1 A Cryptographic Approach to Safe Inter-domain Traffic Engineering Sridhar Machiraju SAHARA Retreat, Summer 2004.

Slides:

Advertisements

Similar presentations

Impact of Interference on Multi-hop Wireless Network Performance Kamal Jain, Jitu Padhye, Venkat Padmanabhan and Lili Qiu Microsoft Research Redmond.

Advertisements

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

1 Traffic Engineering (TE). 2 Network Congestion Causes of congestion –Lack of network resources –Uneven distribution of traffic caused by current dynamic.

1 EL736 Communications Networks II: Design and Algorithms Class3: Network Design Modeling Yong Liu 09/19/2007.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

A. Haeberlen Having your Cake and Eating it too: Routing Security with Privacy Protections 1 HotNets-X (November 15, 2011) Alexander Gurney * Andreas Haeberlen.

1 Internet Path Inflation Xenofontas Dimitropoulos.

Part II: Inter-domain Routing Policies. March 8, What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!

Computer Science 6390 – Advanced Computer Networks Dr. Jorge A. Cobb How to provide Inter-domain multicast routing? PIM-SM MSDP MBGP.

Loss and Delay Accountability for the Internet by Presented by:Eric Chan Kai Chen.

1 A survey of Internet Topology Discovery. 2 Outline Motivations Internet topology IP Interface Level Router Level AS Level PoP Level.

Inter-Domain Path Computation in MPLS Authors: Faisal Aslam, Zartash Afzal Uzmi, Adrian Farrel, and Michal Pioro Zartash Afzal Uzmi Department of Computer.

Traffic Engineering With Traditional IP Routing Protocols

1 Tutorial 5 Safe “Peering Backup” Routing With BGP Based on:

Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.

1 Traffic Engineering for ISP Networks Jennifer Rexford IP Network Management and Performance AT&T Labs - Research; Florham Park, NJ

ASWP – Ad-hoc Routing with Interference Consideration June 28, 2005.

Internet Networking Spring 2004 Tutorial 5 Safe “Peering Backup” Routing With BGP.

Traffic Engineering in IP Networks Jennifer Rexford Computer Science Department Princeton University; Princeton, NJ

1 Reconciling Confidentiality with Cooperation in Interdomain Routing Sridhar Machiraju SAHARA Retreat, January 2004.

Privacy-Preserving Cross-Domain Network Reachability Quantification

Slide -1- February, 2006 Interdomain Routing Gordon Wilfong Distinguished Member of Technical Staff Algorithms Research Department Mathematical and Algorithmic.

Interdomain Routing Establish routes between autonomous systems (ASes). Currently done with the Border Gateway Protocol (BGP). AT&T Qwest Comcast Verizon.

1 End-to-End Detection of Shared Bottlenecks Sridhar Machiraju and Weidong Cui Sahara Winter Retreat 2003.

Inherently Safe Backup Routing with BGP Lixin Gao (U. Mass Amherst) Timothy Griffin (AT&T Research) Jennifer Rexford (AT&T Research)

Lecture 3. Notations and examples D. Moltchanov, TUT, Spring 2008 D. Moltchanov, TUT, Spring 2015.

EE 122: Intra-domain routing Ion Stoica September 30, 2002 (* this presentation is based on the on-line slides of J. Kurose & K. Rose)

S. Suri, M, Waldvogel, P. Warkhede CS University of Washington Profile-Based Routing: A New Framework for MPLS Traffic Engineering.

Stable Internet Routing Without Global Coordination Jennifer Rexford AT&T Labs--Research Joint work with Lixin Gao.

Building a Strong Foundation for a Future Internet Jennifer Rexford ’91 Computer Science Department (and Electrical Engineering and the Center for IT Policy)

Introduction to compact routing Dmitri Krioukov UCSD/CAIDA IDRWS 2004.

Computer Networks Layering and Routing Dina Katabi

Game theoretic models for detecting network intrusions OPLab 1.

