Network Quality Estimation − Error Protection

and Fault Localization in Router Based Network

M. HemaLatha1, P. Padmanabham2, and A. Govarhan3

1
Lakireddy Balireddy College of Engineering, Mylavaram, Krishna Dt, A.P, India
2
Bharat Institute of Engineering and Technology, Hyderabad, India
3
JNTUH, Hyderabad, India
lathamunnangi@gmail.com

Abstract. Devices of Network are used for Different purposes like Huge data
transmission, easy to access and time saving are the applications of digitized
communication system. Wireless communication systems consist of a number
of routers and links. Processing speed, link failure, control of one router over
another router as well extended delay causing huge problems in transmission.
The proposed method is based on a three phased technique. The network para-
meter detection phase includes a protocol oriented technique for network
parameter considerations and mutual node communication. To provide commu-
nication the second phase includes security inclusion in network correlated
nodes. Here this paper proposes principal and credential sharing among a num-
ber of nodes present in the network who are neighbor to each other. The last
phase of the paper includes the detection of the error present in the network. For
a flow contained development, this paper first gives an introduction related to
security in UMA network in the section one. The second section is a literature
study of some previous related works. A well-structured and modularized pro-
posal is given in section three followed by a simulation result in section four. At
last an overall conclusion is given.

Keywords: reliability, latency, availability, failure rate, data rate, authentica-

tion, authorization.

1 Introduction
The world is connected through multiple data sharing centers. Long range and varia-
tion in operating regions imposes requirement of routers in networks. Routers are
coming pressures like the failure of hardware [1], unwanted control of another node
over it [2], losing of data or changing of data present in the data packet [3] [4] [5] or
headers, used for data carrying. As the distance between the source and destination
and the region of local area network (LAN) are increasing respective quantity, the risk
of network failure is going on increasing [4]. Networks are growing exponentially in
day to day life. This leads to the discovery of a suitable protocol, which is able to
detect and replace data packet transmission paths. Although repeater and router in the
network solving the coverage problem, it is enhancing the causes of errors. Some
of the most common errors include flow of the data in a way [6] [7], which are not

© Springer International Publishing Switzerland 2015 367

S.C. Satapathy et al. (eds.), Emerging ICT for Bridging the Future − Volume 2,
Advances in Intelligent Systems and Computing 338, DOI: 10.1007/978-3-319-13731-5_40
368 M. HemaLatha, P. Padmanabham, and A. Govarhan

coming under the routing protocols. Few unwanted nodes having some adverse effect
on the networking system [8]. They try to alternate the flow of data. Cryptographic
data for data transmission is one of the solutions present in network [9] [10]. Some
solution present in the network focuses acknowledgement based transmission tech-
nique [3]. This technique is able to solve basic problems of the network. Still genera-
tion and transmission of acknowledgement put pressure on security threats detection
method and on the transmission system. The reliability is decreasing as many as
transmission occurs. Protocols are unable to detect errors as soon as possible. .

1.1 Architecture

The Internet routing infrastructure is also vulnerable to attacks. Because of the very
nature of this infrastructure, the router can act a large number of hosts, entire net-
works, or even the global Internet [11]. The objectives of routing attacks can include
black holing and loss of connectivity, track redirection to networks controlled by ad-
versaries, track subversion and data interception, or persistent routing instability [12].
There are various approaches that have been used in IP trace back, and many of these
can be broadly categorized under packet logging or packet marking schemes. Depend-
ing on such criteria as storage overhead either within the packet itself or at the nodes
traversed, link speeds, or computational demands, among other mitigating factors;
each category has its advantages and disadvantages. For example, the hash-based
approach [13] is a logging method that can trace a single packet, unlike most packets
marking schemes, which assume a reasonably large number of packets for a success-
ful trace back. Another routing technology Stealth probing is a secure data plane mon-
itoring tool that relies on the efficient symmetric cryptographic protection of the IPsec
protocol suite that is applied in end-router-to-end-router fashion. One of the other
protocol present is BGPmon, it uses XML to represent BGP messages, handling all
attribute and element types, and various classes of data [14].

