ECE 683 Computer Network Design

About This Presentation

Title:

ECE 683 Computer Network Design

Description:

Public Key Infrastructure ... bind a subject to a public key. ... Bump In The Stack (BITS) Link. Security. Network. App2. Link. Network. Link. Network. Link ... – PowerPoint PPT presentation

Number of Views:1111

Avg rating:3.0/5.0

Slides: 161

Provided by: david341

Category:

more less

Transcript and Presenter's Notes

Title: ECE 683 Computer Network Design

1
ECE 683Computer Network Design Analysis

Note 12 Review of Advanced Network Techniques
and Attacks

2
Future Internet
Future Internet
3
Roadmap

Public Key Infrastructure (PKI)
Security and network layers
Sample attacks on the Internet
Distributed Denial-of-Service Attacks (DDoS)
Spyware
Spam
Worm
Emerging networks
Peer-to-Peer (P2P) networks
WLANs
Mobile ad hoc networks (MANETs)
Wireless sensor networks (WSNs)
Wireless mesh networks (WMNs)
Vehicular networks
RFID networks

4
Public Key Infrastructure

Mutual authentication of participants in a
transaction requires a system of identities
Principals are identified by public keys
These keys can be used for authentication, but
only if spoofing is prevented
A Public Key Infrastructure (PKI) provides a
basis for establishing trust

5
PKI Systems

Three Philosophies
Hierarchy
ITU X.509 (DAP, PKIX)
DNS
Web of Trust
PGP
Ad hoc
SSH
Most research studies

6
X.509 Certificates
X.509 certificates bind a subject to a public
key. This binding is signed by a Certificate
Authority (CA).
Subject Name
Subject Public Key
CA Name
CA Signature
7
Chaining
8
Certificate Management

Distribution How to find a certificate
Certificate accompanying signature or as part of
a protocol
Directory service
DAP
LDAP
DNS
Email
Cut and paste from web pages

Revocation Terminate certificates before their
expiration time.
How does the relying party know that the
certificate has been revoked?
Many CRL distribution strategies proposed
Mitre report for NIST suggests certificate
revocation will be the largest maintenance cost
for PKIs

9
Adoption of PKI

Problems
Revocation
User ability to deal with keys
Registration (challenge for all authentication
techniques)
Weak business model

Areas of Progress
SSL
Authenticode
SSH
Smart cards for government employees
Web services

10
Challenges for Network Security

Sharing
Complexity
Scale
Unknown perimeter
Anonymity
Unknown paths

11
Internet Layers

Physical
Link
Network
Transport
Application

12
Security at Layers

Physical
Locked doors
Spread spectrum
Tempest
Link
WEP
GSM
Network
Firewalls
IPSec

Transport
SSL and TLS
Application
S/MIME
XMLDSIG and WS security
Access control systems for web pages, databases,
and file systems

13
Network Layer Security
HTTP
FTP
SMTP
TCP
IP/IPSec
14
Transport Layer Security
HTTP
FTP
SMTP
SSL or TLS
TCP
IP
15
Application Layer Security
PGP
SET
S/MIME
SMTP
HTTP
Kerberos
TCP
UDP
IP
16
Division of Labor in the Internet
Hosts
Routers
Networks
17
TCP/IP Protocol Stack
Host
Host
Router
Router
Application
Application
Transport
Transport
Network
Network
Network
Network
Link
Link
Link
Link
Physical
Physical
Physical
Physical
18
Communication Processing Flow
App2
App1
App2
App1
Transport
Transport
Network
Network
Network
Network
Link
Link
Link
Link
Link
Link
Physical
Physical
Phys
Phys
Phys
Phys
19
Typical Patchwork
App2
App1
App2
App1
Transport
Transport
Network
Network
Network
Network
Link
Link
Link
Link
Link
Link
Physical
Physical
Phys
Phys
Phys
Phys
20
SOHO to Enterprise Example
Home
Internet
Office
C
AP
VPN
S
Three levels of Authentication and Encryption!
21
Physical Layer Protection Issues

