distributed algorithms for secure multipath routing

25
Distributed Algorithms for Distributed Algorithms for Secure Multipath Routing Secure Multipath Routing Patrick P. C. Lee, Vishal Misra, Dan Rubenstein Distributed Network Analysis (DNA) Lab, Columbia University March 17, 2005

Upload: cassandra-brady

Post on 31-Dec-2015

52 views

Category:

Documents


0 download

DESCRIPTION

Distributed Algorithms for Secure Multipath Routing. Patrick P. C. Lee, Vishal Misra, Dan Rubenstein Distributed Network Analysis (DNA) Lab, Columbia University March 17, 2005. Outline. Motivation: Why do we use multipath routing to achieve security? Security objectives - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Distributed Algorithms for Secure Multipath Routing

Distributed Algorithms for Distributed Algorithms for Secure Multipath RoutingSecure Multipath Routing

Patrick P. C. Lee, Vishal Misra, Dan Rubenstein

Distributed Network Analysis (DNA) Lab,Columbia University

March 17, 2005

Page 2: Distributed Algorithms for Secure Multipath Routing

OutlineOutline

Motivation: Why do we use multipath routing to

achieve security?

Security objectives

Distributed algorithms: Bound-Control algorithm Lex-Control algorithm

Simulation results

Page 3: Distributed Algorithms for Secure Multipath Routing

MotivationMotivation

Problem of single-path routing:

sourcesink

An attack/failure shuts down the entire session.

Page 4: Distributed Algorithms for Secure Multipath Routing

MotivationMotivation

Protection with multipath routing:

sourcesink

An attack/failure causes less damage.

Page 5: Distributed Algorithms for Secure Multipath Routing

GoalsGoals Determine the multipath routes that achieve

the “best” security: Minimize the worst-case data loss with/without

bandwidth constraints Minimize “severe” data loss with/without

bandwidth constraints based on lexicographic optimization

Implement a distributed solution: No need to know the global network topology Allow nodes to locally decide link costs Suitable for independently administered networks

(e.g., RON)

Page 6: Distributed Algorithms for Secure Multipath Routing

Previous WorkPrevious Work

Lexicographic optimization: Minimize a non-increasing link-cost sequence a = (a1, a2, …, an) Find a*, where a* = (a1

*, a2*, …, an

*) ≤ a = (a1, a2, …, an) for every link-cost sequence a

Georgiadis et al.’s solution [ToN ’02]: Recursively solve minimax problems on subgraphs Limitations:

Centralized solution Does not consider varied bandwidth constraints

Page 7: Distributed Algorithms for Secure Multipath Routing

Our WorkOur Work Develop two distributed algorithms Bound-

Control and Lex-Control: Support fixed-rate model and maximal-rate model

Fixed rate: a data session sends data at a fixed rate Maximal rate: a data session sends data at the maximal

rate across all network links (i.e., equiv. to min-cut) Suitable for overlay networks and ad hoc

networks

Prove their optimality in response to single-link attacks.

Evaluate the algorithms via simulations in response to single-link and multi-link attacks.

Page 8: Distributed Algorithms for Secure Multipath Routing

Model AssumptionsModel Assumptions

Static network topology

Single source-sink pair Easily generalized to networks with

multiple customers/providers

Infrequent link attacks/failures Optimize solutions for single-link attacks Evaluate performance for both single-link

and multi-link attacks

Page 9: Distributed Algorithms for Secure Multipath Routing

How to Quantify the Cost How to Quantify the Cost of a Single-link Attack?of a Single-link Attack?

Attack cost of link l: al = xl * cl

xl – proportion of session data allocated to link l

cl - security constant Measure the vulnerability of link l to an attack Possible physical interpretations:

Attack success probability Proportion of xl lost during an attack

In practice, security constants can be obtained from security monitoring systems or statistical measurements

Page 10: Distributed Algorithms for Secure Multipath Routing

Example of Setting Example of Setting Security ConstantsSecurity Constants

In subsequent discussion of objectives, assume cl = 1 for all links, i.e., attack cost = data loss.

Wireless link

Wired link

More vulnerable to attacks (e.g., cl =

0.9)

Less vulnerable to attacks (e.g., cl =

0.1)

source sink

Page 11: Distributed Algorithms for Secure Multipath Routing

Objective 1Objective 1

Minimize the worst-case data loss under the single-link attack

sink

5

5

5

5

source

5

5Fixed data rate10Mb/s

One possible data allocation.

Page 12: Distributed Algorithms for Secure Multipath Routing

Objective 1Objective 1

sink

55

5

5source

5

5

Another possible data allocation.

Fixed data rate10Mb/s

Page 13: Distributed Algorithms for Secure Multipath Routing

Objective 1Objective 1

Worst-case data loss cannot be less than 50%

sink

5

5

5

5source

5

5

Another possible data allocation.

