1 Highly Secure and Efficient Routing Ioannis Avramopulos, Hisashi Kobayashi Randolph Wang Arvind Krishamurthy Dept. of EE Dept. of CS Dept. of CS Dept.

Slides:



Advertisements
Similar presentations
Karlston D'Emanuele Distance Vector Routing Protocols Notes courtesy of Mr. Joe Cordina Password Removed
Advertisements

Congestion Control and Fairness Models Nick Feamster CS 4251 Computer Networking II Spring 2008.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.
1 CS 194: Distributed Systems Process resilience, Reliable Group Communication Scott Shenker and Ion Stoica Computer Science Division Department of Electrical.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Authors: Alexander Afanasyev, Priya Mahadevany, Ilya Moiseenko, Ersin Uzuny, Lixia Zhang Publisher: IFIP Networking, 2013 (International Federation for.
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
Congestion Control Created by M Bateman, A Ruddle & C Allison As part of the TCP View project.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Courtesy: Nick McKeown, Stanford
What is Flow Control ? Flow Control determines how a network resources, such as channel bandwidth, buffer capacity and control state are allocated to packet.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
SRG PeerReview: Practical Accountability for Distributed Systems Andreas Heaberlen, Petr Kouznetsov, and Peter Druschel SOSP’07.
Security Issues In Sensor Networks By Priya Palanivelu.
Timed Efficient Stream Loss-Tolerant Authentication. (RFC 4082) Habib Moukalled 1/29/08.
Centre for Wireless Communications University of Oulu, Finland
1 Relates to Lab 4. This module covers link state routing and the Open Shortest Path First (OSPF) routing protocol. Dynamic Routing Protocols II OSPF.
A General approach to MPLS Path Protection using Segments Ashish Gupta Ashish Gupta.
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
Routing Security in Ad Hoc Networks
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.
Secure Routing in Ad Hoc Wireless Networks
Stealth Probing: Efficient Data- Plane Security for IP Routing Ioannis Avramopoulos Princeton University Joint work with Jennifer Rexford.
A General approach to MPLS Path Protection using Segments Ashish Gupta Ashish Gupta.
ITIS 6010/8010: Wireless Network Security Weichao Wang.
1 Timed Efficient Stream Loss-tolerant Authentication.
Error Checking continued. Network Layers in Action Each layer in the OSI Model will add header information that pertains to that specific protocol. On.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Switching Techniques Student: Blidaru Catalina Elena.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking BGP, Flooding, Multicast routing.
Vulnerabilities and Safeguards in Networks with QoS Support Dr. Sonia Fahmy CS Dept., Purdue University.
Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.
Fall 2005Computer Networks20-1 Chapter 20. Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv ARP 20.2 IP 20.3 ICMP 20.4 IPv6.
Multicast Routing Algorithms n Multicast routing n Flooding and Spanning Tree n Forward Shortest Path algorithm n Reversed Path Forwarding (RPF) algorithms.
Computer Networks with Internet Technology William Stallings
The Sybil Attack in Sensor Networks: Analysis & Defenses
Abstract Link error and malicious packet dropping are two sources for packet losses in multi-hop wireless ad hoc network. In this paper, while observing.
1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
1 MANETS – An overview. 2 MANETs Model and Definitions Simulatability – mobility models Routing algorithms Security issues with routing algorithms Tracing.
Secure and Energy-Efficient Disjoint Multi-Path Routing for WSNs Presented by Zhongming Zheng.
Agenda Fail Stop Processors –Problem Definition –Implementation with reliable stable storage –Implementation without reliable stable storage Failure Detection.
Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 7 Spanning Tree Protocol.
Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.
SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Network Raymond Chang March 30, 2005 EECS 600 Advanced Network Research, Spring.
Shambhu Upadhyaya 1 Sensor Networks – Hop- by-Hop Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 22)
1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng.
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
CWSA Workshop SWAN: Survivable Wireless Ad Hoc Networks Cristina Nita-Rotaru Purdue University J oint work with: Baruch Awerbuch, Reza Curtmola, Dave Holmer.
RIP Routing Protocol. 2 Routing Recall: There are two parts to routing IP packets: 1. How to pass a packet from an input interface to the output interface.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
1 Traffic Engineering By Kavitha Ganapa. 2 Introduction Traffic engineering is concerned with the issue of performance evaluation and optimization of.
COMP8330/7330/7336 Advanced Parallel and Distributed Computing Communication Costs in Parallel Machines Dr. Xiao Qin Auburn University
Message Authentication Code
Routing and Switching Fabrics
Packet Leashes: Defense Against Wormhole Attacks
Security Of Wireless Sensor Networks
Switching Techniques.
Security of Wireless Sensor Networks
Routing and Switching Fabrics
DetNet Architecture Updates
Presentation transcript:

