© 2014 UZH, chkroute – A tool for route compliance analyisis Daniel Dönni 1 1 Department of Informatics IFI, Communication Systems Group CSG, University.

Slides:



Advertisements
Similar presentations
Dude, where’s that IP? Circumventing measurement-based IP geolocation Presented by: Steven Zittrower.
Advertisements

ECE /24/2005 A Survey on Position-Based Routing in Mobile Ad-Hoc Networks Alok Sabherwal.
Internetworking II: MPLS, Security, and Traffic Engineering
Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
Helper Protocols Protocols that either make it easier for IP to do its job, or extend the capabilities of the network layer.
Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.
The Application Layer Chapter 7. Where are we now?
Module 10: Routing Fundamentals and Subnets Small Router Purchase Subnetting Example a Basic Subnetting b Subnetting a Class A Network.
William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Internetworking.
1 A survey of Internet Topology Discovery. 2 Outline Motivations Internet topology IP Interface Level Router Level AS Level PoP Level.
Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.
Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.
1 Last Class! Today: r what have we learned? r where is the networking world going? r question and answers r evaluation.
CS335 Networking & Network Administration Tuesday April 27, 2010.
Web and Internet Part I ST: Introduction to Web Interface Design Prof. Angela Guercio Spring 2007.
Measuring ISP topologies with Rocketfuel Ratul Mahajan Neil Spring David Wetherall University of Washington ACM SIGCOMM 2002.
A Guide to major network components
Cellular IP: Proxy Service Reference: “Incorporating proxy services into wide area cellular IP networks”; Zhimei Jiang; Li Fung Chang; Kim, B.J.J.; Leung,
Virtual Private Network
Module 4 - Networking MIS5122: Enterprise Architecture for the IT Auditor.
Study of the Relationship between Peer to Peer Systems and IP Multicasting From IEEE Communication Magazine January 2003 學號 :M 姓名 : 邱 秀 純.
Introduction to IT and Communications Technology Justin Champion C208 – 3292 Ethernet Switching CE
Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.
1 Chapter 27 Internetwork Routing (Static and automatic routing; route propagation; BGP, RIP, OSPF; multicast routing)
1 Internetworking : Internet architecture and TCP/IP Protocol TK3133 Computer Networking Technology.
Managing Network connections. Network Cabling Ethernet Topology Bus topology – Connects each node in a line – Has no central connection point Star topology.
Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.
SIGNALING. To establish a telephone call, a series of signaling messages must be exchanged. There are two basic types of signal exchanges: (1) between.
Computers Are Your Future Tenth Edition Chapter 8: Networks: Communicating & Sharing Resources Copyright © 2009 Pearson Education, Inc. Publishing as Prentice.
1 Chapter 27 Internetwork Routing (Static and automatic routing; route propagation; BGP, RIP, OSPF; multicast routing)
Towards Street-Level Client- Independent IP Geolocation Yong Wang, UESTC/Northwestern Daniel Burgener, Northwestern Marcel Flores, Northwestern Aleksandar.
10/8/2015CST Computer Networks1 IP Routing CST 415.
Chapter 17 - Internetworking: Concepts, Architecture, and Protocols 1. Internetworking concepts 2. Router 3. protocol for internetworking 4. TCP/ IP layering.
Today’s Topics Chapter 8: Networks Chapter 8: Networks HTML Introduction HTML Introduction.
A Routing Underlay for Overlay Networks Akihiro Nakao Larry Peterson Andy Bavier SIGCOMM’03 Reviewer: Jing lu.
1 Internet Routing. 2 Terminology Forwarding –Refers to datagram transfer –Performed by host or router –Uses routing table Routing –Refers to propagation.
Multicasting Part I© Dr. Ayman Abdel-Hamid, CS4254 Spring CS4254 Computer Network Architecture and Programming Dr. Ayman A. Abdel-Hamid Computer.
IP Multicast COSC Addressing Class D address Ethernet broadcast address (all 1’s) IP multicast using –Link-layer (Ethernet) broadcast –Link-layer.
Chapter2 Networking Fundamentals
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Connecting Devices CORPORATE INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL Department of Electronics and.
ICS 156: Networking Lab Magda El Zarki Professor, ICS UC, Irvine.
1 LAN – local area network overview: 1.Types of networks 2.Network topology 3.LAN local area networks 4.Introduction to TCP/IP 5.IEEE / Wireless.
CISCO PACKET TRACER By:- Ankita Rawat Sohit Mehta Sukhwinder Singh.
 A hub is a central connecting device in a network.  Each node is connected directly to the hub.  They receive a data packet from one node and send.
Routing protocols. 1.Introduction A routing protocol is the communication used between routers. A routing protocol allows routers to share information.
Chapter 21 Multicast Routing
Local Area Networks Honolulu Community College
THE NETWORKS Theo Chakkapark. Open System Interconnection  The tower of power!  The source of this power comes from the model’s flexibility.
Networking Components Assignment 3 Corbin Watkins.
“ is not to be used to pass on information or data. It should used only for company business!” – Memo from IBM Executive The Languages, Methods &
1 Backbone Performance Comparison Jeff Boote, Internet2 Warren Matthews, Georgia Tech John Moore, MCNC.
Release 16/7/2009 Internetworking Devices Chapter 10 Jetking Infotrain Ltd.
Core elements of GIS Guidance and practical steps toward harmonisation By Albrecht Wirthmann, GISCO, Eurostat 2 nd.
Data and Computer Communications Eighth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 1 – Data Communications, Data Networks, and.
Ethernet Basics – 7 IP Addressing. Introducing IP Addressing  IP address (TCP/IP address)  Not unique (but should be), user assigned  Layer 3  4 byte.
Network Devices and Firewalls Lesson 14. It applies to our class…
Click to edit Master subtitle style Chapter 1:Introduction to Networks.
Cisco Discovery 3 Chapter 1 Networking in the Enterprise JEOPARDY.
Introduction to “Tap – Dance ”. Company Proprietary Presentation Topics  Introduction  Handover scenarios  Inter-Network Handover consequences  Common.
Interaction and Animation on Geolocalization Based Network Topology by Engin Arslan.
Communication Networks: Technology & Protocols
Local Area Networks Honolulu Community College
Local Area Networks Yiannos Mylonas.
Ken Gunnells, Ph.D. - Networking Paul Crigler - Programming
Measured Impact of Crooked Traceroute
Key concepts covered in Midterm III
Computer Networking A computer network, often simply referred to as a network, is a collection of computers and devices connected by communications channels.
Computer Networking A computer network, often simply referred to as a network, is a collection of computers and devices connected by communications channels.
IP Multicast COSC /5/2019.
Computer Networks ARP and RARP
Presentation transcript:

