Privacy-Preserving Quantification of Cross-Domain Network Reachability

ABSTRACT:

Network Reachability is an important characteristic for understanding end-to-end network behavior and helps in detecting violations of security policies across the network. While quantifying network reachability within one administrative domain is a difficult problem in itself, performing the same computation across a network spanning multiple administrative domains presents a novel challenge. The problem of quantifying network reachability across multiple administrative domains is more difficult because the privacy of security policies of individual domains is a serious concern and needs to be protected through this process. In this paper, we propose the first cross-domain privacy-preserving protocol for quantifying network reachability. Our protocol constructs equivalent representations of the Access Control List (ACL) rules and determines network reachability while preserving the privacy of the individual ACLs. This protocol can accurately determine the network reachability along a network path through different administrative domains. We have implemented and evaluated our protocol on both real and synthetic ACLs. The experimental results show that the online processing time of an ACL containing thousands of rules is less than 25 s. Given two ACLs, each containing thousands of rules, the comparison time is less than 6 s, and the total communication cost is less than 2100 kB.

AIM

 The main aim of this project is to create a protocol called Access Control List (ACL) which contains a set of  rules and determines network reachability while preserving the privacy of the individual ACLs. This protocol can accurately determine the network reachability along a network path through different administrative domains

SCOPE

The Scope of this project is to implement and evaluate our protocol on both real and synthetic ACLs.

EXISTING SYSTEM

The current practice of reachability management is still “trial and error” due to the lack of network reachability analysis and quantification tools. This approach leads to significant number of configuration errors and has been shown to be the major cause of failure for Internet services. Industry research also shows that a significant percentage of human effort and monetary resources are employed in maintaining the operational status of the network. The current practice of determining network reachability through probing has two major drawbacks. First, probing is expensive because it needs to generate and send a significant amount of probe packets. Second, probing is inaccurate, e.g., it cannot probe the open ports with no server listening on them. Due to these drawbacks, many approaches were proposed to address the reachability problem The main assumption in all these approaches is that the reachability restriction information of each network device and configuration state are known to a central network analyst, who is quantifying the network reachability. However, in practice, it is common that the network devices along a given path belong to different domains where the reachability restriction information cannot be shared with others including the network analyst.

DISADVANTAGES:

1. The problem of quantifying network reachability across multiple administrative domains is more difficult because the privacy of security policies of individual domains is a serious concern and needs to be protected
2.  Quantifying  network reachability within one administrative domain is a difficult problem in itself, performing the same computation across a network spanning multiple administrative domains presents a novel challenge

PROPOSED SYSTEM

In this paper, to be presented cross-domain quantification approach of network reachability can be very useful for many applications. We illustrate this using two example scenarios. First, a global view of the network reachability can help ISPs to define better QoS policies to improve traffic management. For example, the knowledge of the different paths through which a particular type of traffic is allowed by the ACLs can help the ISPs to maintain a rated list of the best-quality paths in case of path failures. Second, since network reachability is crucial for many companies that provide their services over the Internet, performing a privacy-preserving computation of the network reachability could become a new business for the ISPs and other parties involved in this computation. The ISPs can answer the reachability queries of these companies using this global knowledge and even provide some information regarding the quality of various paths.

 ADVANTAGES

1. Collecting such information is very difficult due to the privacy and security concerns .
2.  The  explosion of the Internet has caused an increase in the complexity and sophistication of these devices, thus making reachability analysis computationally expensive and error-prone

 SYSTEM ARCHITECTURE:

SYSTEM CONFIGURATION

HARDWARE REQUIREMENTS:-

·                 Processor               -   Pentium –III

·                Speed                -    1.1 Ghz

·                RAM                 -    256 MB(min)

·                Hard Disk         -   20 GB

·                Floppy Drive    -    1.44 MB

·                Key Board                 -    Standard Windows Keyboard

·                Mouse               -    Two or Three Button Mouse

·                Monitor             -    SVGA

SOFTWARE REQUIREMENTS:-

·                Operating System              : Windows  7                                       

·                Front End                  : JSP AND SERVLET

·                Database                  : MYSQL

·                Tool                           :NETBEANS

REFERENCE:

Fei Chen, Bezawada, B. , Liu, A.X.. “Privacy-Preserving Quantification of Cross-Domain Network Reachability”, IEEE/ACM Transactions on Networking  Volume:23 ,  Issue: 3 JUNE 2014.