1.2 Applications

Cryptographic protocols security is of crucial importance due to their widespread use

in critical systems and in day-to-day life [15]. Large open networks, where trusted
and un trusted parties coexist and here messages transit through potentially “curious”
if not hostile providers pose new advantages to the designers of communication pro-
tocols [16]. Network routers occupy a key role in modern data transport [17]. Modern
ISP, enterprise, and data center networks demand reliable data delivery to support
performance-critical services, thus requiring the data plane to correctly forward pack-
ets along the routing paths. Real-world incidents reveal the existence of compromised
routers in the ISP and enterprise networks that sabotage network data delivery [18].
Network Scanner or Network Enumeration is a computer program used to retrieve
user names, and info on groups, shares and services of networked computers [19].
 Network Quality Estimation − Error Protection and Fault Localization 369

1.3 Issues
It is important to initially emphasize that erasure security be relative [20]. Attacks
that are hinged upon the guess-ability of initial TCP sequence numbers (ISN): so that
an arbitrary host can exploit an address-based trust relationship to establish a client
writes-only TCP session [21]. Securing IP routing is a task that is central in diminish-
ing the Internet's liability to mascon gyrations and malicious attacks [22]. As there are
numerous attacks on published protocols, designing AKE protocols is error prone
[23]. In large and constantly evolving networks, it is difficult to determine how the
network is actually laid out. This information is invaluable for network management,
simulation, and server sitting [24]. Traditional topology discovery algorithms are
based on SNMP, which is not universally deployed [25]. Compromised routers can
drop, modify, mis-forward or reorder valid packets [26]. The BGP, routing protocol
includes no mechanism for verifying either the authenticity (correct origin) or the
accuracy of the routing information it distributes. A particularly problematic case is
that of sophisticated malicious routers (e.g., routers that have been compared) [27].

2 Literature Review

In [2], the authors have argued that robust routing requires not only a secure routing
protocol but also well-behaved packet forwarding. They have proposed an approach
to robust routing in which routers, assisted by end hosts, adaptively detect poorly
performs routes that appear suspicious, and use a secure trace route protocol to at-
tempt to detect an offending router.
The authors of [28] say FD protocols require only pair wise participation of nodes,
deployment of FD can proceed in an incremental fashion that is compatible with in-
centives for informing routing decisions at the network edge. However, when the
authors consider the placement and selection of FD protocols, natural questions arise
about the division of labor between the end host and the edge router. They argue that
the placement of FD protocols depends on the parties responsible for providing confi-
dentiality and driving routing decisions.
Pepper and Salt Probing may even be efficient enough to be deployed in the core
of the Internet, as part of an architecture where core routers inform their routing deci-
sions by running FD to destination networks.
The authors of [29] have designed and analyzed efficient path-quality monitoring
protocols that give accurate estimates of path quality in a challenging environment
where adversaries may drop, delay, modify, or inject packets. Their protocols have
reasonable overhead, even when compared to previous solutions designed for the non-
adversarial settings.
We are exploring how to compose multiple instances of our PQM protocols run-
ning over multiple paths simultaneously to determine whether the adversary resides
on either the forward or reverse path, or to localize the adversary to particular nodes
or links.
370 M. HemaLatha, P. Padmanabham, and A. Govarhan

3 Problem Definition and Proposed Methodology

Our previous paper proposes information sharing and acknowledgement on error
detection method to trace out the attack and error as soon as possible.

3.1 Problem Definition

The previous paper idea is quite clear about the network parameters. Location of the
error is not tracked in a convenient way. Although the authentication and authoriza-
tion is verified; it is still unable to explain the methodology of handling the principals
and credentials. For handling the security and error detection at exact location, this
paper proposes two way conformations for RTT and relative detection method in a
single way transmission long range network. Mutual principal and credential verifica-
tion will increase the security and error checking in a rapid manner.
The main issues are-
1. In the previous papers nearby node is not chosen through the quality constraints.
2. Security is not enforced through the digital parameterized technology.
3. Exact detection of error is not supported in the previous paper.
The proposed method is a three phased technique. The first phase includes a pro-
tocol oriented technique for network parameter considerations to have mutual node
communication. The second phase includes security inclusion in network correlated
nodes. Here this paper proposes principal and credential sharing among a number of
nodes present in the network who are neighbors' to each other. The third phase of the
paper includes the detection of the error present in the network.

