1 Securing Information Transmission by Redundancy Jun LiPeter ReiherGerald Popek Computer Science Department UCLA NISS Conference October 21, 1999.

Slides:

Advertisements

Similar presentations

Dynamic Source Routing (DSR) algorithm is simple and best suited for high mobility nodes in wireless ad hoc networks. Due to high mobility in ad-hoc network,

Advertisements

Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.

Computer Networking A Top-Down Approach Chapter 4.7.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

Denial of Service in Sensor Networks Szymon Olesiak.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.

Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.

Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec

An Approach to Measuring Large-Scale Distributed Systems Jun Li, Peter Reiher, Gerald Popek, and Mark Yarvis UCLA Geoffrey H. Kuenning Harvey Mudd College.

Security Alert Systems May 21st, 2003 cs239-1 Martin Lukac.

Dissemination of Security Updates Jun Li Dissertation Proposal.

TCP: Software for Reliable Communication. Spring 2002Computer Networks Applications Internet: a Collection of Disparate Networks Different goals: Speed,

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Network Topologies.

Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.

ICMP (Internet Control Message Protocol) Computer Networks By: Saeedeh Zahmatkesh spring.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Common Devices Used In Computer Networks

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

Happy Network Administrators  Happy Packets  Happy Users WIRED Position Statement Aman Shaikh AT&T Labs – Research October 16,

SDN based Network Security Monitoring in Dynamic Cloud Networks Xiuzhen CHEN School of Information Security Engineering Shanghai Jiao Tong University,

Wireless TCP Prasun Dewan Department of Computer Science University of North Carolina

The Way Networks Work Computer Networks Kwangwoon University.

PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.

Lecture 27 Page 1 Advanced Network Security Routing Security Advanced Network Security Peter Reiher August, 2014.

Lecture 6 Page 1 Advanced Network Security Review of Networking Basics Advanced Network Security Peter Reiher August, 2014.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Computer security By Isabelle Cooper.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.

SYSTEM ADMINISTRATION Chapter 2 The OSI Model. The OSI Model was designed by the International Standards Organization (ISO) as a structural framework.

Networks and Distributed Systems Sarah Diesburg Operating Systems COP 4610.

Lecture 17 Page 1 CS 236 Online Onion Routing Meant to handle issue of people knowing who you’re talking to Basic idea is to conceal sources and destinations.

A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.

Networks, Part 2 March 7, Networks End to End Layer  Build upon unreliable Network Layer  As needed, compensate for latency, ordering, data.

Packet switching Monil Adhikari. Packet Switching Packet switching is the method by which the internet works, it features delivery of packets of data.

ITP 457 Network Security Networking Technologies III IP, Subnets & NAT.

1 Protocols and Protocol Layering. 2 Protocol Agreement about communication Specifies –Format of messages –Meaning of messages –Rules for exchange –Procedures.

1. Introduction and Background Network Performance and Quality of Service.

Ing-Ray Chen, Member, IEEE, Hamid Al-Hamadi Haili Dong Secure and Reliable Multisource Multipath Routing in Clustered Wireless Sensor Networks 1.

Mobility With IP, implicit assumption that there is no mobility. Addresses -- network part, host part -- so routers determine how to get to correct network.

PROJECT DOMAIN : NETWORK SECURITY Project Members : M.Ananda Vadivelan & E.Kalaivanan Department of Computer Science.

Protocols and layering Network protocols and software Layered protocol suites The OSI 7 layer model Common network design issues and solutions.

DNS Security Advanced Network Security Peter Reiher August, 2014

Mobile Networking (I) CS 395T - Mobile Computing and Wireless Networks

Scaling the Network: The Internet Protocol

Packet Leashes: Defense Against Wormhole Attacks

Outline Basics of network security Definitions Sample attacks

Revere—Disseminating Security Updates at Internet Scale

Chapter 5 Networks Communicating and Sharing Resources

Chapter 6 Networks Communicating and Sharing Resources

Digital Repositories The management of learning objects

Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li University of Pittsburgh, Pittsburgh, PA Hui Ling.

Computer communications

Net 323 D: Networks Protocols

Outline Using cryptography in networks IPSec SSL and TLS.

Network Models CCNA Instructor Training Course October 12-17, 2009

Scaling the Network: The Internet Protocol

Outline The spoofing problem Approaches to handle spoofing

Outline Basics of network security Definitions Sample attacks

Outline Why is DDoS hard to handle?

Presentation transcript:

1 Securing Information Transmission by Redundancy Jun LiPeter ReiherGerald Popek Computer Science Department UCLA NISS Conference October 21, 1999

2 Outline Interruption threats are hard to counter Redundant transmission makes interruptions harder But redundant transmission is not as easy as using redundancy in other areas Sample uses Conclusion

3 Interruption Threats Source Destination Result? No data flows to the destination An interruption attack occurs

4 Many kinds of interruption threats –Corrupted routers drop packets –Transmitting over packets on shared media –Congesting links or routers Conventional approaches won’t help –Encrypted/signed message can still be interrupted Acknowledgement won’t help either –The acknowledgement itself is subject to interruption –Retransmission means possibly failing again So? Problem

5 Using Redundancy To Counter Interruptions Don’t use a single path –Any point on the single path is a point of failure Use redundancy to secure transmission –Only parallel redundancy considered here A node is expected to receive multiple copies of one message Successful if at least one copy is authentically received Redundancy has been widely used in other areas –High availability storage –Replicated execution –And many others receiver

6 A Simple Example Source Destination Normal delivery uses a default path What if a router is corrupted? How does redundant deliver help? The redundant copy gets through despite a bad router

7 But... Redundant transmission is tough –Discovering disjoint paths is difficult Routing is transparent to applications –Using disjoint paths is difficult –They may not exist at all Can try to be as disjoint as possible nevertheless –An attacker has to find a choke point or break multiple points Scale can also cause big problems And what about costs of sending multiple copies? receiver sender

8 Sample Uses of Redundancy Revere –Secure delivery of security updates General purpose redundant packet delivery service –Redundancy for every network user?

9 Revere -Goal: disseminate security updates to large number of machines -Assume a trusted dissemination center -Security updates -Small size but critical information -Examples: -New virus signature -New intrusion detection signature -CRL (certificate revocation lists) -Offending characteristics for a firewall to monitor

10 Revere Structure -Acks/Nacks inappropriate -Scaling, lack of complete trust, etc. -Use redundancy to send multiple copies to each node -Each node can also forward security updates to others -A node can contact multiple repository nodes for missed updates

11 General Redundant Packet Delivery Services How could we add a redundant packet delivery service to the Internet? What would be the best method of achieving redundancy? –Know a lot about the network? –Or rely on randomness and obscurity? What are the costs of doing so? How could it be easily deployable? –Proxy-based solutions?

12 Conclusion -Conventional security approaches and transmission primitives don’t adequately counter interruption threats -Redundancy is a promising tool -But effective use of redundancy is challenging -Are there other problems that redundancy can solve? -Does redundancy itself lead to new security threats?

13 Questions -Contact information -Peter Reiher: -Jun Li: -Gerald Popek: