Prototyping and evaluating a tunnel-based solution to circumvent malicious IISP blocking

Amer Al-Ghadhban, Marwan H. Abu-Amara
2012 2012 International Conference on Communications and Information Technology (ICCIT)  
Recent worldwide events have shown that some governments have the ability to dictate citizens right to communication by blocking communication services at will. Such blocking affects individual citizens as well as businesses that have become dependent upon unhindered access to the Internet. It is imperative to take measures in order to avoid blocking these services. We consider a scenario where a region of concern is intentionally isolated from accessing the Internet by its primary
more » ... rimary International Internet Service Provider (IISP). Under the assumption that connectivity to another IISP is available, we prototype and evaluate BGP-based solutions proposed by Alrefai et al. [1] . The prototyping and evaluating of these solutions were performed under conditions designed to capture the real Internet's ASes connectivity layout and traffic conditions. To design automated, consistent and repeatable testing procedures, we created four Java based programs which were able to detect the blocking action of malicious IISPs and measuring network convergence time. The resulting convergence time was in the range of 63 -64 seconds for all of the evaluated solutions. Keywords-malicious ISP, intentional Internet isolation, controlling outgoing and incoming Internet traffic, BGP configuration and prototyping, Internet resilience. Over malicious IISP path C:\Users\marwan>PING 192.0.21.6 Pinging 192.0.21.6 with 32 bytes of data: Reply from 192.0.2.2: Destination net unreachable. Reply from 192.0.2.2: Destination net unreachable.. C:\Users\marwan>tracert 192.0.21.6 Tracing route to 192.0.21.6 over a maximum of 30 hops 1 <1 ms <1 ms <1 ms 192.0.1.1 2 192.0.2.2 reports: Destination net unreachable.  malicious IISP Trace complete. Over alternate path after implementing one of the solutions C:\Users\marwan>ping 192.0.21.6  Server in AS 600 Pinging 192.0.21.6 with 32 bytes of data: Reply from 192.0.21.6: bytes=32 time=23ms TTL=124
doi:10.1109/iccitechnol.2012.6285810 fatcat:4kfiw5hqzrcxjbiu5wsxw4564a