3.2 Proposed Methodology

In this section this work is considering some phases for the node identification provid-
ing security and error detection.
From the diagram it is clear that there are a number of end users who are using a
number of intermediate nodes for the long range data communication. The one way
and two way flow is shown in the diagram.

Fig. 1. Shows the architecture diagram of the proposed network

 Network Quality Estimation − Error Protection and Fault Localization 371

The below figure is about the proposed methodology presented over the current
paper. This shows the three phased solution of the proposed methodology

Fig. 2. Shows the architecture diagram for proposed methodology

3.2.1 Network Parameter Calculation Phase

The aim of this phase is to get the data in a dynamic and secured manner. A number
of parameters that performs in service of the network are availability, latency, deli-
very, mean time between failure and mean time between restoring

Availability. For the availability, we are going for the formula required channels
divided by available channels. Then we have to get the maximum value which is less
than or equal to 1 for this choosing. The above parameters are detected though the
current sender and intermediate nodes or intermediate nodes to intermediate nodes.
The availability is given as the below mathematical formula.

… … … … … … … … … … … … … … … … … .. 1

Where = required channel , = channel available

Latency. This Thus the minimum latency is detected for the next communication. For
the latency detection we have to use a time stamp at each node’s register.
The latency is given by the formula-

…………………… 2

Where =acknowledgement received time, =data packet sent time

Delivery Rate. Delivery rate is decided through data sent and acknowledgement
received in a certain period of time. The best delivery rate is chosen for the next
communication.
372 M. HemaLatha, P. Padmanabham, and A. Govarhan

The delivery rate is given in the below formula.

…………………………………… … 3
Where = acknowledgement received, = total data packet sent

Failure Data Rate. Failure can be detected through number of data packets sent and
number of acknowledgement not received in a certain period of time. Mean time can
be detected as the time difference between first failed data transmission to the nest
success data transmission.
The failure is detected through the algorithm below-

Failure data rate ()

{
If (acknowledgement received)
Continue;
Else
{
Time t1=current time ();
Continue the acknowledgement;
Track the successful time;
}
}

Failure data calculation the below formula is given-

…………………………………….. 4

Where T1 and T2 is detected as given in the above, and TP is the average time
duration. TP is decided by the user.

Average Function. Then we will calculate a mathematically average to detect the

most secure way for data transmission. We are applying a number of parameters.
Some path or node may be the lack of something, but having advantages in other
thing. So it depends on us to decide the best. Getting the average, we need not be
worried about each individual factor.
For the average function, we will go for the below formula.

min …………. 5

Where P1, P2 and P3 are the priorities decided by the user in choosing the best ser-
vice scenario for individual services. As previously said; minimum latency has been
the best case always in network [3] [5]. Then this paper is choosing the best average
function for the network transmission. The data is transferred in the chosen pathway.
 Network Quality Estimation − Error Protection and Fault Localization 373

Most of the performance metrics are derived from the above mentioned quality pa-
rameters. Availability is done through the channel available to the required channel
available. The functionality is decided through credentials and principles described in
phase-2. Loss is a simple way of calculating acknowledgement received and data
packet sent. One way the loss is consists of one way data packet transmission and one
way acknowledgement transmission. Round trip loss is consists of two way calcula-
tion of data packet transmissions and acknowledgement transmissions. Delay is a
measurement of time stamp. For this parameter this paper proposes a time attribute
should be made at each node participating in the data transmission. The accepted
transmission should be the first acknowledgement received time. Other transmissions
are compared to the above accepted time. Utilization parameters are derived in the
above paragraph as bandwidth, capacity. A fractional summation of bandwidth re-
quired to bandwidth available with channel available to channel required gives the
utilization factor. Utilizing a node for few numbers of services is always reliable. All
path qualities are useful in different conditions.

Algorithm for Network Parameter Calculation Phase

Step-1- start the procedure with some parameters.
Step-2- get the channel availability as given in equation-1.
Step-3- get the latency as given in equation-2.
Step-4- get the delivery data rate as given in equation-3.
Step-5- get the failure data rate as given in equation-4.
Step-6- get the average function as given in equation-5.
Step-7- choose the best way for the transmission of data and transmit the data.

