and it creates denial of services in network
                                                                           Table 1: Scope of switching technology
performance. This paper is dealt to identify the novel attack
and it's named as a BCH flooding attack in OBS node in an                                  OB                 OC
                                                                            Technology               OPS
optical internet and provides the detection and prevention                                  S                  S
mechanism for the same. The NSF14 node topology is used to                   Bandwidth     High      High     Low
describe the attack and ns2 with modified nOBS patch is used
                                                                              Latency      Low       Low      High
for simulating the results and GNUplot is used for plot the
                                                                              Buffering         -   Require    -
security parameters.                                                                                  d
Keywords: Optical internet security, TCP over OBS                             Overhead     Low       High     Low
networks attack, BCH flooding attack, Denial of service                      Adaptively    High      High     Low
attack on Optical Internet
                                                                  The illustration of Optical Burst switched network in
1. INTRODUCTION                                                   Optical Internet as shown in below Figure 1.
The benefits of Optical Internet have been known for
quite awhile; but it was not until the invention of
wavelength division multiplexing (WDM) that the
potential of fiber was fully realized. This divides the
available bandwidth of the fiber into a number of separate
wavelength channels and allows tens or hundreds of
wavelength channels to be transmitted over a single
optical fiber at a rate of 10 Gb/s/channel and beyond [1-
3]. This means that the data rate can reach 10 Tb/s in
each individual fiber. To carry IP traffic over WDM
networks three switching technologies exist namely
optical circuit switching (OCS), optical packet switching
(OPS) and optical burst switching (OBS). Optical circuit
switching, also known as lambda switching, can only                        Figure 1 Illustration of Optical Internet
switch at the wavelength level, and is not suitable for
bursty internet traffic. Optical packet switching, which          OBS can provide a cost effective means of
can switch at the packet level with a fine granularity, is        interconnecting heterogeneous networks regardless of
                                                                  lower-level protocols used in optical internet. For

Volume 1, Issue 4 November - December 2012                                                                             Page 75
   International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
       Web Site: Email:,
Volume 1, Issue 4, November – December 2012                                    ISSN 2278-6856

example, an OBS network is able to transport 10 GB/s                transfers the incoming optical data into an outgoing link
Ethernet traffic between two sub-networks without the               in the optical form without conversion of electronic form.
need to interpret lower level protocols, or to make two             In OBS, the basic switching entity is burst which contains
geographically distant wireless networks to act as an               the number of encapsulated packets. For every burst there
integrated whole without protocol translations. The                 is a corresponding Burst Control Header (BCH) to
illustration of optical burst switching networks in the             establish a path from source to destination. BCH of a
optical internet.                                                   connection is sent prior to the transmission of Data Burst
In OBS networks, there is a strong separation between the           (DB) with specific offset time on the same wavelength
                                                                    channel is termed as In – band signaling shown in figure
control and data planes, which allows for great network
                                                                    3 [8-11].
manageability and flexibility. In addition, its dynamic
nature leads to high network adaptability and scalability,
which makes it quite suitable for transmission of bursty
traffic. Unfortunately, OBS networks suffer from security                                             Time
                                                                                          DB                      BCH
attacks. For every data burst is passed through the
intermediate OBS routers. If one of the OBS intermediate
routers is compromised, it causes security issues and
denial of services.                                                                Figure 3 In – band signaling
The remainder of this paper is organized as follows. The            All BCH’s of various connections are sent on the same
architecture of OBS and about in-band and out-of-band               control channel and their corresponding DBs will sent on
signaling with its functional diagram is described in               the different channels with specific offset time named as
Section 2. The Section 3 explains the TCP over OBS                  out – of – band signaling is shown in figure 4.
networks in Optical Internet. The Section 4 demonstrates
                                                                                      Offset             Offset
the main objective of this paper that is the identification
of the attack on OBS node in TCP/OBS networks in                                      Time     BCH       Time     BCH
Optical Internet as named as BCH flooding attack.                                                                       Control

Section 5 depicts the attack defective and prevention                                                                   Channel
mechanism for the same. The simulation results are                                                                       Data
shown in section 6. Finally we conclude and notify the
future work in Section 7.                                                                        DB

2. OPTICAL BURST SWITCHING ARCHITECTURE                                                                                 Channel

                                                                                  Figure 4 Out – of – band signaling
                              OBS Cloud
                                                                    The Offset time is the transmission time gap between the
                                                                    BCH and DB, which is used to allow the control part in
                                                                    intermediate core nodes to reserve the required resources
                                                                    for the onward transmission of bursts.

