SPINE: Surveillance protection in the network Elements

Slides:

Advertisements

Similar presentations

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.

Advertisements

P4 demo: a basic L2/L3 switch in 170 LOC

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.

The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—4-1 Implementing Inter-VLAN Routing Deploying Multilayer Switching with Cisco Express Forwarding.

Chapter 20 Network Layer: Internet Protocol Stephen Kim 20.1.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

1 Network Security Lecture 8 IP Sec Waleed Ejaz

CSCE 715: Network Systems Security

UNIT IP Datagram Fragmentation Figure 20.7 IP datagram.

1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.

Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.

Karlstad University IP security Ge Zhang

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.

Packet switching network Data is divided into packets. Transfer of information as payload in data packets Packets undergo random delays & possible loss.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

Chapter 27 IPv6 Protocol.

1 12-Jan-16 OSI network layer CCNA Exploration Semester 1 Chapter 5.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

K. Salah1 Security Protocols in the Internet IPSec.

Computer Network Architecture Lecture 7: OSI Model Layers Examples II 1 26/12/2012.

1 28-Sep-16 S Ward Abingdon and Witney College CCNA Exploration Semester 1 OSI network layer CCNA Exploration Semester 1 Chapter 5.

COS 561: Advanced Computer Networks

VPNs and IPSec Review VPN concepts Encryption IPSec Lab.

IPSec Detailed Description and VPN

Chapter 5 Network Security Protocols in Practice Part I

IT443 – Network Security Administration Instructor: Bo Sheng

Security in the layers 8: Network Security.

CSE 4905 IPsec.

Encryption and Network Security

Chapter 18 IP Security  IP Security (IPSec)

Next Generation: Internet Protocol, Version 6 (IPv6) RFC 2460

IT443 – Network Security Administration Instructor: Bo Sheng

What's the buzz about HORNET?

TCP Transport layer Er. Vikram Dhiman LPU.

The Unbearable Futility of Data Privacy in Content-Centric Networking

DDoS Attack Detection under SDN Context

0x1A Great Papers in Computer Security

Chapter 20 Network Layer: Internet Protocol

SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET

Network Core and QoS.

NET 536 Network Security Lecture 5: IPSec and VPN

Protocols 1 Key Revision Points.

Net 323 D: Networks Protocols

Outline Using cryptography in networks IPSec SSL and TLS.

Network Layer: Control/data plane, addressing, routers

WJEC GCSE Computer Science

Outline The spoofing problem Approaches to handle spoofing

NET 323D: Networks Protocols

Internet Protocol version 6 (IPv6)

Network Core and QoS.

Reconciling Zero-conf with Efficiency in Enterprises

NetWarden: Mitigating Network Covert Channels without Performance Loss

Chapter 4: outline 4.1 Overview of Network layer data plane

Presentation transcript:

SPINE: Surveillance protection in the network Elements Trisha Datta, Nick Feamster, Jennifer Rexford, Liang Wang Princeton University

Privacy Threat from Plaintext IP Addresses IP addresses can reveal sensitive information about senders/recipients Threat of surveillance by intermediate networks Real world example: Brazil, Portugal, USA (adversary) Threat model: Elaborate on what IP addresses reveal (website, who user is, geographic location, etc.) Trusted Entity #1 Trusted Entity #2 Untrusted Entity R1 R2

Deployment Challenges in Existing Solutions IPSec Tunnels: encrypt entire packet Computationally expensive Network-Layer Anonymity Systems: nodes on path implement privacy- preserving protocol (e.g., Tor) Require participation from (potentially adversarial) intermediate nodes Require participation from (probably uninformed) end-users We want a faster solution with fewer participants!

