1 highly secure and efficient routing ioannis avramopulos, hisashi kobayashi randolph wang arvind...

1

Highly Secure and Highly Secure and Efficient RoutingEfficient Routing

Ioannis Avramopulos, Hisashi Kobayashi Randolph Wang Ioannis Avramopulos, Hisashi Kobayashi Randolph Wang Arvind KrishamurthyArvind Krishamurthy Dept. of EE Dept. of CS Dept. of EE Dept. of CS Dept. of CS Dept. of CS Princeton University Princeton University Yale University Yale University

Presentation: Huan He

2

ContentsContents

The routing protocolThe routing protocolHow the protocol How the protocol defend adversarydefend adversary

SummarySummary

3

Network FailuresNetwork Failures

SimpleSimple one where some network component( one one where some network component( one

or more nodes) simply become inoperativeor more nodes) simply become inoperative

ByzantineByzantine In Byzantine failure, a component becomes In Byzantine failure, a component becomes

faulty and yet continues to faulty and yet continues to operate( incorrectly)operate( incorrectly)

4

The Routing Protocol The Routing Protocol

This routing protocol is a This routing protocol is a routing protocol with routing protocol with Byzantine robustnessByzantine robustness and and detectiondetection

5

The Routing protocolThe Routing protocol

Basic IdeaBasic Idea Specific mechanismsSpecific mechanisms

• AuthenticationAuthentication• Route SelectionRoute Selection• Reserved Buffers, Timeouts, Reserved Buffers, Timeouts,

and Sequence Numbersand Sequence Numbers

6

Some definitionSome definition What is a What is a faulty nodefaulty node?? --Does not follow the protocol --Does not follow the protocol --Can be impersonated by another --Can be impersonated by another

nodenode What is a What is a faulty linkfaulty link?? --Drops packet--Drops packet --Is incident to a faulty node--Is incident to a faulty node If a link is detected to be faulty, If a link is detected to be faulty,

one or more of following is true:one or more of following is true: --The upstream router is faulty--The upstream router is faulty --The link is faulty--The link is faulty --the downstream router is faulty--the downstream router is faulty

7



• AuthenticationAuthentication• Route SelectionRoute Selection• Reserved Buffers, Timeouts, Reserved Buffers, Timeouts,

and Sequence Numbersand Sequence Numbers

8

Basic Idea—Basic Idea—Packet Forwarding with Fault Packet Forwarding with Fault

DetectionDetection Source RoutingSource Routing Destination acknowledgementsDestination acknowledgements Timeouts( to receive ACK or FA Timeouts( to receive ACK or FA

from destination)from destination) Fault Announcements( FA)Fault Announcements( FA)

9

Basic Idea—Basic Idea—A Simple ExampleA Simple Example

S

D

3

M

2

4

6

1

××

Route(S,1,4,5,D)

5Route(S,3,M,6,D)

Route(S,2,M,6,D)×

×

10

Basic Idea—Basic Idea—MoreMore

We also need more following We also need more following mechanisms to provide Byzatine mechanisms to provide Byzatine robustnessrobustness

• Data and control packet authenticationData and control packet authentication• A-priori reserved buffersA-priori reserved buffers• Monotonically increasing non-wrapping Monotonically increasing non-wrapping

sequence numberssequence numbers• Round-robin scheduling of packet Round-robin scheduling of packet

transmissiontransmission• Calculation of appropriate time out valuesCalculation of appropriate time out values

11

Basic IdeaBasic Idea

None of the individual None of the individual mechanisms of the basic protocol mechanisms of the basic protocol described in here is novel, it is described in here is novel, it is the the combinationcombination of them that of them that delivers the desired robustness delivers the desired robustness and efficiencyand efficiency

12



• AuthenticationAuthentication• Reserved Buffers, Timeouts, Reserved Buffers, Timeouts,

and Sequence Numbersand Sequence Numbers• Route SelectionRoute Selection

13

AuthenticationAuthentication Authentication of Authentication of Data PacketsData Packets:: --Safeguards against modification --Safeguards against modification

--Ensures that allocated resources( namely, --Ensures that allocated resources( namely, reserved buffers)reserved buffers)

Authentication of Authentication of Control packetsControl packets:: --Prevents malicious nodes from forging ACKs and --Prevents malicious nodes from forging ACKs and

FAs on behalf of non- faulty nodesFAs on behalf of non- faulty nodes

Performance of Authentication Performance of Authentication mechanism is crucial:mechanism is crucial:

As authentication must be performed for each As authentication must be performed for each packet at each node and the speed of packet at each node and the speed of authentication may bound the effective link authentication may bound the effective link bandwidth.bandwidth.