Hide signal
Spread spectrum
Emission security
Radio emissions (Tempest)
Power emissions

22
Encapsulation
Link Layer Frame
Link
Link
IP
TCP
Application
Network Layer Header
Transport Layer Header
Application Layer Payload
23
One Hop Link Layer Encryption
Host
Host
Router
Router
Application
Application
Transport
Transport
Network
Network
Network
Network
Link
Link
Link
Link
Link
Link
24
Link Layer Encryption
Encrypted
Link
Link
IP
TCP
Application
25
End-to-End Network Security
Host
Host
Router
Router
Application
Application
Transport
Transport
Network
Network
Network
Network
Link
Link
Link
Link
26
Network Layer Transport Mode
Link
Link
IP
TCP
Application
Encrypted
Link
Link
IP
TCP
Application
Hdr
Tlr
27
VPN Gateway
Host
Host
Router
Router
Application
Application
Transport
Transport
Network
Network
Network
Network
Link
Link
Link
Link
28
Network Layer Tunnel Mode
Link
Link
IP
TCP
Application
Encrypted
Link
Link
New IP
TCP
Application
Hdr
IP
Tlr
29
Layer 3 Implementation Options

Location
Host
Network
Style
Integrated
Modular (for tunnel mode)

30
Bump In The Stack (BITS)
App2
App1
App2
App1
Transport
Network
Transport
Security
Network
Network
Net Sec
Link
Link
Link
Link
31
Bump In The Wire (BITW)
App2
App1
App2
App1
Security
Security
Transport
Transport
Network
Network
Network
Network
Link
Link
Link
Link
32
Integrated on Host
App2
App1
App2
App1
Transport
Transport
Net Sec
Net Sec
Network
Network
Link
Link
Link
Link
33
Integrated on Router
App2
App1
App2
App1
Transport
Transport
Network
Network
Net Sec
Net Sec
Link
Link
Link
Link
34
Network Security Location Options
Application
Application
End-to-End Transport
Transport
Transport
Network
Network
Network
Network
Link
Link
Link
Link
Application
Application
Transport
Transport
Voluntary Tunnel
Network
Network
Network
Network
Link
Link
Link
Link
Application
Application
Transport
Transport
Involuntary Tunnel
Network
Network
Network
Network
Link
Link
Link
Link
35
Transport Layer Security
Host
Host
Router
Router
Application
Application
Transport
Transport
Network
Network
Network
Network
Link
Link
Link
Link
36
Transport Layer Encryption
Link
Link
IP
TCP
Application
Encrypted
Link
Link
IP
TCP
Application
RH
Link
IP
TCP
App
Link
37
Message Processing Sequence
App2
App1
App2
App1
App2 Sec
App2 Sec
Transport
Transport
Network
Network
Network
Network
Link
Link
Link
Link
38
Application Layer Security
Encrypted
Link
Link
IP
TCP
Application
Key ID
39
Link Layer Security

Advantages
Transparent to applications
Hardware solution possible
Can address especially vulnerable links (viz.
wireless).
Disadvantages
Hop-by-hop protection causes multiple
applications of crypto operations
May not provide end to end security.

40
Network Layer Security

Advantages
Transparent to applications
Amenable to hardware
Flexible.
Disadvantages
Adds complexity for routing, MTUs, NATs
Flexibility introduces policy management and
compatibility challenges.

41
Transport Layer Security

Advantages
Transparent to applications and may be packaged
with applications
Exposing TCP enables compression and QoS
classification.
Disadvantages
Probably implemented in software
Exposing TCP risks DoS.