1 Highly Secure and Efficient Routing Ioannis Avramopulos, Hisashi Kobayashi Randolph Wang Arvind Krishamurthy Dept. of EE Dept. of CS Dept. of CS Dept. of EE Dept. of CS Dept. of CS Princeton University Yale University Princeton University Yale University Presentation: Huan He

2 Contents The routing protocol The routing protocol How the protocol defend adversary How the protocol defend adversary Summary Summary

3 Network Failures Simple Simple one where some network component( one or more nodes) simply become inoperative one where some network component( one or more nodes) simply become inoperative Byzantine Byzantine In Byzantine failure, a component becomes faulty and yet continues to operate( incorrectly) In Byzantine failure, a component becomes faulty and yet continues to operate( incorrectly)

4 The Routing Protocol This routing protocol is a routing protocol with Byzantine robustness and detection This routing protocol is a routing protocol with Byzantine robustness and detection

5 The Routing protocol Basic Idea Basic Idea Specific mechanisms Specific mechanisms Authentication Authentication Route Selection Route Selection Reserved Buffers, Timeouts, and Sequence Numbers Reserved Buffers, Timeouts, and Sequence Numbers

6 Some definition What is a faulty node? What is a faulty node? --Does not follow the protocol --Does not follow the protocol --Can be impersonated by another node --Can be impersonated by another node What is a faulty link? What is a faulty link? --Drops packet --Drops packet --Is incident to a faulty node --Is incident to a faulty node If a link is detected to be faulty, one or more of following is true: If a link is detected to be faulty, one or more of following is true: --The upstream router is faulty --The upstream router is faulty --The link is faulty --The link is faulty --the downstream router is faulty --the downstream router is faulty

7 The Routing protocol Basic Idea Basic Idea Specific mechanisms Specific mechanisms Authentication Authentication Route Selection Route Selection Reserved Buffers, Timeouts, and Sequence Numbers Reserved Buffers, Timeouts, and Sequence Numbers

8 Basic Idea — Packet Forwarding with Fault Detection Source Routing Source Routing Destination acknowledgements Destination acknowledgements Timeouts( to receive ACK or FA from destination) Timeouts( to receive ACK or FA from destination) Fault Announcements( FA) Fault Announcements( FA)

9 Basic Idea — A Simple Example S D 3 M × × Route(S,1,4,5,D) 5 Route(S,3,M,6,D) Route(S,2,M,6,D) × ×

10 Basic Idea — More We also need more following mechanisms to provide Byzatine robustness We also need more following mechanisms to provide Byzatine robustness Data and control packet authentication Data and control packet authentication A-priori reserved buffers A-priori reserved buffers Monotonically increasing non-wrapping sequence numbers Monotonically increasing non-wrapping sequence numbers Round-robin scheduling of packet transmission Round-robin scheduling of packet transmission Calculation of appropriate time out values Calculation of appropriate time out values

11 Basic Idea None of the individual mechanisms of the basic protocol described in here is novel, it is the combination of them that delivers the desired robustness and efficiency None of the individual mechanisms of the basic protocol described in here is novel, it is the combination of them that delivers the desired robustness and efficiency

12 The Routing protocol Basic Idea Basic Idea Specific mechanisms Specific mechanisms Authentication Authentication Reserved Buffers, Timeouts, and Sequence Numbers Reserved Buffers, Timeouts, and Sequence Numbers Route Selection Route Selection

13Authentication Authentication of Data Packets: Authentication of Data Packets: --Safeguards against modification --Safeguards against modification --Ensures that allocated resources( namely, reserved buffers) --Ensures that allocated resources( namely, reserved buffers) Authentication of Control packets: Authentication of Control packets: --Prevents malicious nodes from forging ACKs and FAs on behalf of non- faulty nodes --Prevents malicious nodes from forging ACKs and FAs on behalf of non- faulty nodes Performance of Authentication mechanism is crucial: Performance of Authentication mechanism is crucial: As authentication must be performed for each packet at each node and the speed of authentication may bound the effective link bandwidth. As authentication must be performed for each packet at each node and the speed of authentication may bound the effective link bandwidth.