14

AuthenticationAuthentication

Digital signatureDigital signature

--Most straightforward authentication --Most straightforward authentication mechanismmechanism

--Poor performance--Poor performance

15

AuthenticationAuthentication The The multicast authenticationmulticast authentication

construction of Canetti construction of Canetti MACMACdd=f(Key=f(Keysdsd) )

MAC( Message Authentication MAC( Message Authentication code)code)

Limitatione:Limitatione:

Vulnerable to an adversary that Vulnerable to an adversary that tampers with only a subset of tampers with only a subset of the authentication tags( when the authentication tags( when used to secure data packet used to secure data packet forwarding)forwarding)

16

AuthenticationAuthentication TeslaTesla --A --A broadcast authenticationbroadcast authentication protocol protocol

that relies on loose clock that relies on loose clock synchronization and delayed key synchronization and delayed key disclosuredisclosure

--limitations:--limitations: 1.Delayed authentication is 1.Delayed authentication is

vulnerable to a DoS attackvulnerable to a DoS attack 2.Nodes will have no recent enough 2.Nodes will have no recent enough

Tesla keys to efficiently authenticate Tesla keys to efficiently authenticate newly released keys when two nodes newly released keys when two nodes not communicated securely for a not communicated securely for a substantial period of time (For Tesla substantial period of time (For Tesla keys is periodic flooding )keys is periodic flooding )

17


MACs based on pairwise secret MACs based on pairwise secret keyskeys Given a path <s,…,nGiven a path <s,…,ni i , n, ni+1 i+1 …,t>, the …,t>, the

computation of the MAC for node n computation of the MAC for node ni i

receives as input both the message receives as input both the message and the MACs for nodes nand the MACs for nodes ni+1i+1,…,t ,…,t MACs are therefore computed MACs are therefore computed sequentially from destination to the sequentially from destination to the first intermediate node.first intermediate node.

18

AuthenticationAuthentication MACs based on MACs based on pairwise secretpairwise secret keys keys

S N1 N2 N3 T

S N1 N2 N3 T

MACST=F [ KeyST, PKTST ]

MACSN3=F [ KeySN3, MACST, PKTSN3 ]

19


MACs based on pairwise secret MACs based on pairwise secret keyskeys

--Prevent malicious router trigger an --Prevent malicious router trigger an FA for a non-faulty linkFA for a non-faulty link

--Performance is good--Performance is good

For 1500B packets, the upper bound on link For 1500B packets, the upper bound on link bandwidth is 50Mbps using this bandwidth is 50Mbps using this authentication, while the bound on link authentication, while the bound on link bandwidth becomes less than 2Mbps using bandwidth becomes less than 2Mbps using digital signature.digital signature.

20


MACs based on pairwise secret MACs based on pairwise secret keyskeys The same structure is used for data The same structure is used for data

packets, ACKs, and FAs.packets, ACKs, and FAs.

If this structure is used for ACKs If this structure is used for ACKs and FAs, then it gives the adversary and FAs, then it gives the adversary the advantage to discredit link in the the advantage to discredit link in the path between the source and the path between the source and the adversarial routeradversarial router

？？

21

The Routing ProtocolThe Routing Protocol




22

Reserved Buffers, Timeouts, Reserved Buffers, Timeouts, and sequence Numbersand sequence Numbers

Problem:Problem: Routers may drop packets due to Routers may drop packets due to

congestioncongestion Malicious nodes can incur congestion by Malicious nodes can incur congestion by

overwhelming the network with their own overwhelming the network with their own packets, so it is desirable to be able to packets, so it is desirable to be able to deliver packets despite the presence of such deliver packets despite the presence of such malicious sourcesmalicious sources

For congestion is not inherently a network For congestion is not inherently a network fault, it is desirable to be able to disassociate fault, it is desirable to be able to disassociate fault announcements with congestion, fault announcements with congestion,

23

Reserved Buffers, Timeouts, Reserved Buffers, Timeouts, and Sequence Numbersand Sequence Numbers

Solution: Solution: Priori Buffer reservationPriori Buffer reservation --Ensure that packets are never dropped because of --Ensure that packets are never dropped because of

congestioncongestion Round-Robin schedulingRound-Robin scheduling --Minimize the “interference” between sources--Minimize the “interference” between sources Timeouts equal to the worst case RTT to the Timeouts equal to the worst case RTT to the

destination destination --Attempt to ensure that FAs are not triggered --Attempt to ensure that FAs are not triggered

because of congestionbecause of congestion Sequence Number and limitation WindowSequence Number and limitation Window --Detecting and dropping illegitimate packets that are --Detecting and dropping illegitimate packets that are

due to either replays or faulty sourcesdue to either replays or faulty sources Fault announcements should only be relevant Fault announcements should only be relevant

to the source of the packet that triggered the to the source of the packet that triggered the announcementannouncement

24

The Routing ProtocolThe Routing Protocol




25

Route SelectionRoute Selection

Shortest path algorithmShortest path algorithm Route Selection Utilizes:Route Selection Utilizes:

A topological mapA topological map Fault announcementsFault announcements Buffer# available to this source at Buffer# available to this source at

each linkeach link Link bandwidthLink bandwidth Prefix spansPrefix spans

26


Specifically:Specifically: The links corresponding to valid The links corresponding to valid

fault announcements are deleted fault announcements are deleted from the topological map of the from the topological map of the saucesauce

Links that lack available buffers for Links that lack available buffers for this source due to currently this source due to currently outstanding packets are temporarily outstanding packets are temporarily deleted from topological mapdeleted from topological map

27

Route SelectionRoute Selection Prefix Spans:Prefix Spans:

The use of Prefix Spans is clearly The use of Prefix Spans is clearly desirable for maximizing the throughput desirable for maximizing the throughput of packets sent through a linkof packets sent through a link

Trade-off is it prevents certain link from Trade-off is it prevents certain link from being used by sources that are far away being used by sources that are far away from the link, thereby reducing the from the link, thereby reducing the number of usable paths in the system.number of usable paths in the system.