42
Application Layer Security

Advantages
Customized to application
Requires no special protocol stack (transparent
to networking).
Disadvantages
Hard to share between applications

43
Roadmap

Public Key Infrastructure (PKI)
Security and network layers
Sample attacks on the Internet
Distributed Denial of Service Attacks (DDoS)
Spyware
Spam
Worm
Emerging networks
Peer-to-Peer (P2P) networks
WLANs
Mobile ad hoc networks (MANETs)
Wireless sensor networks (WSNs)
Wireless mesh networks (WMNs)
Vehicular networks

44
DDoS Attacks

Goal
Prevent a network site from doing its normal
business
Method
Overwhelm the site with attack traffic
Response
Lack of defense mechanism on the current Internet

45
Why Are These Attacks Made?

Generally to annoy
Sometimes for extortion
If directed at the infrastructure, might cripple
parts of the Internet
So who wants to do that ?

46
Attack Methods

Pure flooding
Of network connection
Or of upstream network
Overwhelm some other resources
SYN flood
CPU resources
Memory resources
Application-level resources
Direct or reflection

47
Why Distributed

Targets are often highly provisioned servers
A single machine usually cannot overwhelm such a
server
So harness multiple machines to do so
Power of many is greater than power of a few
Also makes defenses harder

48
Yahoo Attack

Occurred in February 2000
Resulted in intermittent outages for nearly three
hours
Attacker caught and successfully prosecuted
Other companies (eBay, CNN, Microsoft) attacked
in the same way at around the same time

49
DDoS Attack on DNS Root Servers

Concerted ping flood attack on all 13 of the DNS
root servers in October 2002
Successfully halted operations on 9 of them
Lasted for 1 hour
Turned itself off, was not defeated
Did not cause major impact on the Internet
DNS uses caching aggressively

50
What Makes DDoS Defenses Difficult?

High availability of compromised machines
At least tens of thousands of zombie machines out
there
Internet was designed to deliver traffic
Regardless of its value
Internet resources are limited
IP spoofing allows easy hiding
Distributed nature makes legal approaches hard
Attackers can choose all aspects of his attack
packets
Can be a lot like good ones

51
Basic Defense Approaches

Overprovisioning
Dynamic increases in provisioning
Hiding
Tracking attackers
Legal approaches
Reducing volume of attack

52
Overprovisioning

Be able to handle more traffic than attackers can
generate
Works pretty well for Microsoft and Google
Not a suitable solution for Mom and Pop Internet
stores

53
Dynamic Increases in Provisioning

As attack volume increases, increase your
resources
Dynamically replicate servers
Obtain more bandwidth
Not always feasible
Probably expensive
Might be easy for attackers to outpace you

54
Hiding

Dont let most people know where your server is
If they cant find it, they cant overwhelm it
Possible to direct your traffic through other
sites first
Can they be overwhelmed ?
Not feasible for sites that serve everyone

55
Tracking Attackers

Almost trivial without IP spoofing
With IP spoofing, more challenging
Big issue
Once youve found them, what do you do?
Not clear tracking actually does much good
Loads of fun for algorithmic designers, though

56
Legal Approaches

Sick the FBI on attackers and throw them in jail
Usually hard to do
FBI might not be interested in small fry
Slow, at best
Very hard in international situations
Generally only feasible if extortion is involved
By following the money

57
Reducing the Volume of Traffic

Addresses the core problem
Too much traffic coming in, so get rid of some of
it
Vital to separate the sheep from the goats
Unless you have good discrimination techniques,
not much help
Most DDoS defense proposals are variants of this

58
Approaches to Reducing the Volume

Give preference to your friends
Require proof of work from submitters
Detect difference between good and bad traffic
Drop the bad
Easier said than done

59
Roadmap

Public Key Infrastructure (PKI)
Security and network layers
Sample attacks on the Internet
Distributed Denial of Service Attacks (DDoS)
Spyware
Spam
Worm
Emerging networks
Peer-to-Peer (P2P) networks
WLANs
Mobile ad hoc networks (MANETs)
Wireless sensor networks (WSNs)
Wireless mesh networks (WMNs)
Vehicular networks

