Highly Secure and Efficient Routing - PowerPoint PPT Presentation

About This Presentation
Title:

Highly Secure and Efficient Routing

Description:

... Protocol This routing protocol is a routing protocol with Byzantine robustness and detection The Routing protocol Basic Idea Specific mechanisms ... – PowerPoint PPT presentation

Number of Views:34
Avg rating:3.0/5.0
Slides: 39
Provided by: heh2
Learn more at: https://www.cs.jhu.edu
Category:

less

Transcript and Presenter's Notes

Title: Highly Secure and Efficient Routing


1
Highly Secure and Efficient Routing
  • Ioannis Avramopulos, Hisashi Kobayashi
    Randolph Wang Arvind Krishamurthy
  • Dept. of EE
    Dept. of CS
    Dept. of CS

  • Princeton University
    Yale University

Presentation Huan He
2
Contents
  • The routing protocol
  • How the protocol defend adversary
  • Summary

3
Network Failures
  • Simple
  • one where some network component( one or more
    nodes) simply become inoperative
  • Byzantine
  • In Byzantine failure, a component becomes
    faulty and yet continues to operate( incorrectly)

4
The Routing Protocol
  • This routing protocol is a routing protocol with
    Byzantine robustness and detection

5
The Routing protocol
  • Basic Idea
  • Specific mechanisms
  • Authentication
  • Route Selection
  • Reserved Buffers, Timeouts, and Sequence Numbers

6
Some definition
  • What is a faulty node?
  • --Does not follow the protocol
  • --Can be impersonated by another node
  • What is a faulty link?
  • --Drops packet
  • --Is incident to a faulty node
  • If a link is detected to be faulty, one or more
    of following is true
  • --The upstream router is faulty
  • --The link is faulty
  • --the downstream router is faulty

7
The Routing protocol
  • Basic Idea
  • Specific mechanisms
  • Authentication
  • Route Selection
  • Reserved Buffers, Timeouts, and Sequence Numbers

8
Basic IdeaPacket Forwarding with Fault Detection
  • Source Routing
  • Destination acknowledgements
  • Timeouts( to receive ACK or FA from destination)
  • Fault Announcements( FA)

9
Basic IdeaA Simple Example

Route(S,2,M,6,D)
D

Route(S,3,M,6,D)
5
6
4
Route(S,1,4,5,D)
M


2
1
3
S
10
Basic IdeaMore
  • We also need more following mechanisms to provide
    Byzatine robustness
  • Data and control packet authentication
  • A-priori reserved buffers
  • Monotonically increasing non-wrapping sequence
    numbers
  • Round-robin scheduling of packet transmission
  • Calculation of appropriate time out values

11
Basic Idea
  • None of the individual mechanisms of the basic
    protocol described in here is novel, it is the
    combination of them that delivers the desired
    robustness and efficiency

12
The Routing protocol
  • Basic Idea
  • Specific mechanisms
  • Authentication
  • Reserved Buffers, Timeouts, and Sequence Numbers
  • Route Selection

13
Authentication
  • Authentication of Data Packets
  • --Safeguards against modification
  • --Ensures that allocated resources( namely,
    reserved buffers)
  • Authentication of Control packets
  • --Prevents malicious nodes from forging ACKs
    and FAs on behalf of non- faulty nodes
  • Performance of Authentication mechanism is
    crucial
  • As authentication must be performed for each
    packet at each node and the speed of
    authentication may bound the effective link
    bandwidth.

14
Authentication
  • Digital signature
  • --Most straightforward authentication mechanism
  • --Poor performance

15
Authentication
  • The multicast authentication construction of
    Canetti
  • MACdf(Keysd)
  • MAC( Message Authentication code)
  • Limitatione
  • Vulnerable to an adversary that tampers with
    only a subset of the authentication tags( when
    used to secure data packet forwarding)

16
Authentication
  • Tesla
  • --A broadcast authentication protocol that
    relies on loose clock synchronization and delayed
    key disclosure
  • --limitations
  • 1.Delayed authentication is vulnerable to a
    DoS attack
  • 2.Nodes will have no recent enough Tesla
    keys to efficiently authenticate newly released
    keys when two nodes not communicated securely for
    a substantial period of time (For Tesla keys is
    periodic flooding )

17
Authentication
  • MACs based on pairwise secret keys
  • Given a path lts,,ni , ni1 ,tgt, the
    computation of the MAC for node ni receives as
    input both the message and the MACs for nodes
    ni1,,t MACs are therefore computed sequentially
    from destination to the first intermediate node.

18
Authentication
  • MACs based on pairwise secret keys

S
N1
N2
N3
T
MACSTF KeyST, PKTST
S
N1
N2
N3
T
MACSN3F KeySN3, MACST, PKTSN3
19
Authentication
  • MACs based on pairwise secret keys
  • --Prevent malicious router trigger an FA for a
    non-faulty link
  • --Performance is good
  • For 1500B packets, the upper bound on link
    bandwidth is 50Mbps using this authentication,
    while the bound on link bandwidth becomes less
    than 2Mbps using digital signature.