Path Length

Number Of

Usable pathsPrefix Spans

Bandwidth

28


Shortest path algorithmShortest path algorithm Based on the Bellman-Ford shortest Based on the Bellman-Ford shortest

path algorithm that calculates shortest path algorithm that calculates shortest paths in a network where the links have paths in a network where the links have different bandwidths and prefix spans.different bandwidths and prefix spans.

The complexity of the algorithm is O(H*|The complexity of the algorithm is O(H*|E|) given G(V,E)E|) given G(V,E)

H=maximum prefix span over all H=maximum prefix span over all edgesedges

29

ContentsContents

The routing protocolThe routing protocolHow the protocol How the protocol defend adversarydefend adversary

SummarySummary

30

AdversaryAdversary

The protocol is designed to The protocol is designed to withstand adversary attack so that withstand adversary attack so that it can continue to deliver packets as it can continue to deliver packets as long as a none faulty path exists.long as a none faulty path exists.

31

AdversaryAdversary Adversary can create spurious Adversary can create spurious

unauthenticated trafficunauthenticated traffic try to block try to block authenticated traffic at non-faulty authenticated traffic at non-faulty routersrouters

This protocol require authentication This protocol require authentication to work at line speedto work at line speed

Adversary can create spurious authenticated Adversary can create spurious authenticated traffic, try to block authenticated traffic from traffic, try to block authenticated traffic from non-faulty sources at non-faulty routersnon-faulty sources at non-faulty routers

Non-faulty sources are ensure buffers and Non-faulty sources are ensure buffers and link bandwidthlink bandwidth

32

AdversaryAdversary Adversary can replay authenticated traffic Adversary can replay authenticated traffic

that has originated from other non-faulty that has originated from other non-faulty sources, try to pending authenticated sources, try to pending authenticated traffic from non-faulty sourcestraffic from non-faulty sources

The authenticated traffic from non-faulty The authenticated traffic from non-faulty sources carries sequence numbers that sources carries sequence numbers that are larger than those of replayed traffic are larger than those of replayed traffic and priority is given to packets with and priority is given to packets with larger sequence numberlarger sequence number

Adversary can mis-route packetsAdversary can mis-route packets Mis-routed packets are dropped at the Mis-routed packets are dropped at the

next non-faulty router, if the router does next non-faulty router, if the router does not appear in the source-specified pathnot appear in the source-specified path

33

AdversaryAdversary Adversary can modify packetsAdversary can modify packets Modifying the content protected by Modifying the content protected by

the authentication tag is equivalent to the authentication tag is equivalent to dropping the corresponding packet.dropping the corresponding packet.

Modifying the MACs of upstream Modifying the MACs of upstream routers has no effect, since those routers has no effect, since those MACs are not further utilized.MACs are not further utilized.

Modifying the MACs of downstream Modifying the MACs of downstream routers is equivalent to dropping the routers is equivalent to dropping the corresponding packet.corresponding packet.

？

34

AdversaryAdversary Adversary can drop packetsAdversary can drop packets Timeout at intermediate nodes Timeout at intermediate nodes

pinpoint the location of faults.pinpoint the location of faults. This implies the protocol’s Byzantine This implies the protocol’s Byzantine

robustness, is argued by the following robustness, is argued by the following theorem: a packet transmission from theorem: a packet transmission from a non-faulty source will resulty in a non-faulty source will resulty in either the reception of a destination either the reception of a destination acknowledgement or the deletion of a acknowledgement or the deletion of a faulty link at the deletion of a faulty faulty link at the deletion of a faulty link at the source’s topological maplink at the source’s topological map

35

ContentsContents

Our routing protocolOur routing protocolHow the protocol How the protocol defend adversarydefend adversary

SummarySummary

36

SummarySummary

The protocol can be seen as a The protocol can be seen as a combination combination of several of several components. While none of these components. While none of these is novel by itself, it is the is novel by itself, it is the integration of them that is integration of them that is crucial for the correctness and crucial for the correctness and efficiency of the protocolefficiency of the protocol

37

SummarySummary

These components are :These components are : Source routingSource routing Destination acknowledgementsDestination acknowledgements TimeoutsTimeouts Fault announcementsFault announcements AuthenticationAuthentication Reserved Buffer Reserved Buffer Sequence NumbersSequence Numbers Round-Robin schedulingRound-Robin scheduling

38

Thank You!Thank You!

1 highly secure and efficient routing ioannis avramopulos, hisashi kobayashi randolph wang arvind...

Documents