60
Different Types of Spyware

Spyware
Adware
Embedded Programs
Trojan Horse
Browser Hijackers
Dialers
Malware

61
Why Do People Make Spyware?

Profit
A challenge
Malice
Boredom
Business

62
How Do I Know If Ive Got Spyware?

Computer is running slower than normal
Popups (on or off the internet)
New toolbars
Home page changes
Search results look different
Error messages when accessing the web

63
What Does Spyware Look Like?
64
What Does Spyware Look Like?
65
What Does Spyware Look Like?
66
What Does Spyware Look Like?
67
What Does Spyware Look Like?
68
What Does Spyware Look Like?
69
What Does Spyware Look Like?
70
What Does Spyware Look Like?
71
What Does Spyware Look Like?
72
What Does Spyware Look Like?
73
What Does Spyware Look Like?
74
How Do I Get Rid of Spyware?

Use a legitimate spyware removal program
Use Spybot Search and Destroy in combination with
Microsoft Antispyware (now called Defender)
Ad-aware is a good program and is free for home
use but is no longer free for educational use

75
How Do I Prevent Spyware?

Be conscious of what you are clicking
on/downloading
Some pop-ups have what appears to be a close
button, but will actually try to install spyware
when you click on it. Always look for the
topmost right red X.
Remember that things on the internet are rarely
free. Free Screensavers etc. generally contain
ads or worse that pay the programmer for their
time.

76
The Least Wanted List

Weatherbug (GAIN or Claria)
Hotbar
180 Search Assistant
MyWebSearch
Popular Screensavers
Comet Cursors
A Better Internet (Aurora)
Kazaa / Morpheus
GameSpy Arcade
WhenUSave
New.Net
Starware Toolbar
MySearch

Begin2Search
180Solutions
Zango
CoolWebSearch
DyFuCA
BonzaiBuddy
BargainBuddy
Dashbar
Gator
WeatherScope
Best Offers Network
Precision Time
FunWeb

77
Phishing

Most commonly an Email stating your account
Information needs updating
Watch for URLs that are numeric or different
from the link you clicked on
Best thing to do is to type in the URL and check
your account directly without following any links
in the Email
Many legitimate emails no longer contain a link
(Paypal)

78
Phishing Examples
79
Phishing Examples
80
Phishing Examples
81
Phishing Examples
82
Phishing Examples
83
Phishing Examples
84
How Secure Do You Need to Be?

Be Prudent not Paranoid
Did you initiate the action?
Why is this free?
Is the source trustworthy?
When in doubt Google it

85
Safer Alternatives

Download.com All programs are adware/spyware
free
Freesaver.com Screensavers from this site are
safe DO NOT click on ads
Cleansoftware.org

86
The Bottom Line

It is safe to install these programs
Microsoft AntiSpyware (Defender)
Spybot Search Destroy
SpywareBlaster
SpywareGuard
If you are running a different Spyware program
contact your Technology Specialist to make sure
it is not a rogue

87
Roadmap

Public Key Infrastructure (PKI)
Security and network layers
Sample attacks on the Internet
Distributed Denial of Service Attacks (DDoS)
Spyware
Spam
Worm
Emerging networks
Peer-to-Peer (P2P) networks
Mobile ad hoc networks (MANETs)
Wireless sensor networks (WSNs)
Wireless mesh networks (WMNs)
Vehicular networks

88
Examples of Spams

E-mail (UBE)
Advertisement
Phishing

From Thrifty Health-Insurance ltTyra_at_noticeoption.
comgtMailed-By noticeoption.comReply-To Thrifty
Health-Insurance ltTyra_at_noticeoption.comgt To
richard.sia_at_gmail.com Date May 10, 2006 930
PM Subject No obligation Health Insurance
Quotes Great health insurance quotes.Get a
quote from us and let local agents compete for
your business. Health insurance is more
affordable than you think.Health PlansDental
PlansPrescription PlansVision Plans and
moreCheck out the lowest rates in the
industry.http//www.cuffseetotal.com/healthy27/
This email is a commercial message. .
89
How Worse Is the Situation?