                  Edge Node
                                           Edge Node
    IP Packets                                         IP Packets
                               Core Node

       Figure 2 Optical Burst Switching Architecture
In general, OBS network is composed of two types of
routers, namely edge routers and core routers shown in
figure 2. Edge routers represent the electronic transit
point between the burst-switched backbone and IP routers                          Figure 5 OBS Functional Diagram
in an Optical Internet. The assembling of bursts from IP
packets and disassembling of burst into IP packets is               The OBS functional diagram is shown in above figure 5.
carried out at these edge routers. Core routers are                 It describes the ingress node is responsible for burst
connected to either edge routers or core routers. It                assembly, routing, wavelength assignment and scheduling

Volume 1, Issue 4 November - December 2012                                                                                Page 76
   International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
       Web Site: Email:,
Volume 1, Issue 4, November – December 2012                                    ISSN 2278-6856

of burst at the edge node. The core node is responsible for   Burst Control header undergoes O/E/O conversion at
signaling and contention resolution. The egress edge node     every intermediate core node. So, it needs some time to be
is responsible for disassembling the burst and forwarding     processed at every node. This makes the burst header
the packets to the higher network layer [12-14].              vulnerable to the attacks. If any optical node is
                                                              compromised by intruders and using that node, creates
3. TCP OVER OBS NETWORKS                                      multiple copies of the same burst header and advances it
                                                              to the next node and thereby flooding the next
                                                              intermediate node with the duplicate copies of the
                                                              original burst control header. So the next intermediate
                                                              node tries to make reservations for these fake burst
                                                              control headers. Hence overflow of buffers will happen at
                                                              the intermediate core node or if the wavelength
                                                              conversion is implemented then this bogus burst control
                                                              header reserves different wavelength for its respective
                                                              data burst. Thus the uncompromised nodes will not able
                                                              to reserve the resource if it receives a valid burst header.
                                                              This attack is called as Burst header flooding attack and it
                                                              is depicted in figure 7. And it creaes the denial of service
                                                              in optical router performance.
        Figure 6 TCP over OBS Layer Architecture

In a TCP/IP network, IP layer is involved in routing of       5. ATTACK DETECTION                  AND      PREVENTIVE
packets, congestion control and addressing the nodes.         MECHANISM
When OBS is introduced into the network, it takes care of     Thus we need to design an efficient mechanism to
routing of data and congestion control. The routing           prevent this BCH flooding attack. One of the major
information computed by IP layer need not be considered       factors to consider while designing is that the processing
by OBS routers. It is because, the routes at the OBS are      speed should not vary much amount in the normal
computed based on number of hops and wavelength               scenario as well as after implementing the solution.
availability. However, the addressing of the various nodes    The provisioning of security has two aspects, attack
in the network does not take care by OBS by default.          detection and attack removal. In the attack detection
Hence the functionality of IP may be limited to addressing    phase we need to identify the nodes which are behaving
and packet formation. Due to above reasons, this proposal     maliciously. This can be achieved by monitoring the
considers the stack TCP/OBS rather than TCP/IP/OBS.           intermediate nodes by some trusted nodes. The trusted
This is shown in above figure 6 [15-16].                      nodes will decide whether any node is behaving
                                                              maliciously or not. The idea is when any intermediate
4. BCH FLOODING ATTACK                                        core router obtains the BCH, it prepares a statistics. If the
                                                              intermediate core router does not have buffers it sends
        TCP Source
                                         Compromised          the statistics immediately to the trusted node. If it has
                 TCP Packets                                  buffers then it stores the statistics in a buffer and starts a
                                                              timer. Once the timer gets expired or the buffer gets full,
                                                              it sends the statistics to the trusted node. The statistics
                                                              contain some important information which will be
                                                              analyzed by the trusted node to determine whether any
                                                              node is behaving maliciously or not. The fields present
                           OBS Network                        inside the statistics are burst id, source, destination,
                                                              number of packets present inside the burst and size of the
                                                              The trusted node should contain a buffer and based on
                                                              burst id, it will insert the received statistics into its buffer
                               TCP Destination                table. The trusted node will not verify the statistics
                                                              immediately. Rather it waits for some interval of time (n
             Burst Header Packet
                                                 Core Node    sec) until it collects more statistics from its neighbor
              Data Burst                                      nodes. So after n Sec, it will start reading the statistics
                                                              one by one. It initially reads the burst id, source and
               Figure 7 BCH Flooding Attack                   destination from the buffer table head. Since trusted node
                                                              knows the path between the source and destination, it