3.2.2 Security Enhancement Phase

Credential and principals are specific for a node and for a communication. One to one
relation is there among the nodes of a network. When a node sends its first request to
the intermediate node the intermediate nodes acknowledge with a principal and cre-
dential. Principal is general identity and credentials are the hidden identity. This will
be limited for a certain period of time. After the period the process will be renewed in
the same way. This is the main procedure for security enhancement.

Fig. 3. Shows the principal and credential sharing among consecutive nodes

To make one principal for whole the process and credential has to be changed at a
number of requests or a period of time. Here a node’s identity is taken as the princip-
al. The node’s identity may be a MAC address or IP address or any given name. For
the simplicity here it is proposed to have a given name. The name is alpha numeric.
The credential is generated through a function F (k). It is like the password. It is
374 M. HemaLatha, P. Padmanabham, and A. Govarhan

generated by the receiver node for the sender node. The principal is giving authentica-
tion and credential is giving authorization. These methods enhance the security to
another standard. Having a single principal and multiple credential authentications is
achieved through a number of steps.

Generation of Credentials. For the generation of the credentials this paper is giving
the below formula.

………………………… 6

Where F (k) = a randomly generated function , = function for randomly

generated number, Specific number details are given in the next phase.

Algorithm for Security Enhancement Phase

Step-1- start the procedure with a group of nodes.
Step-2- every node is creating its own id as principal.
Step-3- this principal is shared with the next receiver node.
Step-4- the nest receiver node provides the credentials.
Step-5- at every unit of transmission the principal and credential are same.
Step-6- end the procedure.

3.2.3 Location of Error Detection Phase

For the exact location of error present in the network, it is proposed a specific data
field should be carried in the data packet. The data packet carries all the intermediate
nodes. An acknowledgement will be sent in the same way that the way data is flowed.
Each intermediate node keeps a track of each node’s data processed. Each data packet
is having a summation field.

Fig. 4. Shows flow of data through nodes in linear media

Each node in the network is having a specific number. When the data packet is
moving through the network it is adding the numbers. at the time of the acknowled-
gement transmission the summation field will subtract the number.

Table 1. Shows data packet style in data packet

Source Destination Current Summation Intermediate
node’s value value nodes

As these two data packet and acknowledgement packet is flowing the same path, at
a specific node both values will be same. If the value is different the path has to veri-
fy. That’s the way we can get the data of failure correctly. We can get the exact loca-
tion of path failure. At this condition the quality parameters are verified.
 Network Quality Estimation − Error Protection and Fault Localization 375

Generating the Specific Number (SN). The specific number is generated as

SN rand 0.1 n……………………………………. 7

Where n is the any positive multiplicand of 10.

Summation Field (SF). At the time of transmission - The summation field is generat-
ed with the below formula

………………………………………………… 8

Where ‘i’ represents all the intermediate node’s number.

Summation field at the time acknowledgement-

……………………………………….. 9

Where = summation field till the next node. , SNn= specific number of the
current node.
Suppose a network is having five nodes a, b, c, d, e. The values of the nodes should
be 1, 2, 4, 8, 16. When a data is moving from a sender to receiver the value after the
first node is 1 and after b is 3, after c is 7, after d is 15, and after e is 31. When it will
return it will return like 31, 15, 7, 3 and 0. If it is at sender it is no acknowledged as
0, the sender sends a verification message to the network. Suppose the value is com-
ing negative. Then the data packet is passed through more nodes. If it is positive, but
not zero, it is missed some node in the path. After identifying the node we can just
add or subtract the effect of that particular node. So we can get the error free data.

Algorithm for Location of Error Detection Phase

Step-1- start the procedure with the sender as first or 0th position.
Step-2- every node having their unique ID.
Step-3- every nodes are generating their unique function as given equation.
Step-4- the summation field is generated as given in equation- .
Step-5- the data packet is generated as given in figure- .
Step-6- the summation field is generated reversely as given in equation-
Step-7- the error is detected as given in the above condition.