30-40 mail traffic are spam
End-user
Waste time reading junk (may fall in trap)
1 billion productivity lost per year
System operator
Increased running cost

90
Why People Spam?

Economic incentive
Effectiveness sent x (1-Pfiltered) x Pread x
Pclickthrough
Business strategy?

91
How Spammer Collect E-mails

UseNet
Web pages
Registration forms
Dictionary attacks

92
Defense Mechanisms

Authentication
Challenge/response system
DNSxL
Check-sum based filtering
Statistical filtering
Micro-payment
Spam poisoning
A brand new architecture

93
Authentication

Avoid forged sender address
SMTP AUTH
Verify sender is a legitimate user
Sender Policy Framework (SPF)
Verify senders IP corresponds to the domain

94
Challenge/Response System

Work together with white list
Only sender in the contact list can get through
If not, a challenge is posted to the sender
Ensure sender is a human instead of a program

95
DNSxL

Block list
A list of IP/domain observed to be sending out
spam consistently
use DNS to distribute the list
Similar to reverse DNS lookup
White list
Similar idea but work in the other way

96
Checksum Based Filtering

Collaborative filtering
Distributed Checksum Clearinghouse (DCC)
Vipuls Razor
Brightmail
A checksum is computed for a spam reported
The list is consistently updated and distributed

97
Statistical Filtering

2-class text classification problem
Words, phrases
Training samples
Adaptive

98
Statistical Filtering

False positive

99
Payment

Increase the cost of spammers
Micro-payment / e-cash
Computational payment
HashCash (SHA-1)
X-Hashcash 120060408adam_at_cypherspace.org1QTj
aYd7niiQA/scePa
Takes 1 second to generate
Takes 1 microsecond to verify (both on 1GHz
machine)
CAMRAM

100
Spam Poisoning

Expose e-mail address in human-readable format
user_at_exampleREMOVETHIS.com
Generate fake e-mail dynamically by CGI script
Create e-mail addresses to harvest spam e-mails
(similar to honeypot)

101
New Architecture

Internet Mail 2000
Pull based
Senders ISP responsible for storing e-mails
Receiver gets a notification only
A global deployment is unlikely anytime in the
near future

102
How Spammers Responsd?

Append random string at the end of each spam
e-mail
Improve spambot to filter characters used in spam
poisoning
Use worms to infect e-mail client programs
Analyze users e-mail pattern

103
Roadmap

Public Key Infrastructure (PKI)
Security and network layers
Sample attacks on the Internet
Distributed Denial of Service Attacks (DDoS)
Spyware
Spam
Worm
Emerging networks
Peer-to-Peer (P2P) networks
Wireless LANs
Mobile ad hoc networks (MANETs)
Wireless sensor networks (WSNs)
Wireless mesh networks (WMNs)
Vehicular networks

104
What Is A Worm?

Self-replicating/self-propagating programs
Spread from system to system without user
interaction
Finds vulnerabilities in systems and uses them to
spread
Spread via network
Different from virus which requires user
interaction

105
Danger?

Take over systems
Access sensitive information
Passwords, credit card numbers, patient records,
emails
Disrupts system functions
Government, nuclear power plants, hospitals
DDoS attack
Bandwidth saturation

106
Code Red (CRv1)

July 13th, 2001
Exploit Microsoft IIS vulnerabilities
Each infected system scans random 32bit IP
addresses to attack
Bug in the random generator resulting linear
spread

107
Code Red I (CRv2)

July 19th, 2001
Same as CRv1 but with random generator bug fix
DDoS payload targeting IP address of
www.whitehouse.gov
Bug in the code made it die for date gt 20th of
the month

108
Code Red II

August 4th, 2001
Not related to Code Red (just comment says Code
Red)
Exploit buffer overflow in MS IIS web server
Installed remote root backdoor which can be used
for anything

