Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab

Outline Motivation Background Link Layer Network Layer Transport Layer Session Layer Information Mobility Peer-to-peer, Content Delivery Networks Publish/Subscribe

Motivation Original Internet design Hosts are fixed IP address is both end-host identifier and locator However, the current Internet usage is:

Mobility – Some problems How does a host get a new locator (IP address)? How does a host re-establish the connectivity in the new network? How does a host tell the peer host its new address? How can we find a host that moves frequently? How can applications maintain the seamless connectivity between mobile hosts?

Solutions in different layers Link Network Transport Session Identification Simple MAC address update DHCP (static), Mobile IP (dynamic) Host Identity Protocol TCP Migrate SIP Mobility

Link Layer Mobility Change MAC address Ex. Between access points in the same subnet (+) Transparent to higher layers (no changes in the IP address) (–) Limited to the same subnet MAC A MAC B IP client Mapping: IP client –> MAC A Mapping: IP client –> MAC B

Dynamic Host Configuration Protocol (DHCP) Provides dynamic IP addresses to end-hosts (+) simple (–) does not maintain ongoing connections Network ANetwork B / /

IP Mobility – IP Semantic Overload Problem Link Network Transport Session Application IP src = Web-browser socket(AF_INET, …, …) connect() socket(IP src/dst, port src/dst ) IP src =

Mobile IP Goals Network layer solution Applications are oblivious of the mobility event Legacy application support Incrementally deployable Approach Two IP addresses Home Address –> stable end-host identifier Care-of Address –> ephemeral end-host locator “Solves” IP semantic overload problem

Mobile IP – Elements Home Agent (HA) Responsible for location management Tunnels traffic to the registered node when it is not in the home network Foreign Agent (FA) Provides Care-of address of the visited network Represents the mobile node when it visits the network

MN at Home Network Internet Home Network Foreign Network Home Agent Foreign Agent MN IP A Correspondent Node Direct communication between MN and CN IP A IP C IP C

MN Registration Internet Home Network Foreign Network Home Agent Foreign Agent MN IP A Correspondent Node Registration in the FA Receive Care-of Address Inform current CoA IP C MN IP B

MN at Foreign Network Internet Home Network Foreign Network Home Agent Foreign Agent MN IP B Correspondent Node IP C CN sends data to IP A HA tunnels packets to IP B (IP-IP tunneling)

Route Optimization Internet Home Network Foreign Network Home Agent Foreign Agent MN IP B Correspondent Node IP C Avoids the triangle between CN – HA – MN

Mobile IP – Summary Provides mobility support in the network level Applications are oblivious about the mobility event Supports simultaneous node mobility (uses HA and FA as anchor points) Uses two IP addresses: Home address: end-host identification Care-of address: end-host location Issues Scalability problems (triangle) Security

Host Identity Protocol (HIP) New namespace between network and transport layers Host Identity (HI) Host Identity Tags (HIT) Security embedded 128-bit identifier = hash from the public key Fill the gap between end-host identification and location Decouples end-host identification and location Solves IP semantic overload

HIP Namespace Network Transport Application Identification Link Web-browser socket(…) Get end-host identifier socket(HIT src/dst, port src/dst ) Network layer is free to change

HIP Resolution Two steps name resolution Name to HIT resolution –> DNS HIT to IP resolution –> Rendezvous Server (RVS) HIP base exchange 4-way handshake Resistant against Denial-of-Service attacks Uses cost functions Check whether correspondent nodes are committed to the communication

HIP Mobility Rendezvous Server (RVS) Holds all HIT-to-IP mapping Distributed in the network Ex: One per administrative domain After a mobility event, mobile node engages in the locator update procedure UPDATE message along with the verification protocol

HIP Summary New namespace composed of cryptographic identifiers Host Identifiers (HI) and Host Identity Tags (HIT) Detaches host identification from location Resistant against Denial-of-service attacks Base exchange Supports simultaneous node mobility RVS is the anchor point