4 Simulation Result

4.1 Simulation Model and Parameters

The Network Simulator (NS2) [30], is used to simulate the proposed architecture. The
simulation settings and parameters are summarized in table.
376 M. HemaLatha, P. Paadmanabham, and A. Govarhan

Table 2.. Shows Simulation settings and parameters

No. off Nodes 60
Simulattion Time 50 sec
Trafficc Source Exponential and TCP
Packket Size 512
Sou urces 5
R
Rate 1,2,3,4 and 5Mb
Lam mbda 30.0
Mu value 33
Flows 1,2,3,4 and 5

4.2 Performance Metriics

The proposed Network Qu uality Estimation and Error Protection (NQEEP) is coom-
pared with the Trace Routee technique. The performance is evaluated mainly, accoord-
ing to the following metricss.
 Packet Delivery Ratio o: It is the ratio between the number of packets receiived
and the number of packkets sent.
 Packet Drop: It refers the average number of packets dropped during the traans-
mission
 Throughput: It is the number
n of packets received by the receiver.
 Delay: It is the amountt of time taken by the nodes to transmit the data packets.

4.3 Results
Case-1 (Exponential scena ario): Based on Rate. In our first experiment we vary the
data transmission rate as 1,2
2,3,4 and 5Mb.

Fig. 5. Rate Vs Delay

D Fig. 6. Rate Vs Delivery Ratio

Fig. 7. Rate Vs Drop

D Fig. 8. Rate Vs Throughput
 Network Quallity Estimation − Error Protection and Fault Localization 377

Figure 5 shows the delay of NQEEP and TraceRoute techniques for different rrate
scenario. We can conclude that the delay of our proposed NQEEP approach has 770%
of less than TraceRoute app
proach.
Figure 6 shows the deliv
very ratio of NQEEP and TraceRoute techniques for difffer-
ent rate scenario. We can conclude that the delivery ratio of our proposed NQE EEP
approach has 11% of higherr than TraceRoute approach.
Figure 7 shows the dropp of NQEEP and TraceRoute techniques for different rrate
scenario. We can conclude that the drop of our proposed NQEEP approach has 884%
of less than TraceRoute app
proach.
Figure 8 shows the throu
ughput of NQEEP and TraceRoute techniques for differrent
rate scenario. We can concllude that the throughput of our proposed NQEEP approoach
has 40% of higher than TraceRoute approach.

Case-2 (TCP scenario):Baased on Flows. In our second experiment we vary the tcp
flows as 1,2,3,4 and 5.

Fig. 9. Flows Vs Delay

D Fig. 10. Flows Vs Delivery Ratio

Fig. 11. Flows Vs Drop Fig. 12. Flows Vs Throughput

Figure 9 shows the delay

y of NQEEP and TraceRoute techniques for different floows
scenario. We can concludee that the delay of proposed NQEEP approach has 18% % of
less than TraceRoute approach.
Figure 10 shows the dellivery ratio of NQEEP and TraceRoute techniques for dif-
ferent flows scenario. Wee can conclude that the delivery ratio of our propoosed
NQEEP approach has 1% of o higher than TraceRoute approach.
Figure 11 shows the dropp of NQEEP and TraceRoute techniques for different floows
scenario. We can conclude that the drop of our proposed NQEEP approach has 227%
of less than TraceRoute app
proach.
378 M. HemaLatha, P. Padmanabham, and A. Govarhan

Figure 12 shows the throughput of NQEEP and TraceRoute techniques for differ-
ent flows scenario. We can conclude that the throughput of our proposed NQEEP
approach has 14% of higher than TraceRoute approach.

5 Conclusion

Here in the paper all the network quality will take in to consideration. So we are able
to provide a best networking data transfer method. Security is maintained through a
principal and credential, which is having life of short time stamp providing high secu-
rity in data transmission. The last phase is able to solve if there is any issue present in
the network.

