著者
Koji NAKAO Katsunari YOSHIOKA Takayuki SASAKI Rui TANABE Xuping HUANG Takeshi TAKAHASHI Akira FUJITA Jun'ichi TAKEUCHI Noboru MURATA Junji SHIKATA Kazuki IWAMOTO Kazuki TAKADA Yuki ISHIDA Masaru TAKEUCHI Naoto YANAI
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE Transactions on Information and Systems (ISSN:09168532)
巻号頁・発行日
vol.E106.D, no.9, pp.1302-1315, 2023-09-01 (Released:2023-09-01)
参考文献数
40

In this paper, we developed the latest IoT honeypots to capture IoT malware currently on the loose, analyzed IoT malware with new features such as persistent infection, developed malware removal methods to be provided to IoT device users. Furthermore, as attack behaviors using IoT devices become more diverse and sophisticated every year, we conducted research related to various factors involved in understanding the overall picture of attack behaviors from the perspective of incident responders. As the final stage of countermeasures, we also conducted research and development of IoT malware disabling technology to stop only IoT malware activities in IoT devices and IoT system disabling technology to remotely control (including stopping) IoT devices themselves.
著者
Ouyang JUNJIE Naoto YANAI Tatsuya TAKEMURA Masayuki OKADA Shingo OKAMURA Jason Paul CRUZ
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences (ISSN:09168508)
巻号頁・発行日
vol.E106-A, no.3, pp.170-184, 2023-03-01
被引用文献数
1

The BGPsec protocol, which is an extension of the border gateway protocol (BGP) for Internet routing known as BGPsec, uses digital signatures to guarantee the validity of routing information. However, the use of digital signatures in routing information on BGPsec causes a lack of memory in BGP routers, creating a gaping security hole in today's Internet. This problem hinders the practical realization and implementation of BGPsec. In this paper, we present APVAS (AS path validation based on aggregate signatures), a new protocol that reduces the memory consumption of routers running BGPsec when validating paths in routing information. APVAS relies on a novel aggregate signature scheme that compresses individually generated signatures into a single signature. Furthermore, we implement a prototype of APVAS on BIRD Internet Routing Daemon and demonstrate its efficiency on actual BGP connections. Our results show that the routing tables of the routers running BGPsec with APVAS have 20% lower memory consumption than those running the conventional BGPsec. We also confirm the effectiveness of APVAS in the real world by using 800,000 routes, which are equivalent to the full route information on a global scale.
著者
Ouyang JUNJIE Naoto YANAI Tatsuya TAKEMURA Masayuki OKADA Shingo OKAMURA Jason PAUL CRUZ
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences (ISSN:09168508)
巻号頁・発行日
pp.2022CIP0024, (Released:2023-01-11)
被引用文献数
1

The BGPsec protocol, which is an extension of the border gateway protocol (BGP) for Internet routing known as BGPsec, uses digital signatures to guarantee the validity of routing information. However, the use of digital signatures in routing information on BGPsec causes a lack of memory in BGP routers, creating a gaping security hole in today's Internet. This problem hinders the practical realization and implementation of BGPsec. In this paper, we present APVAS (AS path validation based on aggregate signatures), a new protocol that reduces the memory consumption of routers running BGPsec when validating paths in routing information. APVAS relies on a novel aggregate signature scheme that compresses individually generated signatures into a single signature. Furthermore, we implement a prototype of APVAS on BIRD Internet Routing Daemon and demonstrate its efficiency on actual BGP connections. Our results show that the routing tables of the routers running BGPsec with APVAS have 20% lower memory consumption than those running the conventional BGPsec. We also confirm the effectiveness of APVAS in the real world by using 800,000 routes, which are equivalent to the full route information on a global scale.
著者
Naoki Umeda Naoto Yanai Tatsuya Takemura Masayuki Okada Jason Paul Cruz Shingo Okamura
出版者
情報処理学会
雑誌
情報処理学会論文誌 (ISSN:18827764)
巻号頁・発行日
vol.63, no.12, 2022-12-15

Border gateway protocol (BGP), which is known as a backbone protocol of the Internet, is constantly the target of many hijack attacks. To combat such attacks, many extensions of BGP have been developed to make BGP more secure. However, to perform experiments to evaluate their performance, most BGP extensions require the utilization of platforms, such as testbeds, with high operating costs. In this paper, we propose Scalable QUagga-based Automated Configuration on Bgp (SQUAB), a lightweight evaluation tool for protocols under development and for protocols that will be developed by a user with actual devices locally. SQUAB can configure BGP networks automatically, and thus it can significantly reduce the overhead of experiments on BGP and its extensions. Unlike conventional testbeds, SQUAB can set up BGP networks locally and its execution requires only a computational resource of a typical laptop computer. We used SQUAB in experiments to check the validity of functions based on network topologies in the real world. Our results show that SQUAB can configure a network composed of 50 routers within 52.9 seconds and consumes only 354.7MB of memory. Furthermore, as a SQUAB application, we evaluate route convergence in networks mixing BGP and BGPsec and then show that route selection differs due to BGPsec while the convergence time is stable.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.30(2022) (online)DOI http://dx.doi.org/10.2197/ipsjjip.30.829------------------------------