TCP Migrate End-host mobility in the transport layer Goal: to maintain end-host seamless connectivity during TCP sessions Approach Uses DNS names to provide stable end-host identifier Saves TCP state during migration, restoring after mobility event No new location management device No Home Agent and Foreign Agent

TCP Migrate Mobility procedure Inform current IP address to the peer node After mobility event, mobile node sends a TCP SYN message to the peer node informing the new IP address Update current IP address in order to be globally reachable Mobile host updates its current mapping in the DNS Ex. –> www.acme.org

TCP Migrate TCP session migration New TCP option TCP SYN MIGRATE Informs to migrate to a new TCP session Use tokens to inform to which TCP session it was associated The mobile host opens a new socket with the new IP address and sends the TCP SYN message with MIGRATE option and a token with the current state The peer host opens the a new TCP session to the new IP address and restores the session

TCP Migrate – Summary Benefits Simple No network infrastructure changes Drawbacks Changes in the default TCP Security issues Does not support simultaneous node mobility There is no anchor point

Session Initiated Protocol Signaling protocol used for controlling multimedia sessions Used for establishing, modifying and terminating sessions Uses URI to identify users Relies on two other protocols Real-time protocol (RTP) Carries streaming data Session description protocol (SDP) Session parameters, e.g, ports, protocols, etc

SIP Message Flow DNSOutbound Proxy Inbound Proxy Client INVITE Resolve URI to Inbound Proxy Server IP INVITE OK ACK RTP Traffic

Home Network Foreign Network SIP Mobility Outbound Proxy Client SIP Redirect Proxy Correspondent Node INVITE Moved Temporarily INVITE OK ACK

SIP – Summary Signaling protocol for controlling multimedia sessions Uses URIs to identify user agents Mobility is handled by SIP proxies

Mobility Support – Summary Link Network Transport Session Identification Simple MAC address update – switches can be configured to handle it Mobile IP – creates a new IP address, the Home Address to be the end-host identifier, while the Care-of Address is the real locator Host Identity Protocol – introduces a new namespace to fill the gap between identification and location TCP Migrate – adds a new option in the TCP stack, MIGRATE, to provide TCP session migration. Relies on DNS to provide correct mapping SIP Mobility – uses SIP proxies to locate user agents. End users are identified by URI and mapped to SIP Proxies, which are the anchor points.

Information-centric Networks What happens when we migrate to information-centric networks? Location decoupled Time decoupled There is no IP end-point to locate hosts

Data ‘Mobility’ in Host-centric Networks Peer-to-peer Networks Users search for content Request is translated to a query in a DHT Users receive a list of closest peers Content Delivery Networks (CDNs) URL links contain CDN DNS entries Dynamic mapping of DNS name resolutions to the closest surrogate server Dynamic mapping of content into an IP address Content is ‘detached’ from locator (new naming system, e.g, flat identifier, etc)

Data Mobility in Information- centric Networks Native Publish/Subscribe Each content has a unique identifier Content is totally detached from specific location Can be anywhere, intermediate caches, end-nodes, replicated, etc Usually content is stored close to the consumers Popular content is cached near to consumers Support flash crowd events

End-node Mobility in Information- centric Networks Network Attachment procedure During bootstrap process, subscribe re-subscribes to the publication RVS receives notification RVS notifies the publisher and topology manager Publisher re-publishes the content in the new RVS Topology manager computes new path between publisher and subscribers Updates delivery tree

End-node Mobility in Information- centric Networks Some optimizations Default communication model: Multicast Multicast Assisted Mobility Possibility to reduce handoff loss Distribution of data around the area where the mobile user resides Makes data available when mobile user arrives Packet loss Buffering and return channel (algorithmic IDs) Delivery order Subscription to separate IDs, e.g. algorithmic IDs

Questions? Comments? Thanks!

