Resilient Networking (Teaching Cooperation with KIT)

This lecture is part of a teaching cooperation with the Chair of IT Security of Karlsruhe Institut of Technology (KIT). The lecture will happen online.

For further information please have a look at the Website of the lecture at the KIT (https://ps.tm.kit.edu/139_600.php).

Please register with OPAL, if you attend the lecture (TUD students).

Hint

The exercise of this lecture is a reading group, where each participating student is expected to present (at least) one paper throughout the term. Due to the timing constraints we hence have to limit the number of participants of this course.

Template that helps reading papers (h/t: anonymous student from Darmstadt).

Topic

The lecture resilient networking provides an overview on the basics of secure networks as well as on current threats and respective countermeasures. Especially bandwidth-depleting Denial of Service attacks represent a serious threat. Moreover, over the last years the number of targeted and highly sophisticated attacks on company and governmental networks increased. To make it worse, as a new trend at the moment, the interconnection of the Internet with cyber physical systems takes place. Such systems, e.g., the energy network (smart grid), trans- portation systems and large industrial facilities, are critical infrastructures with severe results in case of their failure. Thus, the Internet that interconnects these systems has evolved to a critical infrastructure as well.

The lecture introduces the current state-of-the-art in the research towards resilient networks. Resilience-enhancing techniques can be generally classified in proactive and reactive methods. Proactive techniques are redundancy and compartmentalization. Redundancy allows to tolerate attacks to a certain extent, while compartmentalization attempts to restrict the attack locally and preventing its expansion across the whole system. Reactive techniques follow a three step approach by comprising the phases of detecting an attack, mitigate its impacts, and finally restore a system's usual operation.

Based upon this categorisation of resilience strategies the lecture will give an excursus to graph theorie and will introduce generic strategies to increase the resilience of networks, e.g., proactively establishing backup routes and fast restoration strategies. Furthermore, the lecture will provide an overview on BGP routing and the Domain Name Service, as two essential Internet services. Both services are presented and current attacks as well as corresponding countermeasures are described. Moreover, Denial of Service attacks and their mitigation are observed in detail as well as mechanism for increasing the resilience of P2P networks. Finally, Intrusion Detection systems are covered as mechanisms to mitigate the impacts of successful attacks.

Overview of Information (Only for TUD Students)