efficient over-provisioning of network systems and services: principles and practices
Post on 31-Dec-2015
25 Views
Preview:
DESCRIPTION
TRANSCRIPT
04/19/23 The Ohio State University 1
Efficient Over-Provisioning of Network Systems and Services:
Principles and Practices
Dong Xuan
Department of Computer Science and EngineeringThe Ohio-State University
http://www.cse.ohio-state.edu/~xuan
04/19/23 The Ohio State University 2
What is Over-Provisioning?
Resources are allocated conservatively, depending on expected demands
Examples: replicated content, replicated servers, allocating more bandwidth, multi-path routing etc.
04/19/23 The Ohio State University 3
Outline
Objective Principles Practices in Overlay Networks Practices in Sensor Networks Final Remarks
04/19/23 The Ohio State University 4
Objective
Providing high performance, reliability and security to network systems and services
04/19/23 The Ohio State University 5
Challenges and Opportunities
Challenges: Traffic amount Dynamics of traffic pattern Malicious and non-conforming participants
Opportunities: Resources, such as bandwidth, storage,
processing power are no longer the bottlenecks that used to be so in the past
04/19/23 The Ohio State University 6
Why Over-Provisioning?
Enable uninterrupted services Reaction under extreme operating
conditions are milder if not eliminated Maintenance and corresponding
dynamics are easier if done properly System update is easier
04/19/23 The Ohio State University 7
However……
Over provisioning is not always good Over provisioning also comes at the
price of increased maintenance Resource come at a price, they are not
free Resource availability is unbalanced
04/19/23 The Ohio State University 8
What We Want to Do?
Study the principles of over provisioning
Practices in a wide spectrum of network systems and services
04/19/23 The Ohio State University 9
Related Work
Bandwidth over-provisioning by ISPs (Internet Service Providers)
Data backup for fault tolerant services Over-deployment in sensor networks
04/19/23 The Ohio State University 10
Principles A case study – bandwidth over provisioning in networks
Currently it is conducted in an ad hoc manner by ISPs QOP: Quantitative Over Provisioning
Our work on Transaction on Networking 04 [1] and RTSS 01 [2]
04/19/23 The Ohio State University 11
Further Study on Over Provisioning Principles
System resources System nodes Connectivity Network Paths Data content, energy and storage
Dynamics due to failures and attacks
04/19/23 The Ohio State University 12
Practical Applications of Over-Provisioning
Overlay Networks
Sensor Networks
04/19/23 The Ohio State University 13
Practices in Overlay Networks
Secure Overlay Forwarding Systems
Resilient Structured Peer to Peer Systems
QoS aware and Reliable Overlay Multicast and Anycast Services
04/19/23 The Ohio State University 14
Overlay Networks
04/19/23 The Ohio State University 15
Secure Overlay Forwarding Systems
It is an intermediate forwarding overlay system to defend against DDoS attacks
Layering: Each node only knows the next layer nodes
Access to target controlled by a set of filters Target is known only to filters
04/19/23 The Ohio State University 16
Design Features
The number of layers: 3 layers of hierarchy between sources and a target
Mapping degree: Number of next layer neighbors
Node density: Number of nodes per layer
Under random congestion attacks, path availabilities are high if mapping degree is high
04/19/23 The Ohio State University 17
The Generalized Secure Overlay Forwarding System
We have generalized the system in ICDCS 04 [8] Design features are flexible
04/19/23 The Ohio State University 18
Intelligent DDoS Attacks Combination of Congestion-based
attacks and break-in based attacks Congestion attacks result in node being
non-functional for the duration of the attack
Successful break-in attacks result in disclosure of next layer neighbors
04/19/23 The Ohio State University 19
System Performance Observation
Over Provisioning is not always good Care should be exercised
04/19/23 The Ohio State University 20
Resilient Structured P2P Systems
Structured P2P systems Distributed Hash Table (DHT) based Node ID and data ID match together CAN, CHORD, PASTRY and TAPSTRY
These systems are not resilient to malicious attacks !