14 Authentication Digital signature Digital signature --Most straightforward authentication mechanism --Most straightforward authentication mechanism --Poor performance --Poor performance

15Authentication The multicast authentication construction of Canetti The multicast authentication construction of Canetti MAC d =f(Key sd ) MAC d =f(Key sd ) MAC( Message Authentication code) MAC( Message Authentication code) Limitatione: Limitatione: Vulnerable to an adversary that tampers with only a subset of the authentication tags( when used to secure data packet forwarding) Vulnerable to an adversary that tampers with only a subset of the authentication tags( when used to secure data packet forwarding)

16Authentication Tesla Tesla --A broadcast authentication protocol that relies on loose clock synchronization and delayed key disclosure --A broadcast authentication protocol that relies on loose clock synchronization and delayed key disclosure --limitations: --limitations: 1.Delayed authentication is vulnerable to a DoS attack 1.Delayed authentication is vulnerable to a DoS attack 2.Nodes will have no recent enough Tesla keys to efficiently authenticate newly released keys when two nodes not communicated securely for a substantial period of time (For Tesla keys is periodic flooding ) 2.Nodes will have no recent enough Tesla keys to efficiently authenticate newly released keys when two nodes not communicated securely for a substantial period of time (For Tesla keys is periodic flooding )

17 Authentication MACs based on pairwise secret keys MACs based on pairwise secret keys  Given a path, the computation of the MAC for node n i receives as input both the message and the MACs for nodes n i+1, …,t MACs are therefore computed sequentially from destination to the first intermediate node.

18 Authentication MACs based on pairwise secret keys MACs based on pairwise secret keys SN1N2N3T SN1N2N3T MAC ST =F [ Key ST, PKT ST ] MAC SN3 =F [ Key SN3, MAC ST, PKT SN3 ]

19 Authentication MACs based on pairwise secret keys MACs based on pairwise secret keys --Prevent malicious router trigger an FA for a non- faulty link --Prevent malicious router trigger an FA for a non- faulty link --Performance is good --Performance is good For 1500B packets, the upper bound on link bandwidth is 50Mbps using this authentication, while the bound on link bandwidth becomes less than 2Mbps using digital signature. For 1500B packets, the upper bound on link bandwidth is 50Mbps using this authentication, while the bound on link bandwidth becomes less than 2Mbps using digital signature.

20 Authentication MACs based on pairwise secret keys MACs based on pairwise secret keys  The same structure is used for data packets, ACKs, and FAs. If this structure is used for ACKs and FAs, then it gives the adversary the advantage to discredit link in the path between the source and the adversarial router If this structure is used for ACKs and FAs, then it gives the adversary the advantage to discredit link in the path between the source and the adversarial router ? ?

21 The Routing Protocol Basic Idea Basic Idea Specific mechanisms Specific mechanisms Authentication Authentication Reserved Buffers, Timeouts, and Sequence Numbers Reserved Buffers, Timeouts, and Sequence Numbers Route Selection Route Selection

22 Reserved Buffers, Timeouts, and sequence Numbers Problem: Problem: Routers may drop packets due to congestion Routers may drop packets due to congestion  Malicious nodes can incur congestion by overwhelming the network with their own packets, so it is desirable to be able to deliver packets despite the presence of such malicious sources  For congestion is not inherently a network fault, it is desirable to be able to disassociate fault announcements with congestion,

23 Reserved Buffers, Timeouts, and Sequence Numbers Solution: Solution:  Priori Buffer reservation --Ensure that packets are never dropped because of congestion --Ensure that packets are never dropped because of congestion  Round-Robin scheduling --Minimize the “ interference ” between sources --Minimize the “ interference ” between sources  Timeouts equal to the worst case RTT to the destination --Attempt to ensure that FAs are not triggered because of congestion --Attempt to ensure that FAs are not triggered because of congestion  Sequence Number and limitation Window --Detecting and dropping illegitimate packets that are due to either replays or faulty sources --Detecting and dropping illegitimate packets that are due to either replays or faulty sources  Fault announcements should only be relevant to the source of the packet that triggered the announcement

24 The Routing Protocol Basic Idea Basic Idea Specific mechanisms Specific mechanisms Authentication Authentication Reserved Buffers, Timeouts, and Sequence Numbers Reserved Buffers, Timeouts, and Sequence Numbers Route Selection Route Selection

25 Route Selection Shortest path algorithm Shortest path algorithm Route Selection Utilizes: Route Selection Utilizes:  A topological map  Fault announcements  Buffer# available to this source at each link  Link bandwidth  Prefix spans

26 Route Selection Specifically: Specifically:  The links corresponding to valid fault announcements are deleted from the topological map of the sauce  Links that lack available buffers for this source due to currently outstanding packets are temporarily deleted from topological map

27 Route Selection Prefix Spans: Prefix Spans:  The use of Prefix Spans is clearly desirable for maximizing the throughput of packets sent through a link  Trade-off is it prevents certain link from being used by sources that are far away from the link, thereby reducing the number of usable paths in the system. Path Length Number Of Usable paths Prefix Spans Bandwidth

28 Route Selection Shortest path algorithm Shortest path algorithm  Based on the Bellman-Ford shortest path algorithm that calculates shortest paths in a network where the links have different bandwidths and prefix spans.  The complexity of the algorithm is O(H*|E|) given G(V,E) H=maximum prefix span over all edges H=maximum prefix span over all edges

29 Contents The routing protocol The routing protocol How the protocol defend adversary How the protocol defend adversary Summary Summary

30 Adversary The protocol is designed to withstand adversary attack so that it can continue to deliver packets as long as a none faulty path exists. The protocol is designed to withstand adversary attack so that it can continue to deliver packets as long as a none faulty path exists.

31Adversary  Adversary can create spurious unauthenticated traffic try to block authenticated traffic at non- faulty routers This protocol require authentication to work at line speed This protocol require authentication to work at line speed  Adversary can create spurious authenticated traffic, try to block authenticated traffic from non-faulty sources at non-faulty routers Non-faulty sources are ensure buffers and link bandwidth Non-faulty sources are ensure buffers and link bandwidth

32Adversary  Adversary can replay authenticated traffic that has originated from other non-faulty sources, try to pending authenticated traffic from non-faulty sources The authenticated traffic from non-faulty sources carries sequence numbers that are larger than those of replayed traffic and priority is given to packets with larger sequence number The authenticated traffic from non-faulty sources carries sequence numbers that are larger than those of replayed traffic and priority is given to packets with larger sequence number  Adversary can mis-route packets Mis-routed packets are dropped at the next non- faulty router, if the router does not appear in the source-specified path Mis-routed packets are dropped at the next non- faulty router, if the router does not appear in the source-specified path

33 Adversary  Adversary can modify packets Modifying the content protected by the authentication tag is equivalent to dropping the corresponding packet. Modifying the content protected by the authentication tag is equivalent to dropping the corresponding packet. Modifying the MACs of upstream routers has no effect, since those MACs are not further utilized. Modifying the MACs of upstream routers has no effect, since those MACs are not further utilized. Modifying the MACs of downstream routers is equivalent to dropping the corresponding packet. Modifying the MACs of downstream routers is equivalent to dropping the corresponding packet. ?

34 Adversary  Adversary can drop packets Timeout at intermediate nodes pinpoint the location of faults. Timeout at intermediate nodes pinpoint the location of faults. This implies the protocol ’ s Byzantine robustness, is argued by the following theorem: a packet transmission from a non-faulty source will resulty in either the reception of a destination acknowledgement or the deletion of a faulty link at the deletion of a faulty link at the source ’ s topological map This implies the protocol ’ s Byzantine robustness, is argued by the following theorem: a packet transmission from a non-faulty source will resulty in either the reception of a destination acknowledgement or the deletion of a faulty link at the deletion of a faulty link at the source ’ s topological map

35 Contents Our routing protocol Our routing protocol How the protocol defend adversary How the protocol defend adversary Summary Summary

36 Summary The protocol can be seen as a combination of several components. While none of these is novel by itself, it is the integration of them that is crucial for the correctness and efficiency of the protocol The protocol can be seen as a combination of several components. While none of these is novel by itself, it is the integration of them that is crucial for the correctness and efficiency of the protocol

37 Summary These components are : These components are :  Source routing  Destination acknowledgements  Timeouts  Fault announcements  Authentication  Reserved Buffer  Sequence Numbers  Round-Robin scheduling

38 Thank You!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.