Recent Technologies and Trends TLS use is widespread  payloads are encrypted Programmable switches let us manipulate packets at switch hardware rates Increasing ubiquity of IPv6 (with longer 128-bit IP addresses) in network core

SPINE Contributions SPINE: practical solution to prevent an adversary along an end-to-end path from observing source and destination IP addresses. Processing performed at switch hardware rates No cooperation from intermediate autonomous systems No involvement from end users Flow-packet “unlinkability”

Encrypting Relevant Header Fields How do we prevent information leakage from IP addresses and TCP sequence/acknowledgment numbers? Encryption! Central Controller SPINE Tables and Keys - See where everything happens; show where keys are being installed from above (central controller) Trusted Entity #1 Trusted Entity #2 Untrusted Entity SPINE SPINE R1 R2 Original Traffic SPINE (encrypted) Traffic

Efficient Cryptography on Header Fields One-time pad encryption – requires only one XOR operation Encrypt(ip, k) = ip ⊕ H(k, nonce) ip: IP address (or TCP seq/ack no.) k: secret key nonce: public randomly-generated bit string H: keyed hash function Different nonce for each packet  flow-packet unlinkability Nonce Hash Function Original IPv4 Address One-Time Pad Encrypted IPv4 Address

Rotating Encryption Keys We want: No repeated one-time pads To thwart authorities who might demand packet decryption Solution: rotate keys To prevent inconsistency, we use version numbers and remember old keys for t seconds

Challenges with Encrypting IP Addresses Sending encryption metadata with packet Discerning which traffic is SPINE traffic Ensuring successful routing Solution: we need more space in the header  IPv6

SPINE Example Trusted Trusted Entity #1 Untrusted Entity #2 Entity Encrypt and replace IPv4 header with IPv6 header Decrypt and restore original IPv4 header Trusted Entity #1 Trusted Entity #2 Untrusted Entity SPINE SPINE R1 R2 Host A Host B Original Traffic SPINE (encrypted) Traffic

IPv4 to IPv6 Header Transformation Most fields transferred directly New IPv6 address Encrypted IPv4 address Encryption metadata “Reserved IPv6 prefix” – owned and announced by receiving trusted entity but no services offered there Reserved IPv6 Prefix Version # Nonce Encrypted IPv4 Address New IPv6 Address

P4 Implementation Advent of high-speed programmable data planes  packet manipulation P4 programs meant to run at line rates – “If it fits, it runs” Limit on operations (e.g., one-time pad encryption) P4 programs: series of match-action tables

P4 Pipeline Trusted Trusted Untrusted Entity #2 Entity #1 Entity R1 R2 Central Controller Routing Tables SPINE Tables Trusted Entity #2 Trusted Entity #1 Untrusted Entity SPINE SPINE R1 R2 Parse headers Check IPv6 Dst Addr  Decrypt if necessary Check IPv4 Dst Addr  Encrypt if necessary Deparse headers Set forwarding port SPINE Program

P4 Prototype and Resource Requirements Nonce generation: P4 random() function Hash function: SipHash Pseudorandom function Fast on short inputs Central controller that controls keys and versions Resource Requirements: ~140 KB Ran simulations on Mininet software simulator Working on running SPINE on Barefoot Tofino switches Quantify overhead from adding IPv6 header 20 bytes in IPv4 header 40 bytes in IPv6 header 20 bytes of overhead in header Jumbo frames in core of internet

Conclusion Header fields can leak information to intermediate networks Developed SPINE to combat this threat No cooperation from intermediate autonomous systems No involvement from end users Uses efficient encryption and implementable in P4 Using IPv6 bits for encryption purposes Github repo: https://github.com/SPINE-P4/spine-code Thank you for your time! How often do you cycle keys? use packets/second in core to calculate

Why do we need SipHash? SipHash is a pseudorandom function PRF f and key k Given x, f(k, x), and y, an attacker cannot guess f(k, y) One-time pad encryption: E(ip) = ip ⊕ p, where p = f(k, nonce) ip ⊕ E(ip) = p Attacker can send packet with IP address ip, observe E(ip), and recover p If f is not a PRF, then p can leak information about k