Volume 1, Issue 4 November - December 2012                                                                         Page 77
   International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
       Web Site: Email:,
Volume 1, Issue 4, November – December 2012                                    ISSN 2278-6856

verifies whether all the intermediate nodes send the           The simulations are done using nOBS, an ns2 based
same statistics or not. If some intermediate node statistics   network simulator. NSFNet topology is used to
mismatches, then trusted node determines that the              demonstrate the effect of the BCH flooding attack as
previous intermediate node in the path between source          shown in below figure 7.
and destination is trying to flood the BCH, because
previous node is the one which will send wrong statistics
to the trusted node. Trusted node will now reduce the
trust value counter of that malicious node. The algorithm
as follows:

 recv (struct * PACKET packet)
 Determine nodeType from packet.
           if ((nodeType = ‘intermediate core node’)
           (nodeType = ‘egress node’))
                 a) Extract burst id, source, destination,
                       num_of_packets, burst_size from the
                 b) Create a new packet and store the
                       extracted information inside the new
                 c)Send the new packet to the trusted               Figure 7 NSFNet topology with nodes 0 to 13
           }                                                   Nodes 0 to 13 represent the optical nodes and 14 to 41
           else if (nodeType == ‘trusted_node’)                represent the electronic nodes. The optical network is
           {                                                   modeled with 1Gbps bandwidth and 10ms propagation
                 a) Extract statistics from packet.            delay. The TCP/IP links have 155 Mbps bandwidth each
                 b) Insert the statistics into the linked      with 1 ms link propagation delay.
                       list based on burst id.                 In the beginning let us assume that there are no
                 c)Collect some more statistics.
                                                               compromised nodes in the network. In that case, number
                 d) Now extract the source, destination
                                                               of bursts sent by the ingress edge node is almost equal
                       and burst id from the linked list
                                                               to number of bursts received by the egress edge node as
                 e)For BCH flooding attack, verify the         shown in below figure 8.
                       statistics based on burst id, burst
                       size, number of packets inside the
                       burst and reduce the nodes trust
                       value if the statistics mismatches.
                 f) If the node’s trust value reaches below
                       threshold, inform other nodes.

   Topology                           :   NSFNet
   Number of Optical Nodes            :   14
   Number of Electronic Nodes         :   28
   Number of TCP/IP Connection        :   10
   Max. Number of attacker nodes      :   03
   Max. Number of packets             :   200
   Max Lambda                         :   20
   Link Speed                         :   1GB
   Switch Time                        :   0.000005
                                                                 Figure 8 Number of bursts sent/received without any
                                                                                  attacker nodes

Volume 1, Issue 4 November - December 2012                                                                   Page 78
   International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
       Web Site: Email:,
Volume 1, Issue 4, November – December 2012                                    ISSN 2278-6856

Figure 9 and 10 shows the effect of BCH flooding attack.      intermediate node and takes an alternate path to reach the
The plotted graph shows that the number of compromised        destination. By doing so, BCH flooding attack can be
nodes increases; the flooding rate is also increasing.        prevented.

                                                                 Figure 11 After implementing the solution to BCH
                                                                 flooding attack (number of compromised node = 1)

Figure 9 Effect of BCH flooding attack when the number
                of compromised node is 1

                                                                 Figure 12 After implementing the solution to BCH
                                                                 flooding attack (number of compromised node = 3)

                                                              7. CONCLUSION AND FUTURE WORK
   Figure 10 Effect of BCH flooding attack when the
          number of compromised node is 3                     TCP/OBS networks are the future networks and optical
                                                              burst switching will turn as the most broadly used
                                                              technology in the mere future due to its speed and as it
Finally figure 10 and 11 shows the simulation results after   provides an end to end optical path among the
implementing the solution for BCH flooding attack.            communicating parties. Since optical burst switching has
The flooding is detected by the trusted nodes at some point   typical features, it is quite natural to suffer from the
and it is removed as shown in the graph.                      security attacks. In this paper, identified the new-fangled
                                                              type of attack and named as Burst Hijacking Attack.
                                                              From the statistical approach, its countermeasures are
The efficient way is to remove this attack is the source      discussed from the normal scenario, attack scenario and
will completely discard the path of malicious
Volume 1, Issue 4 November - December 2012                                                                     Page 79
   International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
       Web Site: Email:,
Volume 1, Issue 4, November – December 2012                                    ISSN 2278-6856