References
1. Goldberg, S., Xiao, D., Barak, B., Rexford, J.: Measuring Path Quality in the Presence of
Adversaries: The Role of Cryptography in Network Accountability (2008)
2. Goldberg, S.: Towards Securing Inter domain Routing on the Internet (September 2009)
3. Martins, O.A.: Affecting IP Traceback with Recent Internet Topology Maps (2005)
4. Wendlandt, D., Avramopoulos, I., Andersen, D.G., Rexford, J.: Don’t Secure Routing Pro-
tocols, Secure Data Delivery, CMU-CS-06-154 (September 2006)
5. Avramopoulos, I., Kobayashi, H., Avramopoulos, I., Kobayashi, H., Krishnamurthy, A.:
Highly Secure and Efficient Routing. In: IEEE INFOCOM (2004)
6. Janic, M., Kuipers, F., Zhou, X., Van Mieghem, P.: Implications for QoS provisioning
based on traceroute Measurements. In: Stiller, B., Smirnow, M., Karsten, M., Reichl, P.
(eds.) QofIS/ICQT 2002. LNCS, vol. 2511, pp. 3–14. Springer, Heidelberg (2002)
7. Cisco, Small Business 300 Series Managed Switch Administration Guide Release 1.3
(2013)
8. Corin, R., Durente, A., Etalle, S., Hartel, P.: Using trace formulae for security protocol de-
sign (2001)
9. Cortier, V., Warinschi, B., Zălinescu, E.: Synthesizing secure protocols. In: Biskup, J.,
López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 406–421. Springer, Heidelberg
(2007)
10. Cortier, V., Warinschi, B.: Computationally Sound, Automated Proofs for Security Proto-
cols. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 157–171. Springer, Heidelberg
(2005)
11. Padmanabhan, V.N., Simon, D.R.: Secure Traceroute to Detect Faulty or Malicious
Routing, http://research.microsoft.com/crypto/dansimon/me.htm
12. Nordström, O., Dovrolis, C.: Beware of BGP Attacks (2005)
13. Goldberg, S., Xiao, D., Barak, B., Rexford, J.: Measuring Path Quality in the Presence of
Adversaries: The Role of Cryptography in Network Accountability (2008)
14. Claffy, K.: Border Gateway Protocol (BGP) and Traceroute Data Workshop Report. ACM
SIGCOMM Computer Communication Review 42(3) (July 2012)
15. Cortier, V., Warinschi, B., Zălinescu, E.: Synthesizing secure protocols, IST-2002-507932,
JC9005 (2008)
16. Aiello, L.C., Aiello, L.C.: Verifying Security Protocols as Planning in Logic Program-
ming. ACM Transactions on Computational Logic 2(4), 542–580 (2001)
 Network Quality Estimation − Error Protection and Fault Localization 379

17. Mızrak, A.T., Cheng, Y.-C., Marzullo, K., Savage, S.: Fatih: Detecting and Isolating Mali-
cious Routers (2005)
18. Zhang, X., Lan, C., Perrig, A.: Secure and Scalable Fault Localization under Dynamic
Traffic Patterns (2011)
19. Murali, G., Pranavi, M., Navateja, Y., Bhargavi, K.: Network Security Scanner. In: Prana-
vi, M., et al. (eds.) Int. J. Comp. Tech. Appl., IJCTA 2(6), 1800–1805 (November-
December 2011), http://www.ijcta.com
20. Garfinkel, S., Shelat, A.: A Study of Disk Sanitization Practices. IEEE Security and Priva-
cy (January-February 2003)
21. Daniels, T.E., Spafford, E.H.: Subliminal Trace route in TCP/IP. CERIAS Technical Re-
port 2000/10
22. Avramopoulos, I., Rexford, J.: Stealth Probing: Securing IP Routing through Data-Plane
Security (June 27, 2005)
23. Schmidt, B., Meier, S., Cremers, C., Basin, D.: Automated Analysis of Diffie-Hellman
Protocols and Advanced Security Properties (2009)
24. Martins, O.A.: Affecting IP Traceback with Recent Internet Topology Maps (2005)
25. Siamwalla, R., Sharma, R., Keshav, S.: Discovering Internet Topology. In: IEEE
INFOCOM 1999 (1999)
26. Lee, S., Wong, T., Kim, H.S.: Secure Split Assignment Trajectory Sampling: A Malicious
Router Detection System (2006)
27. Padmanabhan, V.N., Simon, D.R.: Secure Traceroute to Detect Faulty or Malicious
Routing, Microsoft Research,
http://www.research.microsoft.com/epadmanab/,
http://research.microsoft.com/crypto/dansimon/me.htm/
28. Goldberg, S., Xiao, D., Barak, B., Rexford, J.: A Cryptographic Study of Secure Internet
Measurement. Technical Report (March 5, 2007)
29. Goldberg, S., Xiao, D., Tromer, E., Barak, B., Rexford, J.: Path-Quality Monitoring in the
Presence of Adversaries (March 27, 2008)
30. Network simulator, http://www.isi.edu/nsnam/ns