Content Authentication in Information-centric Networks Walter Wong HIIT & NomadicLab

Outline Background Host-centric security solutions Merkle Hash Trees Information-centric authentication Skewed Hash Trees Implementation & Evaluation Conclusion

Motivation Current security solutions Authentication of the container/storage device/mirror And what about the content itself? We trust in the container! (shouldn’t we trust in the content?) Paradigm problem In the Internet, we want ‘what’ And we get ‘where’

Example – Content Delivery Networks Content Provider SSL Are they the same movie? Wrong trust model!

Host-centric Security Solutions SSL/TLS and IPSec Provides host authentication (IP address) IPSec = network layer solution => IP SSL/TLS = transport layer solution => IP !! Security channel between end-hosts Mainly: data transfer between authenticated end-hosts (IP addresses) Security data results from the connection parameters Transient data => can’t be reused in other context Time coupled

Towards Information-centric Networking Migration from host-centric to information-centric networking Data is decoupled from the location (data is not part of the storage location) Communication is decoupled in time and synchronization Scenarios Peer-to-peer, Content delivery networks Publish/Subscribe

Towards Information-centric Networking Client/server model Scenario: low resources Services centralized in a ‘powerful’ server Roles: well-defined clients and servers Storage is centralized in the server Drawbacks Bottleneck – scalability issues Server could be distant geographically

Towards Information-centric Networking Peer-to-peer model Scenario: file-sharing Distributed resources among peers Roles: peer is both producer and consumer Storage: distributed in the network, but in the peer storage disk Drawbacks Some are location oblivious – peer with highest bandwidth might not be the closest one Paradox: consumer peers need to queue for the same resource, while the provider peer needs to send it multiple times

Towards Information-centric Networking Publish/Subscribe Scenario: news feed delivery Distributed resources in the network Role: mixed between publishers and subscribers Storage: distributed in the network along caches Benefits Multicast – no p2p paradox Simpler – no scheduling algorithm for resources Content retrieval from the closest cache Resources are within the network

Motivation – Security How do we secure content with: Location decoupled Data can not be authenticated with some IP Time decoupled Data can not be authenticated based on direct connection

Information-centric Security Original idea Per packet signature Sign each packet with a digital signature Drawbacks Costly CPU expensive to sign and verify each signature Requirement Optimize signature mechanism

Merkle Hash Tree Signature amortization technique binary tree built over a set of data blocks Uses hash functions to authenticate data blocks MD5, SHA-1, SHA-256 Requires just one digital signature for an entire piece of content Regardless of the number of data blocks! Drawbacks Works only on binary trees!

Merkle Hash Tree File D0D1D2D3 Data blocks H0H1H2H3 Leaf nodes H01H23 Internal nodes H03 Root Hash

Merkle Hash Tree File D0D1D2D3 Data blocks H0H1H2H3 Leaf nodes H01H23 Internal nodes H03 Root Hash D0 H1 H23 H0H1 H23H01 + H03

Skewed Hash Tree Motivation Many possibilities to build a skewed tree Goal New algorithm to support random size files Approach Separate balanced and unbalanced trees Append remaining blocks under the balanced tree Deal with each one separately Maintain, at most, one level of difference

Skewed Hash Tree – Overview File D0D1D2D3 H0H1H2H3 H01H23 H03 h = 0 D4D5 H4H5 H45 H05 h = – 1 1 level diff

Benefits Amortized signature scheme Based on hash functions (efficiency) Data carries its own proof of authenticity Data and authentication information can come separately Any sequence authentication Time decoupling (no interaction between producers/consumers - asynchronous) Random size file authentication On-path network verification

Application Scenario On-path Authentication

Application Scenario Content Delivery Networks

Evaluation (1/3)

Evaluation (2/3)

Evaluation (3/3)

Conclusion Current security solutions (TLS/IPSec) do not fit in information-centric networks Skewed Hash Tree provides: amortized signature independent packet authentication random file size authentication time decoupled On average, 8 and 3 times faster than RSA, while preserving the same level of security

Questions? Comments? Thanks!