attack removal scenario separately using ns2 simulator              Optical Networks,” IEEE International Conference
with the modified nOBS patch.                                       on Networks (ICON 2000), pp. 385-389, Singapore,
In the future when the optical burst switching is                   September 2000.
employed in everywhere then some more security               [11]   J. Turner, “Terabit Burst Switching,” Journal of
attacks will arise. Future research in this area will help          High Speed Networks, vol.8, pp. 3-16, January
us to identify and remove other possible attack in                  1999.
TCP/OBS networks and make optical burst switching            [12]   Guray Gurel, Onur Alparslan and Ezhan Karasan,
technique a superior one for optical internet.                      “nOBS: an ns2 based simulation tool for
                                                                    performance evaluation of TCP traffic in OBS
Acknowledgement                                                     networks,” Annals of Telecommunications, vol. 62,
                                                                    no. 5-6, pp. 618-632, May-June 2007.
The authors would like to thank the anonymous reviewers      [13]   Turuk, A. K., Kumar, R., “A Novel Scheme to
and the Editor – in – Chief for their valuable comments             Reduce Burst-Loss and Provide QoS in Optical
that have helped us to improve the manuscript.                      Burst switching Network, ” In proceeding of HiPC-
                                                                    2004, pp. 19-22, 2004.
                                                             [14]   Dolzer. K., Gauger C., Spath J., and Bodamer S.,”
References                                                          Evaluation of reservation mechanisms for optical
[1] B. Mukherjee, “WDM Optical Communication                        burst switching ”, AEU International Journal of
      Networks: Progress and Challenges,” IEEE Journal              Electronics and Communications, vol. 55, no. 1, pp.
      on Selected Areas in Communications, pp. 1810-                18-26 April 2001.
      1823, October 2000.                                    [15]   Siva Subramanian, P., Muthuraj K.,” Threats in
[2] S. Yoo, S. J. B. Yoo, and B.Mukherjee, “All-Optical             Optical Burst Switched Network. Int. J.Comp. Tech.
     Packet Switching for Metropolitan Area Networks:               Appl. “, vol. 2, no. 3, pp. 510-514, July 2011.
     Opportunities     and       Challenges,”    IEEE        [16]   N. Sreenath, K. Muthuraj, and P. Sivasubramanian ,
     Communications Magazine, vol. 39, pp. 142-148,                 “ Secure Optical Internet:Attack Detection and
     March 2001.                                                    Prevention Mechanism,’’ International Conference
[3] X. Cao, J. Li, Y. Chen, and C. Qiao, “Assembling                on Computing, Electronics and Electrical
     TCP/IP Packets in Optical Burst Switched                       Technologies, 2012.
     Networks., Proceeding of IEEE Globecom,
     December 2002.                                          AUTHORS
[4] Guray Gurel and Ezhan Karasan, “Effect of                               K. Muthuraj is a Research Scholar and
     Number of Burst Assemblies on TCP Performance                          pursuing a Doctoral Degree in Computer
     in Optical Burst Switching Networks,” Proceedings                      science and Engineering at the
     of the IEEE BROADNETS, October 2006.                                   Department of Computer science and
[5] C. Siva Ram Murthy and Mohan Gurusamy, “WDM                             Engineering at Pondicherry Engineering
     Optical    Networks:    Concepts,    Design   and                      College, Pillaichavady, Puducherry –
     Algorithms,” Prentice Hall PTR, November 2001.          605014, India. He received his B.E in Computer science
[6] Pushpendra Kumar Chandra, Ashok Kumar Turuk,             and Engineering (2000) from Madurai Kamaraj
     and Bibhudatta Sahoo, “Survey on Optical Burst          University, Madurai, Tamilnadu, India.. He received his
     Switching in WDM Networks,” Proceedings of              M.E in Computer science and Engineering (2008) from
     IEEE communications magazine, December 2009.            Anna University, Chennai, Tamilnadu. His research areas
[7] Malathi Veeraraghavan and Tao Li, “Signaling             are high speed networks and Optical Internet
     Transport Options in GMPLS Networks: In-band
     or Out-of-band,” International Conference on                           Dr. N. Sreenath is a professor and Head
     Computer Communications and Networks, pp.                              of the Department of Computer science
     503-509, August, 2007.                                                 and     Engineering     at    Pondicherry
[8] Yuhua Chen and Pramode K. Verma, “Secure                                Engineering    College,    Pillaichavady,
     Optical Burst Switching: Framework and Research                        Puducherry – 605014, India. He received
     Directions,” IEEE Communication Magazine, pp.                          his    B.Tech    in    Electronics   and
     40-45, August 2008.                                     Communication Engineering (1987) from JNTU College
[9] Yuhua Chen, Pramode K. Verma, and Subhash                of Engineering, Ananthapur – 515002, Andra Pradesh,
     Kak, “Embedded Security Framework for Integrated        India. He received his M.Tech in Computer science and
     Classical and Quantum Cryptography Services in          Engineering (1990) from University of Hyderabad, India.
     Optical Burst Switching Networks,” Security and         He received his Ph.D in Computer science and
     Communication Networks, vol. 2, no. 6, pp. 546-         Engineering (2003) from IIT Madras. His research areas
     554, November- December 2009.                           are high speed networks and Optical networks.
[10] N. Sreenath, G. Mohan and C. Siva Ram Murthy,
     “Virtual Source Based Multicast Routing in WDM

Volume 1, Issue 4 November - December 2012                                                                    Page 80

Description: International Journal of Emerging Trends & Technology in Computer Science (IJETTCS) Web Site: Email:, Volume 1, Issue 4, November – December 2012, ISSN 2278-6856, Impact Factor of IJETTCS for year 2012: 2.524