Our solutions: Over provisioning in neighbor connectivity RCHORD [4] and CAN-SW [3]
04/19/23 The Ohio State University 21
Unicast, multicast and anycast
Network layer multicast and anycast We have proposed an efficient fault-tolerant multicast
routing protocol in TPDS 99 [5] (38) We have proposed a routing protocol for anycast
messages in TPDS 00 [6], 04 [7] (38, 39) Overlay multicast and anycast
Multiple path over provisioning based approaches
QoS Aware Overlay Multicast and Anycast
04/19/23 The Ohio State University 22
Practices in Sensor Networks
Sensor network deployment using limited mobility sensors
Defending against Physical Attacks
04/19/23 The Ohio State University 23
Sensor Networks
A new paradigm of networking A lot of applications like tracking intruders, monitoring
animals, forest fires, and warehouse monitoring Cheap, easy to deploy, but limited in energy
MTS 310 CA sensor A simple sensor network
Base station
04/19/23 The Ohio State University 24
Sensor Networks Deployment using Limited Mobility Sensors
Sensor network deployment
Issues Sensors may be damaged Sensor may be out of energy Manual redeployment is hard
Solutions Over-provision sensor nodes Exploit sensor mobility
1
5 6
3 42
7 8
9 10 11 12
13 14 15 16 2D-grid
04/19/23 The Ohio State University 25
Limited Mobile Sensors
Mobility in sensors is an energy consuming operation
XYZ sensor platform can move up to 165 m DARPA has already built limited mobility
sensors, whose maximum movement is 100 hops
Resource of sensor nodes are redundant but their mobility is limited
04/19/23 The Ohio State University 26
Our Deployment Problem
Problem definition Given 2-D grid sensor network model, determine a movement
plan for the sensors to minimize variance in number of sensors among all regions from and simultaneously minimize the required number of movements
Variance =
No. of movement hops =
04/19/23 The Ohio State University 27
An Example
Sensor Network with 16 regions and =2
A simple, purely localized solution Regions 14, 15 and 16 have less than 2 sensors
(b)
(a)
1
5 6
3 42
7 8
9 10 11 12
13 14 15 16
6
0
0 0 4
0
4 2
0
4 0 2
0 2
2 6
2
22
2
1
2 2
1
1
5 6
3 42
7 8
9 10 11 12
13 14 15 16
4
3
2 2 2
1
2 2
2
2 1 1
2 2
2 2
1
04/19/23 The Ohio State University 28
Discussions on Our Deployment Problem
Each region has sensors, which is over-provisioned to provide reliable services
It is a non-linear optimal problem. However, when = 1, the problem is changed to a linear one [10]
The problem is harder due to over-provisioning
04/19/23 The Ohio State University 29
Our Solutions We proposed two classes of solutions
Max-flow based solutions Translate non linear variance problem into linear weight assignment problem Translate sensor network into a graph structure and determine minimum cost
maximum weighted flow plan It is optimal if run in a centralized manner Can also execute in a distributed manner
Simple Peak-Pit solution Pits request sensors from peaks. Requests contain weights depending on sensors needed Requests are served in descending order of weights Performance is good under favorable deployment conditions
04/19/23 The Ohio State University 30
Defending against Physical Attacks in Sensor Networks
Physical attacks: destroy sensors physically Physical attacks are inevitable in sensor networks
Sensor network applications that operate in hostile environments Volcanic monitoring Battlefield applications
Small form factor of sensors Unattended and distributed nature of deployment
Different from other types of electronic attacks Can be fatal to sensor networks Simple to launch
Defending physical attacks Tampering-resistant packaging helps, but not enough We adopt sensor node over-provisioning approach
04/19/23 The Ohio State University 31
Blind Physical Attacks
04/19/23 The Ohio State University 32
Search-Based Physical Attacks
04/19/23 The Ohio State University 33
The Impacts of Physical Attacks
Lifetime Vs. Attack arrival rate
0
2
4
6
8
10
0.0001 0.001 0.01 0.1λ (attacks/second)
T (days)
A = 20m,nf = 50
A = 20m,nf = 100
A = 20m,nf = 200
A = 20m,nf = 300
A = 20m,nf = 400
A = 20m,nf = 500
A = 20m,nf = 600
04/19/23 The Ohio State University 34
Defense Strategies
Over-provisioning sensor nodes Deploying more sensors to compensate the
damage of blind attacks [9] Using sacrificial node to compensate the
weakness of sensors in sensing capacity compared with the attacker [11]
04/19/23 The Ohio State University 35
Final Remarks
The principles of Over Provisioning QOP: Quantitative Over Provisioning on network
resources Practices of Over Provisioning in
Overlay Networks Secure Overlay Forwarding Systems – Layers and
Connectivity Resilient Structure P2P systems – Neighbor connectivity QoS aware Overlay multicast and anycast – Path
Sensor networks Reliable sensor network – limited mobility sensor nodes Resilience to Physical attacks – node and structure
04/19/23 The Ohio State University 36
References1. S. Wang, Dong Xuan, R. Bettati and W. Zhao, “Providing Absolute Differentiated Services for Real-Time
Applications in Static-Priority Scheduling Networks”, in IEEE/ACM Transactions on Networking (ToN), Vol 12, No. 2, April 2004.
2. S. Wang, Dong Xuan, R. Bettati and W. Zhao, “Differentiated Services with Statistical Real-Time Guarantees in Static-Priority Scheduling Networks”, in Proc. of IEEE RTSS, 2001.
3. S. Wang, Dong Xuan and W. Zhao, “On Resilience of Structured Peer-to-Peer Systems”, in Proc. of IEEE GLOBECOM, Dec. 2003.
4. Dong Xuan, S. Chellappan and M. Krishnamoorthy, “RChord: An Enhanced Chord System Resilient to Routing Attacks”, in Proc. of IEEE ICCNMC, Oct. 2003.
5. W. Jia, W. Zhao, Dong Xuan, and G. Xu, “An Efficient Fault-Tolerant Multicast Routing Protocol with Core-Based Tree Techniques”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol. 10, No. 10, Oct. 1999.
6. Dong Xuan, W. Jia, W. Zhao, and H. Zhu, “A Routing Protocol for Anycast Messages”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol. 11, No. 6, June 2000.
7. W. Jia, Dong Xuan, W. Tu, L. Lin and W. Zhao, “Distributed Admission Control for Anycast Flows”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol 15, No. 8, August 2004.
8. Dong Xuan, S. Chellappan, X. Wang and S. Wang, ”Analyzing the Secure Overlay Services Architecture under Intelligent DDoS Attacks”, in Proc. of IEEE International Conference on Distributed Computing Systems (ICDCS), March 2004.
9. Xun Wang, Wenjun Gu, Sriram Chellappan, Kurt Schosek, Dong Xuan, “Lifetime Optimization of Sensor Networks under Physical Attacks ”, IEEE ICC 2005.
10. S. Chellappan, X. Bai, B. Ma and Dong Xuan, Mobility Limited Flip-based Sensor Network Deployment, accepted by IEEE Transactions on Parallel and Distributed Systems (TPDS), Oct. 2005.
11. W. Gu, X. Wang, S. Chellappan, Dong Xuan and Ten H. Lai, Defending against Search-based Physical Attacks in Sensor Networks, to appear in Proc. of IEEE MASS, Nov. 2005
top related