Fixed data rate10Mb/s

Page 14: Distributed Algorithms for Secure Multipath Routing

Objective 2Objective 2

Minimize the worst-case data loss subject to bandwidth constraints

sink

6

6

4

4

source

4

6

Bandwidth-limited link(Only 4Mb/s allowed)

Fixed data rate10Mb/s

Page 15: Distributed Algorithms for Secure Multipath Routing

sink

6

6

4

4

source

4

6

2

sink

3

3

2

source

4

6

22

33

Objective Objective 33

Minimize the ith worst-case data loss subject to bandwidth constraints, given already minimized attack costs for the worst-case, 2nd worst-case,…, (i-1)th worst-case.

Lexicographic Optimization

(6, 6, 6, 4, 4, 4, 0, 0, 0, 0)

(6, 4, 3, 3, 3, 3, 2, 2, 2, 2)

Bandwidth-limited link(Only 4Mbs allowed)

Fixed data rate10Mb/s

Page 16: Distributed Algorithms for Secure Multipath Routing

Solving Objective 1: Preflow-Solving Objective 1: Preflow-PushPush Map minimax problem to max-flow problem

Preflow-push algorithm [Goldberg & Tarjan, 89]: Nodes find the maximum flow from source to sink

in a distributed fashion.

Basic idea of solving Objective 1 [Ahuja, 86]: Each node sets capacity constraints of its

outgoing links: cap(l) = 1/cl. Nodes solve max-flow problem under capacity

constraints in a distributed fashion. Each node allocates data for its outgoing links:

(link flow) / (max flow).

Page 17: Distributed Algorithms for Secure Multipath Routing

Solving Objective 2: Bound-Solving Objective 2: Bound-ControlControl

Bandwidth constraint: fraction bound bl bl = (bandwidth of link l) / (session data rate)

Capacity constraint: cap(l) = min(1/cl, bl*f) f = flow reaching the sink Upper bound in max-flow problem

Basic idea of solving Objective 2: Repeat

Distributed execution of Preflow-Push Each node adjusts capacity constraints for its outgoing

links Until capacity constraints satisfied

Page 18: Distributed Algorithms for Secure Multipath Routing

Solving Objective 3: Lex-Solving Objective 3: Lex-ControlControl

Basic idea – solve lexicographic optimization: Repeat

Distributed execution of Bound-Control Each node identifies critical links

among its outgoing links Until all critical links spotted

Critical Links Links whose data allocation has to be fixed to

preserve the optimal attack cost

In practice, Lex-Control provides the necessary resilience in 3 or 4 lexicographic iterations.

Lexicographiciteration

Page 19: Distributed Algorithms for Secure Multipath Routing

Lex-Control algorithm

Bound-Control algorithm

Recap of AlgorithmsRecap of Algorithms

Preflow-Push algorithm

Hierarchical solution to the three security objectives

Page 20: Distributed Algorithms for Secure Multipath Routing

Experimental SetupExperimental Setup

Consider three random networks generated by BRITE: 200 nodes, 600 links 200 nodes, 800 links 200 nodes, 1000 links

Randomly assign security constants (0 to 1) and bandwidths (1 to 5 Mb/s) for all links

Metrics: Attack cost Number of executions of Preflow-push Routing overhead

Page 21: Distributed Algorithms for Secure Multipath Routing

Experiment 1 – Bound-Experiment 1 – Bound-ControlControl

Minimized worst-case attack cost vs. different session throughputs

Page 22: Distributed Algorithms for Secure Multipath Routing

Experiment 1 – Bound-Experiment 1 – Bound-ControlControl

Single shortest path approach

Network setting Attack cost

200 nodes, 600 links 0.73

200 nodes, 800 links 0.72

200 nodes, 1000 links 0.78

Bound-Control (for maximal-rate model)

Network setting Attack cost

200 nodes, 600 links 0.34

200 nodes, 800 links 0.19

200 nodes, 1000 links 0.16

Bound-Control reduces the worst-case attack cost by 50-70%.

Page 23: Distributed Algorithms for Secure Multipath Routing

Experiment 2 – Lex-Experiment 2 – Lex-ControlControl

Number of links with severe attack cost vs. number of lexicographic iterations.

Attack cost is severe if it’s at least 25% of the worst-case attack cost.

E.g., for the attack-cost sequence (1, 0.5, 0.25, 0.1, 0.1), number of links with severe attack cost is 3.

Page 24: Distributed Algorithms for Secure Multipath Routing

Summary of Summary of ExperimentsExperiments

Bound-Control vs. Single-Path Routing: Reduce the worst-case attack cost by 50-70%

Lex-Control vs. Bound-Control Reduce # of links with severe attack costs by

~50% Reduce aggregate attack cost in multi-link

attacks: by ~40% in the uniform 50-link attack by ~23% in the proportional 5-link attack by ~12% in the worst-case 5-link attack

3 or 4 lexicographic iterations are enough

Page 25: Distributed Algorithms for Secure Multipath Routing

ConclusionsConclusions

In this talk: Proposed two distributed algorithms

Bound-Control and Lex-Control that optimize respective security objectives.

Illustrated performance of Bound-Control and Lex-Control via simulation analysis.

More details in the paper: Optimality proof Simulation results for multi-link attacks