EQ-BGP: an efficient interdomain QoS routing protocol Andrzej Bęben Institute of Telecommunications Warsaw University of Technology,

Network Sensitivity to Hot-Potato Disruptions Renata Teixeira (UC San Diego) with Aman Shaikh (AT&T), Tim Griffin(Intel),

Topology Design for Service Overlay Networks with Bandwidth Guarantees Sibelius Vieira* Jorg Liebeherr** *Department of Computer Science Catholic University.

An Analytical Approach for the Two-Tier Resource Management Model IPS-MOME March 2004 Y. Rebahi.

Internet Traffic Engineering by Optimizing OSPF Weights Bernard Fortz (Universit é Libre de Bruxelles) Mikkel Thorup (AT&T Labs-Research) Presented by.

Lecture 15. IGP and MPLS D. Moltchanov, TUT, Spring 2008 D. Moltchanov, TUT, Spring 2015.

Quantifying the Causes of Path Inflation Neil Spring, Ratul Mahajan, and Thomas Anderson Presented by Luv Kohli COMP November 24, 2003.

Interconnect Performance Modeling. Performance modeling Given an interconnect topology, routing, and other parameters, predict the interconnect performance.

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.

I-Path : Network Transparency Project Shigeki Goto* Akihiro Shimoda*, Ichiro Murase* Dai Mochinaga**, and Katsushi Kobayashi*** 1 * Waseda University **

Some questions about multipath Damon Wischik, UCL Trilogy UCL.

Quality of Service Routing Anunay Tiwari Anirudha Sahoo.

1 - CS7701 – Fall 2004 Review of: Detecting Network Intrusions via Sampling: A Game Theoretic Approach Paper by: – Murali Kodialam (Bell Labs) – T.V. Lakshman.

6 December On Selfish Routing in Internet-like Environments paper by Lili Qiu, Yang Richard Yang, Yin Zhang, Scott Shenker presentation by Ed Spitznagel.

Introduction to compact routing Dmitri Krioukov UCSD/CAIDA 3 rd CAIDA-WIDE Workshop.

CS223 Advanced Data Structures and Algorithms 1 Maximum Flow Neil Tang 3/30/2010.

Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet.

1 Slides by Yong Liu 1, Deep Medhi 2, and Michał Pióro 3 1 Polytechnic University, New York, USA 2 University of Missouri-Kansas City, USA 3 Warsaw University.

1 ISMA Backbone Traffic Inference MAKE SYSTEMS THE NETWORK RESOURCE PLANNING COMPANY ISP Backbone Traffic Inference Methods to Support Traffic Engineering.

1 Chapter 4: Internetworking (IP Routing) Dr. Rocky K. C. Chang 16 March 2004.

Internet Traffic Engineering Motivation: –The Fish problem, congested links. –Two properties of IP routing Destination based Local optimization TE: optimizing.

Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates Zhenhai Duan, Xin Yuan Department of Computer Science Florida State.

Roman Barták (Charles University in Prague, Czech Republic) ACAT 2010.

The Application of the Path Computation Element Architecture to the Determination of a Sequence of Domains in MPLS & GMPLS draft-king-pce-hierarchy-fwk-01.txt.

System & Network Reading Group On Selfish Routing In Internet-Like Evironments Lili Qiu (Microsoft Research) Yang Richard Yang (Yale University) Yin Zhang.

1 Chapter 5 Branch-and-bound Framework and Its Applications.

Doing Don’ts: Modifying BGP Attributes within an Autonomous System Luca Cittadini, Stefano Vissicchio, Giuseppe Di Battista Università degli Studi RomaTre.

Preliminaries: EE807 Software-defined Networked Computing KyoungSoo Park Department of Electrical Engineering KAIST.

