No Direction Home: The True cost of Routing Around Decoys Presented by : Pallavi Kasula
Background Autonomous systems (AS) Border Gateway Protocol (BGP) Internet Censorship Decoy Routing Routing Around Decoys(RAD)
Autonomous System(AS) Internet Comprises of interconnected Autonomous Systems Autonomous System: Collection of Networks with Same routing policy Usually under single ownership, trust and administrative control
BGP -Border Gateway Protocol Designed to exchange routing and reachability information between autonomous systems (AS) on the Internet. BGP is the path-vector protocol provides routing information for autonomous systems on the Internet via its AS-Path attribute Shortest AS_Path, Multi_Exit_Disc
Internet Censorship the control or suppression of what can be accessed, published, or viewed on the Internet. The extent of Internet censorship varies on a country-to-country basis Content suppression methods include Internet Protocol(IP) address blocking DNS Name filtering and redirection Circumvention using Proxy Server has been in use which needs client to connect to a specific IP address.
Decoy Routing Decoy Routing -A mechanism capable of circumventing common network filtering strategies. A client connects to any unblocked host service and then decoy routing is used to connect to blocked destination. Circumvention service is placed in the network. A single device could proxy traffic instead of host.
Routing Around Decoys Schuchard et al. proposed Routing Against Decoys attack against decoy routing. Main Idea- ISPs in censorship region have multiple paths to reach destination It can instruct ISPs under it’s influence to select paths that do not pass through ISPs known to contain Decoys.
Objective of this paper Authors have worked on true costs incurred by following RAD attack. Various parameters have been studied such as Loss of Connectivity, Latency, path length etc.
Internet Topology Business Relationship between ASs can be mapped to following three types according to Gao model Customer-to-Provider (c2p) Peer-to-Peer (p2p) Sibling-to-sibling (s2s)
Internet Topology Graph
Internet Topology Customer Cone : AS and its customers Edge AS : AS with customer cone size =1 Transit AS : AS whose customer size is greater than 1 and transits other As traffic Path : A sequence of neighbor ASes that connect source AS to destination AS.
Valid and Invalid Paths Valid or Valley-Free(VF) Path Every transit AS in the path a customer who is its immediate neighbor Invalid or Non-Valley-Free (NVF) Path
BGP Routing
RBGP Routing
Costs of Routing Degraded Internet Reachability Less-Preferred Path Longer Paths Higher path latencies Non-Valley-Free routes New Transit ASes Massive change in Transit Load
Placing decoy Routers RAD paper simulated two specific placements of decoys Top - Tier Random But this placement in RAD is biased as decoys were primarily placed in EDGE ASs
Placing decoy Routers Authors used following Strategic decoy Placements: Sorted Placement - Decoys are chosen from ASs that transit more traffic for the RAD adversary. sorted-with-ring - Set of ASs not directly controlled by RAD adversary sorted-no-ring - Additionally exclude ASs having business relationship Strategic random placement - ASs are chosen from a set of ASes with a particular customer size. random-c (Random -1 is similar to one used in RAD). random-with-ring-C and random-no-ring-C
Simulation Setup and Data Sources Used CBGP - a popular BGP simulator with python interface to interact and query between ASs. Geo location: “GeoLite Country” dataset to map IP addresses to countries. AS relations : CAIDA’s inferred AS relationship dataset AS ranking: CAIDA’s AS rank dataset Latency: iPlane’s “Inter-PoP links” dataset to estimate BGP and RBGP path latencies. Network origin: iPlane’s “Origin AS mapping” dataset
Comparing the Internet connectivity of state-level censors. Simulation Results Comparing the Internet connectivity of state-level censors. Loss of connectivity for different RAD adversaries assuming the sorted-no-ring decoy placement strategy.
Simulation Results Simulation results for two different scenarios : China-World : Decoy chosen from 44000 ASs exlcuding the 199 ASs located in China. China is the adversary. China-US :China is the RAD adversary; decoy ASes are selected only from the 13,299 ASes lo- cated in the United States.
Percentage of unreachable ASs
Non-Valley-Free paths
Costly Valley-Free Paths Using less preferred paths : Results have shown that the percentage of VF paths became from 6% to 21% more expensive for different placement strategies. Longer Paths : Average increase in path length varies from 1.12 to 1.40. Higher Latencies : Even same length paths have higher latencies due to less popular transits.
For two neighbor ASes A and B, eLat is calculated as : Latency Calculation For two neighbor ASes A and B, eLat is calculated as : where Ai represents the ith point-of-presence (PoP) of the AS A and nA is the number of A’s PoPs For a BGP/RBGP path composed of k ASes {T1 , ..., Tk }, we define eLat to be the sum of eLat for all neighbor ASes in the path:
The average increase in estimated latency due to the RAD attack. Simulation Results The average increase in estimated latency due to the RAD attack.
need infrastructural changes Edge ASes acting as transit ASes Increased load on existing transit ASes
where I P s(A) is the number of IP addresses owned by the AS A Traffic Volume To simulate changes in transit loads, it is assumed that traffic volume between two ASes AS1 and AS2 is proportional to the number of IP addresses they respectively possess: Text Maximum transit load increase factor for Chinese transit ASes due to the RAD attack where I P s(A) is the number of IP addresses owned by the AS A Maximum transit load increase factor for Chinese transit ASes due to the RAD attack
Conclusions Proposed RAD attack is extremely costly with loss of connectivity to many internet connections and lower QoS. Strategic placement of decoy routers significantly increases cost. Depends on connectivity of country. Regional deployment is effective in defeating the RAD attack. Needs more fine grained and data driven approach.
Questions?