20
Authentication
  • MACs based on pairwise secret keys
  • The same structure is used for data packets,
    ACKs, and FAs.
  • If this structure is used for ACKs and FAs,
    then it gives the adversary the advantage to
    discredit link in the path between the source and
    the adversarial router

?
?
21
The Routing Protocol
  • Basic Idea
  • Specific mechanisms
  • Authentication
  • Reserved Buffers, Timeouts, and Sequence Numbers
  • Route Selection

22
Reserved Buffers, Timeouts, and sequence Numbers
  • Problem
  • Routers may drop packets due to congestion
  • Malicious nodes can incur congestion by
    overwhelming the network with their own packets,
    so it is desirable to be able to deliver packets
    despite the presence of such malicious sources
  • For congestion is not inherently a network fault,
    it is desirable to be able to disassociate fault
    announcements with congestion,

23
Reserved Buffers, Timeouts, and Sequence Numbers
  • Solution
  • Priori Buffer reservation
  • --Ensure that packets are never dropped
    because of congestion
  • Round-Robin scheduling
  • --Minimize the interference between sources
  • Timeouts equal to the worst case RTT to the
    destination
  • --Attempt to ensure that FAs are not
    triggered because of congestion
  • Sequence Number and limitation Window
  • --Detecting and dropping illegitimate packets
    that are due to either replays or faulty sources
  • Fault announcements should only be relevant to
    the source of the packet that triggered the
    announcement

24
The Routing Protocol
  • Basic Idea
  • Specific mechanisms
  • Authentication
  • Reserved Buffers, Timeouts, and Sequence Numbers
  • Route Selection

25
Route Selection
  • Shortest path algorithm
  • Route Selection Utilizes
  • A topological map
  • Fault announcements
  • Buffer available to this source at each link
  • Link bandwidth
  • Prefix spans

26
Route Selection
  • Specifically
  • The links corresponding to valid fault
    announcements are deleted from the topological
    map of the sauce
  • Links that lack available buffers for this source
    due to currently outstanding packets are
    temporarily deleted from topological map

27
Route Selection
  • Prefix Spans
  • The use of Prefix Spans is clearly desirable for
    maximizing the throughput of packets sent through
    a link
  • Trade-off is it prevents certain link from being
    used by sources that are far away from the link,
    thereby reducing the number of usable paths in
    the system.

Path Length
Bandwidth
Number Of Usable paths
Prefix Spans
28
Route Selection
  • Shortest path algorithm
  • Based on the Bellman-Ford shortest path
    algorithm that calculates shortest paths in a
    network where the links have different bandwidths
    and prefix spans.
  • The complexity of the algorithm is O(HE) given
    G(V,E)
  • Hmaximum prefix span over all edges

29
Contents
  • The routing protocol
  • How the protocol defend adversary
  • Summary

30
Adversary
  • The protocol is designed to withstand adversary
    attack so that it can continue to deliver packets
    as long as a none faulty path exists.

31
Adversary
  • Adversary can create spurious unauthenticated
    traffic try to block authenticated traffic at
    non-faulty routers
  • This protocol require authentication to work at
    line speed
  • Adversary can create spurious authenticated
    traffic, try to block authenticated traffic from
    non-faulty sources at non-faulty routers
  • Non-faulty sources are ensure buffers and link
    bandwidth

32
Adversary
  • Adversary can replay authenticated traffic that
    has originated from other non-faulty sources, try
    to pending authenticated traffic from non-faulty
    sources
  • The authenticated traffic from non-faulty sources
    carries sequence numbers that are larger than
    those of replayed traffic and priority is given
    to packets with larger sequence number
  • Adversary can mis-route packets
  • Mis-routed packets are dropped at the next
    non-faulty router, if the router does not appear
    in the source-specified path

33
Adversary
  • Adversary can modify packets
  • Modifying the content protected by the
    authentication tag is equivalent to dropping the
    corresponding packet.
  • Modifying the MACs of upstream routers has no
    effect, since those MACs are not further
    utilized.
  • Modifying the MACs of downstream routers is
    equivalent to dropping the corresponding packet.

?
34
Adversary
  • Adversary can drop packets
  • Timeout at intermediate nodes pinpoint the
    location of faults.
  • This implies the protocols Byzantine robustness,
    is argued by the following theorem a packet
    transmission from a non-faulty source will
    resulty in either the reception of a destination
    acknowledgement or the deletion of a faulty link
    at the deletion of a faulty link at the sources
    topological map

35
Contents
  • Our routing protocol
  • How the protocol defend adversary
  • Summary

36
Summary
  • The protocol can be seen as a combination of
    several components. While none of these is novel
    by itself, it is the integration of them that is
    crucial for the correctness and efficiency of the
    protocol

37
Summary
  • These components are
  • Source routing
  • Destination acknowledgements
  • Timeouts
  • Fault announcements
  • Authentication
  • Reserved Buffer
  • Sequence Numbers
  • Round-Robin scheduling

38
Thank You!
Write a Comment
User Comments (0)
About PowerShow.com