1 Internet Routing 11/11/2009. Admin. r Assignment 3 2.

Impact of Interference on Multi-hop Wireless Network Performance

Constraint-Based Routing

COS 561: Advanced Computer Networks

CS223 Advanced Data Structures and Algorithms

COS 561: Advanced Computer Networks

Kevin Lee & Adam Piechowicz 10/10/2009

COS 561: Advanced Computer Networks

Presentation transcript:

1 A Cryptographic Approach to Safe Inter-domain Traffic Engineering Sridhar Machiraju SAHARA Retreat, Summer 2004

2 Outline Motivation Defining the Problem Proposed Solution Random Noise Discussion and Conclusions

3 Motivation In BGP, Autonomous Systems (ASs) are abstracted as a node in a graph

4 In reality, AS1 AS2 AS3 Peering links Internal links

5 In BGP, AS1 AS2 AS3 Peering links Internal links

6 Motivation Why? –Scalability –Confidentiality of intra-domain information, e.g., link quality, routing, flow info, policies etc. Why is this bad? Traffic engineering by one AS can send flows over “bad” paths in neighboring ASs In BGP, Autonomous Systems (ASs) are abstracted as a node in a graph

7 Outline Motivation Defining the Problem Proposed Solution Random Noise Discussion and Conclusions

8 High-level Problem Statement A Source of flow F In A, this path has most available bandwidth B

9 High-level Problem Statement BA Source of flow F Destination of flow F In A, this path has most available bandwidth path with best end-to-end available bandwidth

10 High-level Problem Statement Design a technique so that neighboring domains conduct traffic engineering cooperatively in a scalable fashion without having to reveal confidential intra-domain information? BA Source of flow F Destination of flow F In A, this path has most available bandwidth path with best end-to-end available bandwidth

11 Formalizing the Problem Consider traffic from A to B that can exit one of P peering points Confidential information Two kinds of constraints (of A and B) – –Given demand T i, find amount of traffic, x ik of flow F i to transit peering point k –For every “bottleneck” link,, all traffic traversing it must not exceed avail b/w

12 A Linear Programming Problem… Constraints: Constraints in AS A (private to A) Constraints in AS B (private to B) amount of each flow exchanged at peering points Objective: maximize/minimize C T X: –(minimize) maximum link utilization –(maximize) total traffic exchanged –(minimize) average/maximum path inflation

13 Outline Motivation Defining the Problem Proposed Solution Random Noise Discussion and Conclusions

14 Overview of Solution Sub-matrices of V,W are private to A, B A and B transform the above into: Solve LP1’ and X=QX’ V’, W’, X’, X, C’, C do not reveal any information about private information of A and B to each other (almost) LP1 LP1’

15 Transforming the LP problem A sends encrypted sub-matrix, E(V A ) and E(W A ) to B B chooses random invertible P and Q B sends E(V’)=PE(V)Q and E(W’)=PE(W) –requires addition of encrypted values and multiplication by known scalars (V B, W B ) –These can be performed by homomorphic encryption schemes, e.g., Paillier’s A decrypts E(V’) and E(W’) to obtain LP1’

16 The Final Solution A B E(V A ), E(W A ) B A E(V’)=PE(V)Q E(W’)=PE(W) Solve V’X’<W’ for X’ Send X=QX’ E() represents encryption by A

17 Outline Motivation Defining the Problem Proposed Solution Random Noise Discussion and Conclusions

18 Small random noise is OK LP1’ does not leak any information about V B, W B only if V has full rank So, add small random noise to matrix entries –this can be done by homomorphic encryptions How does this affect the LP problem? –Constraints may not be violated by small noise –Objective function may be affected, though

19 Effect of random noise(1) 10 constraints; objective – maximize flow

20 Effect of random noise(2) Objective – maximize (–1*path inflation) About 2-3% unsolvable problems too!

21 Outline Motivation Defining the Problem Proposed Solution Discussion and Conclusions Random Noise

22 Discussion Scalability –LP problem transformation is quadratic in terms of number of cryptographic operations –But, traffic engineering not frequent (hourly) Threat model –ASs are assumed to be rational, i.e., do not inject wrong inputs Future work: Experiment with real topologies and quantify time complexity

23 Conclusions Inter-domain routing could benefit a lot from cooperation which is hindered by confidentiality requirements We demonstrate this for the case of safe traffic engineering Other cases of inter-domain cooperation – policy safety, resource allocation and intrusion detection: –checking global invariants –computing global functions