109
Nimda

September 18th, 2001
Multiple method of spreading
MS IIS vulnerability
Email
Copying over network shares
Webpage infection
Scan backdoor left by Code Red II
From no probing to 100 probes/sec in just 30
minutes

110
Sapphire/Slammer/SQLSlammer

January 25th, 2003
Exploit MS SQL Server buffer overflow
Fastest spreading worm
Peak rate of 55million scans/sec after just 3 min
Rate slowed down because bandwidth saturation
No malicious payload, just saturated bandwidth
causing many servers out of connection

111
Slammer effect before and after 30
minutes What if Slammer had malicious payload?
112
Used Techniques

Random scanning
Code Red, Code Red I
Localized scanning
Code Red II
Machines in the same network are more likely to
run the same software
Multi-vector
Nimda
Several methods of spreading

113
Possible Techniques 1

Hit-list scanning
First 10k infection is the hardest
Use a list of 1050k vulnerable machines
Several methods to generate the list
Stealthy scan random scan taking several months
Distributed scan using already compromised hosts
DNS search already known servers such as
mail/web servers
Just listening P2P networks advertise their
servers, previous worms advertised many servers

114
Possible Techniques 2

Permutation scanning
Random scan probes same host multiple times
Permutation of IP addresses
When an infected host is found, start from random
point in the permutation
Self-coordinated, comprehensive scanning
Very high infection rate

115
Possible Techniques 3

Warhol Worm
Hit-list and permutation scanning combined
Start off quickly and high infection rate
Simulation shows 99.99 of 300k hosts infected in
less than 15 min.
Many other techniques
Topological scanning use info from the infected
machine to
spread machines in the same subnet
Flash worm using high band width with
compressed hit-list
Stealth worms web servers to clients, P2P

116
Dealing with worm threat

Prevention
Prevent vulnerability by Secure coding practices
Patching software
Heterogeneity of network
Treatment
Patching after breakout
Virus scanning
Containment

117
Containment

Incoming
Black list
Signature based detection
Identify scanning characteristics of worms
Outgoing
TCP connection threshold
Use worm signature for outbound traffic

118
Detection Signature Based

Attack Signature
A description which represents a particular
attack or action
Eg, a classic antivirus signature
Vulnerability Signature
A description of the class of vulnerable systems
Eg, Windows XP, SP2, not patched since
10/1/2004
A description of how to exploit a particular
vulnerability
Behavioral Signatures
A behavior necessary for a class of worms (E.G.
Scanning)
A behavior common to many implementations
(half-open connections)

119
Detection Runtime Analysis

Mark all the data from unsafe source and derived
data to be dirty
Any execution attempts are signaled as possible
threat
Generate Self-Certifying Allerts and distribute
to peers using overlay peers only run overlay
code so less susceptible to attacks
Each host verifies alert in a VM and if the
vulnerability is found, generates filter
Multiple filters to prevent false positive
Generic filter disjunction of multiple specific
conditions
Specific filter more stringent conditions

120
Thoughts

Detection
Polymorphic worms
Obfuscation, encryption
False positive
Attacker generates suspicious traffic with byte
strings that are common in normal traffic
Signature generation time
Dynamic taint analysis expensive or low
coverage and resource-hungry

121
Thoughts

Distribution/deployment
Pervasive P2P collaboration
E2E detection and distribution
Secure communication
Overlay?
Intrusion detection systems?
Honeypots, honeyfarms?

122
Remarks

Future worms will be more aggressive
Need automatic detection mechanisms
No global answer, need to apply all the
techniques
Network level detections have limitations because
of limited/no knowledge of software
vulnerabilities
E2E detection, secure P2P distribution of worm
information

123
Roadmap

Public Key Infrastructure (PKI)
Security and network layers
Sample attacks on the Internet
Distributed Denial of Service Attacks (DDoS)
Spyware
Spam
Worm
Emerging networks
Peer-to-Peer (P2P) networks
WLANs
Mobile ad hoc networks (MANETs)
Wireless sensor networks (WSNs)
Wireless mesh networks (WMNs)
Vehicular networks

124
What Is Peer-to-Peer?

Each node potentially has the same responsibility
Every node is designed to provide some service
that helps other nodes in the network to get
service
Resource Sharing can be in different ways
CPU cycles SETI_at_Home
Storage space Napster, Gnutella, Freenet

125
First-Generation P2P Systems

Napster, Gnutella, Freenet
Intended for large scale sharing of data files
Lack Self-organization
Reliable content location was not guaranteed

126
Second-Generation P2P systems

Pastry, Tapestry, Chord, CAN
They provide a load balanced, fault-tolerant
distributed hash table, in which items can be
inserted and looked up in a bounded number of
forwarding hops
They form a self-organizing overlay network
They guarantee a definite answer to a query in a
bounded number of network hops

127
Napster

Storage
Connect to Napster server
Upload your list of files (push) to server.
Retrieval
Give server keywords to search the full list
with.
Select best of correct answers. (pings)
Centralized server
Single logical point of failure, potential for
congestion
No security
Passwords in plain text, no authentication, no
anonymity

128
Napster How it works?(1)
File list is uploaded
1.
napster.com
users
129
Napster How it works?(2)
User requests search at server.
2.
napster.com
Request and results
user
130
Napster How it works?(3)
User pings hosts that apparently have
data. Looks for best transfer rate.
3.
napster.com
pings
pings
user
131
Napster How it works?(4)
User retrieves file
4.
napster.com
Retrieves file
user
132
Gnutella

Fully decentralized method of searching for files
Each application instance serves to
store selected files
route queries (file searches) from and to its
neighboring peers
respond to queries (serve file) if file stored
locally
How it works searching by flooding
If you dont have the file you want, query
neighbors
If they dont have it, they contact their
neighbors, for a maximum hop count of TTL
Requests are flooded, but there is no tree
structure

133
Pastry

Pastry
Completely decentralized, scalable, and
self-organizing it automatically adapts to the
arrival, departure and failure of nodes
Seeks to minimize the distance messages travel,
according to a scalar proximity metric like the
number of IP routing hops
In a Pastry network,
Each node has a unique id, nodeId
Presented with a message a key, Pastry node
efficiently routes the message to the node with a
nodeId that is numerically closest to the key

134
Pastry NodeId

Leaf set stores numerically closest nodeIds.
Routing table
Common prefix with 10233102-next digit-rest of
NodeId
Neighborhood set Stores closest nodes according
to proximity metric

135
Routing Rules

Prefix matching
Incrementally routing digital by digital

8F4B
8957
Msg to 8954
8954
6789
8909
734B

Maximum hops logb(N)

136
Pastry Routing

Given a message, Check
forward the message to a node in the routing
table whose nodeId shares with the key a prefix
that is at least one digit (or b bits) longer
than the prefix that the key shares with the
current nodes id
If no such node can be found, forward to a node
whose nodeId shares a prefix with the key as long
as the current node, but is numerically closer to
the key than the current nodes id
If no appropriate node exists, then the current
node or its immediate neighbor is the messages
final destination

137
Chord Lookup Mechanism
Node 6 finger table X Successor 7 0
7,0) 0 0 0,2) 2 4 2,6)
1 know that 5 is 0s closest predecessor, so send
request to 6 6 has 0 in its finger table 0
replies to 1
138
Security Issues

Routing attack
Incorrect lookup routing
An individual malicious node could forward
lookups to an incorrect or non-existent node.
A malicious node might also simply declare
(incorrectly) that a random node is the node
responsible for a key.
Incorrect routing updates
A malicious node could corrupt the routing tables
of other nodes by sending them incorrect updates.
Partition
A set of malicious nodes has formed a parallel
network, running the same protocols as the real,
legitimate network

139
Security Issues

Storage and retrieval attack
A malicious node could join and participate in
the lookup protocol correctly, but deny the
existence of data it was responsible for
Miscellaneous attacks
Overload of Targeted Nodes
Rapid Joins and Leaves
A malicious node could trick the system into
rebalancing unnecessarily causing excess data
transfers and control traffic.

