Decoy Router Placement Jacopo Cesareo, Michael Schapira, and Jennifer Rexford Princeton University.

Slides:



Advertisements
Similar presentations
1 Incentive-Compatible Interdomain Routing Joan Feigenbaum Yale University Vijay Ramachandran Stevens Institute of Technology Michael Schapira The Hebrew.
Advertisements

Traveling Salesperson Problem
Minimizing Seed Set for Viral Marketing Cheng Long & Raymond Chi-Wing Wong Presented by: Cheng Long 20-August-2011.
Censorship Resistance: Decoy Routing Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
CSE534- Fundamentals of Computer Networking Lecture 12-13: Internet Connectivity + IXPs (The Underbelly of the Internet) Based on slides by D. Choffnes.
Let the Market Drive Deployment A Strategy for Transitioning to BGP Security Phillipa Gill University of Toronto Sharon Goldberg Boston University Michael.
Lecture 6 Overlay Networks CPE 401/601 Computer Network Systems slides are modified from Jennifer Rexford.
Part II: Inter-domain Routing Policies. March 8, What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!
Progress in inferring business relationships between ASs Dmitri Krioukov 4 th CAIDA-WIDE Workshop.
Traffic Engineering With Traditional IP Routing Protocols
Interdomain Routing Security COS 461: Computer Networks Michael Schapira.
Traffic Engineering Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.
1 Traffic Engineering for ISP Networks Jennifer Rexford IP Network Management and Performance AT&T Labs - Research; Florham Park, NJ
Traffic Engineering in IP Networks Jennifer Rexford Computer Science Department Princeton University; Princeton, NJ
Stable Internet Routing Without Global Coordination Jennifer Rexford Princeton University Joint work with Lixin Gao (UMass-Amherst)
Slide -1- February, 2006 Interdomain Routing Gordon Wilfong Distinguished Member of Technical Staff Algorithms Research Department Mathematical and Algorithmic.
Dynamics of Hot-Potato Routing in IP Networks Renata Teixeira (UC San Diego) with Aman Shaikh (AT&T), Tim Griffin(Intel),
Characterizing the Internet Hierarchy from Multiple Vantage Points Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park,
Interdomain Routing Establish routes between autonomous systems (ASes). Currently done with the Border Gateway Protocol (BGP). AT&T Qwest Comcast Verizon.
Inherently Safe Backup Routing with BGP Lixin Gao (U. Mass Amherst) Timothy Griffin (AT&T Research) Jennifer Rexford (AT&T Research)
Economic Incentives in Internet Routing Jennifer Rexford Princeton University
On Multi-Path Routing Aditya Akella 03/25/02. What is Multi-Path Routing?  Dynamically route traffic Multiple paths to a destination Path taken dependant.
Internet Routing (COS 598A) Today: Interdomain Topology Jennifer Rexford Tuesdays/Thursdays 11:00am-12:20pm.
Wen Xu and Jennifer Rexford Princeton University MIRO : Multi-path Interdomain ROuting.
Interdomain Routing Policy COS 461: Computer Networks Spring 2011 Mike Freedman 1.
Stable Internet Routing Without Global Coordination Jennifer Rexford AT&T Labs--Research
1 Internet Topology COS 461: Computer Networks Spring 2006 (MW 1:30-2:50 in Friend 109) Jennifer Rexford Teaching Assistant: Mike Wawrzoniak
Stable Internet Routing Without Global Coordination Jennifer Rexford AT&T Labs--Research Joint work with Lixin Gao.
Building a Strong Foundation for a Future Internet Jennifer Rexford ’91 Computer Science Department (and Electrical Engineering and the Center for IT Policy)
NetworkModel-1 Network Optimization Models. NetworkModel-2 Network Terminology A network consists of a set of nodes and arcs. The arcs may have some flow.
1 Latency Equalization: A Programmable Routing Service Primitive Minlan Yu Joint work with Marina Thottan, Li Li at Bell Labs.
1 Meeyoung Cha, Sue Moon, Chong-Dae Park Aman Shaikh Placing Relay Nodes for Intra-Domain Path Diversity To appear in IEEE INFOCOM 2006.
Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.
9/15/2015CS622 - MIRO Presentation1 Wen Xu and Jennifer Rexford Department of Computer Science Princeton University Chuck Short CS622 Dr. C. Edward Chow.
On AS-Level Path Inference Jia Wang (AT&T Labs Research) Joint work with Z. Morley Mao (University of Michigan, Ann Arbor) Lili Qiu (University of Texas,
Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.
CAIDA’s AS-rank: measuring the influence of ASes on Internet Routing
TDTS21: Advanced Networking Lecture 7: Internet topology Based on slides from P. Gill and D. Choffnes Revised 2015 by N. Carlsson.
Finding Vulnerable Network Gadgets in the Internet Topology Author: Nir Amar Supervisor: Dr. Gabi Nakibly Author: Nir Amar Supervisor: Dr. Gabi Nakibly.
Online Algorithms By: Sean Keith. An online algorithm is an algorithm that receives its input over time, where knowledge of the entire input is not available.
CS 447 Networks and Data Communication Department of Computer Science Southern Illinois University Edwardsville Fall, 2015 Dr. Hiroshi Fujinoki
CAIDA’s AS-rank: measuring the influence of ASes on Internet Routing Matthew Luckie Bradley Huffaker Amogh Dhamdhere k claffy
BGP topics to be discussed in the next few weeks: –Excessive route update –Routing instability –BGP policy issues –BGP route slow convergence problem –Interaction.
Mobile Agent Migration Problem Yingyue Xu. Energy efficiency requirement of sensor networks Mobile agent computing paradigm Data fusion, distributed processing.
Intradomain Traffic Engineering By Behzad Akbari These slides are based in part upon slides of J. Rexford (Princeton university)
Eliminating Packet Loss Caused by BGP Convergence Nate Kushman Srikanth Kandula, Dina Katabi, and Bruce Maggs.
CS 4396 Computer Networks Lab BGP. Inter-AS routing in the Internet: (BGP)
Evolving Toward a Self-Managing Network Jennifer Rexford Princeton University
Tung-Wei Kuo, Kate Ching-Ju Lin, and Ming-Jer Tsai Academia Sinica, Taiwan National Tsing Hua University, Taiwan Maximizing Submodular Set Function with.
CSE534- Fundamentals of Computer Networking Lecture 12-13: Internet Connectivity + IXPs (The Underbelly of the Internet) Based on slides by D. Choffnes.
Evolving Toward a Self-Managing Network Jennifer Rexford Princeton University
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U.
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 16 PHILLIPA GILL - STONY BROOK U.
Measuring and Mitigating AS-level Adversaries Against Tor
Locating network monitors: complexity, heuristics, and coverage Kyoungwon Suh Yang Guo Jim Kurose Don Towsley.
Has the Internet Delay Gotten Better or Worse? Universidad Carlos III de Madrid DK Lee, Keon Jang, Changhyun Lee, Gianluca Iannaccone, Kenjiro.
Michael Schapira, Princeton University Fall 2010 (TTh 1:30-2:50 in COS 302) COS 561: Advanced Computer Networks
Efficient Placement and Dispatch of Sensors in a Wireless Sensor Network You-Chiun Wang, Chun-Chi Hu, and Yu-Chee Tseng IEEE Transactions on Mobile Computing.
Optimal Relay Placement for Indoor Sensor Networks Cuiyao Xue †, Yanmin Zhu †, Lei Ni †, Minglu Li †, