Information Assurance in the SQoS Network Pitipatana Sakarindr, Nirwarn Ansari, and Roberto Cessa-Rojas Advanced Networking Laboratory, ECE Department, NJIT Uiversity Heights, Newark, NJ 07102 US {ps6, nirwan.ansari, roberto.rojas-cessa }@njit.edu Abstract In the SQoS network as introduced in [1] and [2], the border router in every autonomous system (AS) provides customized security mechanisms to the incoming packets. Some serious problems have been recently raised particularly when there are one or more compromised routers that attempt to modify, delete, or fabricate any part or the whole packet into the SQoS network. The compromised router can either passively or actively perform the malicious activities against the forwarding packets. The SQoS network does not explicitly specify the method to detect whether the data contained in the packets have been abused by the compromised routers or by the end host itself. We deliberate the threats and later propose several methods to detect both the malicious routers and end hosts such that SQoS information and payload is authentic and integrity-protected. Index Terms─ Information assurance, SQoS network. I. INTRODUCTION The compromised router can maliciously conduct the following attacks against the packets: firstly, the passive attacks in which the compromised router can inspect, delay, or relay the packets to the third party; secondly, the active attack in which information can be modified or the packets can be injected into or deleted from the networks by the compromised routers as well as the compromised routers attempt to impersonate the other nodes in order to mislead or conceal their malicious behaviors. The routers in the SQoS network provide several customized security mechanisms to the packets in an AS-to- AS manner, implying that only the edge routers execute the requested services. Apparently, the routers must be examined whether they follow appropriate procedures correctly. In this paper, we present the problem statements in Section II, followed by the proposed solutions to the problems in Section III. We present the conclusions and discuss future works in Section IV. II. PROBLEM STATEMENTS In this paper, we focus on detecting malicious routers and assuring the end hosts that data payload is safeguarded and the requested security services will be properly executed in the SQoS network. We separate the SQoS network into two environments: inter-autonomous system environment and intra-autonomous system environment. The intra-autonomous system environment creates a virtual tunnel between two edge routers, and it is considered as the outer part of the SQoS network. The two edge routers encrypt and decrypt the packets with its pair-wise symmetric key. The inter-autonomous system environment has a virtual end-to-end path from the sending end host to the receiving end host, and this path consists of passways. A passway is defined as the link between the two border routers of two adjacent autonomous systems. These environments can be illustrated in Fig. 1. Figure 1. The environments of autonomous systems in the SQoS network. The virtual edge-to-edge path means that the forwarding of the packet inside the AS on the edge-to-edge path is transparent to the forwarding on the end-to-end path. The implementation is to copy the IP header, encrypt the packet with a pair-wise symmetric key of the two edge routers, and concatenate the copied IP header at the front of the encrypted packet. When the packet reaches the other edge router, the copied IP header is stripped off and the encrypted packet is decrypted with the key. We use the concept of virtual edge-to- edge path to solve the threats, and it will be further discussed in Section III. In this section we list the processes in SQoS that may be the target of the attacks, and cast the threats resulted from both the misbehaved routers and malicious end hosts. The threats basically threaten the following major characteristics of traffic: a validity of SQoS information, integrity of the data payload, and a fulfillment of the SSLA agreement. A. Processes in the SQoS network that may be the Target of the Attacks 1. When the router receives the probing packet during the probing phase or the data packet during the data transmission phase with the requested services in the requested-security service vector (rSSV), it examines its resources before accepting or denying such a request. The result is recorded as either the offered services (during the probing phase) or the executed services (during the data transmission phase). In the SQoS network, the data packets can traverse the AWAY autonomous systems (ASes) with different security services and at different service levels. Every end host is ensured that the packet will be appropriately treated by the AWAY AS’s routers in accordance with its SSLA, which the end host and its HOME AS are committed. 2. The routers in the HOME AS and AWAY ASes must regularly keep on updating the services and policies in the