140
Solutions

Secure nodeId assignment
The simplest design to perform secure nodeId
assignments is to have a centralized authority
that produces cryptographic nodeId certificates
Robust routing primitives
Attempt multiple, redundant routes from the
source to the destination.
e.g, In Pastry, send the message from the source
node to all of its neighbors in the p2p overlay.
Use random query to detect false routing updates
and partition attack

141
Solutions

Ejecting misbehaving nodes remove a malicious
node from the overlay
Need proof when one node accuses another of
cheating
Proof may be generated at the application layer
Proof could be generated at the routing layer
However, a node is simply dropping messages with
some probability or is pretending that perfectly
valid nodes do not exist such behavior could
also be explained by failures in the underlying
Internet fabric

142
Wireless LANs

Ubiquitous broadband Internet access

High speed

802.11b 11 Mb/s, 802.11a/g 54 Mb/s, 802.11n
540 Mb/s

Low deployment costs

Small coverage (up to 300m for 802.11)

143
Medium Access Control (MAC)

Coordinate channel access to maximize throughput
Reduce collision
Minimize the idle intervals

A
B
144
IEEE 802.11 Distributed Coordinate Function (DCF)
MAC Protocol

Carrier sense multiple access with collision
avoidance (CSMA/CA)
Carrier sensing
Physical Carrier Sensing
Virtual Carrier Sensing
Interframe Spacing (IFS)
Short IFS (SIFS) lt DCF IFS (DIFS)

Binary Exponential Backoff
Randomly chosen from 0, CW
CW doubles in case of collision

Request to send
DATA
RTS
DATA
CTS
ACK
Acknowledge
Clear to send
time
145
Security Issues of 802.11 WLANs

Mutual authentication between the AP and users
Traffic encryption
The infamous insecurity of WEP (Wired Equivalent
Privacy)
Selfish users
Gain an advantage over other users by not
following the protocol operations, e.g., using a
fixed, very small backoff value
DoS attacks on the AP

146
Mobile Ad Hoc Networks
147
Wireless Sensor Networks
148
Wireless Mesh Networks

Ubiquitous broadband Internet access

Cellular networks

Wide area coverage (km range)

Low speed

W-CDMA 384 kb/s 2 Mb/s

CDMA2000 144 kb/s 2.4 Mb/s

High deployment costs

149
Wireless Mesh Networks

Ubiquitous broadband Internet access

High speed

802.11b 11 Mb/s, 802.11a/g 54 Mb/s, 802.11n
540 Mb/s

Low deployment costs

Small coverage (up to 300m for 802.11)

150
Wireless Mesh Networks
A unique marriage between the ubiquitous coverage
of wide-area cellular networks with the ease and
high-speed of WLANs
151
Vehicular Networks
152
Vehicular Networks
153
Applications of Vehicular Networks

Congestion detection
Vehicle platooning
Road hazard warning
Collision alert
Stoplight assistant
Toll collection

Deceleration warning
Emergency vehicle warning
Border clearance
Traction updates
Flat tire warning
Merge assistance

154
RFID networks
http//www.youtube.com/watch?v_xNhL39uD7I

RFID Radio Frequency IDentification.
An ADC (Automated Data Collection) technology
that
uses radio-frequency waves to transfer data
between a reader and a movable item to identify,
categorize, track..
Is fast and does not require physical sight or
contact between reader/scanner and the tagged
item.
Performs the operation using low cost components.
Attempts to provide unique identification and
backend integration that allows for wide range of
applications.
Other ADC technologies Bar codes, OCR.