© 2014 UZH, chkroute – A tool for route compliance analyisis Daniel Dönni 1 1 Department of Informatics IFI, Communication Systems Group CSG, University of Zürich UZH Zürich, ZH, November 18, 2014

© 2014 UZH, Introduction  The Snowden affair revealed that a significant amount of Internet traffic was being intercepted by intelligence agencies  One possible countermeasure suggested by European politicians was to introduce ‘Schengen Routing’.  ‘Schengen Routing’ refers to the idea of ensuring that traffic exchanged between two hosts located in the Schengen zone does not leave the zone.

© 2014 UZH, Introduction II  Research trying to quantify the amount of traffic that leaves the Schengen area is limited.  According to [1], the number of routes amounts to 0% - 35%.  A tool which allows the end-user to verify whether a route leaves the Schengen zone does not exist yet.  chkroute is the first tool specifically designed for Schengen routing compliance checking.

© 2014 UZH, Related Work  The only work which specifically addresses Schengen routing is [1]. It suggests that –0% (Iceland) - 35% (Belgium) of routes headed for Schengen leave the zone. –Switzerland ranks 3 rd (23%) among all Schengen countries. –The work is based on BGP tables and Maxmind data [5]  Relevant topics with respect to Schengen routing are –Network topology discovery –Geolocation of IP addresses

© 2014 UZH, Related Work II (Topology Discovery)  Network topology discovery –Layer 2: Physical Connectivity, e.g. Ethernet [2], [4] –Layer 3: Can be subdivided into 4 areas [3] 1. IP Interface Level 2. Router Level (after alias resolution) 3. PoP Level (Groups PoPs) 4. AS Level (Groups ASs) –Layer 3+: Overlay networks, e.g. P2P [3]  Broad range of research available –Practical: Development of tools –Theoretical: Mathematical models

© 2014 UZH, Related Work II (Geolocation)  Geolocation –Mechanisms that try to find the geographic location of an IP address. –There are two main approaches [6] Active: Latency driven Passive: Database driven –A major problem: Accuracy of the data Less than 20% are within 10km of actual position [6] 80% deviate between 100km – 1000km [6] Substantial improvements using the location of University campus locations (Median deviation: 690m) [7]

© 2014 UZH, chkroute Demo  chkroute is a tool developed to verify routing compliance  Brace for demo…

© 2014 UZH, chkroute Architecture

© 2014 UZH, chkroute Process I 1 1. Running traceroute towards target server

© 2014 UZH, chkroute Process II 2 2. Running query against compliance DB

© 2014 UZH, chkroute Process III 3 3. Evaluating result

© 2014 UZH, Selected Issues  Definition of the location of Schengen –Possibility 1 “An IP address is considered to be in Schengen, if the host owning the respective NIC is geographically located in Schengen.“ Problem: What if packets are forwarded by a backbone provider which has PoPs in Schengen but is operated outside Schengen? –Possibility 2 “An IP address is considered to be in Schengen, if the host owning the respective NIC is owned by a company headquartered in Schengen. Problem: Is there reliable corporate information available? Problem 2: What if a large backbone provider has a subsidiary in Schengen. Should it count as a Schengen company?

© 2014 UZH, Questions  Questions?

© 2014 UZH, References [1] N. Pohlmann, Secure Communication and Digital Sovereignty in Europe, ISSE 2014 Securing Electronic Business Processes, 2014 [3] B. Donnet et al., “Internet Topology Discovery: A Survey”, IEEE Communications Surveys & Tutorials, 4th Quarter 2007 [4] Y. Breitbart et al., “Topology Discovery in Heterogeneous IP Networks,” Proc. IEEE INFOCOM, Mar [5] Maxmind, dat.gz. Last access: [6] I. Poese, IP Geolocation Databases: Unreliable?, ACM SIGCOMM Computer Communication Review, Volume 41, Number 2, April 2011 [7] Y. Wang, Towards Street-Level Client-Independent IP Geolocation, Usenix, 2011

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.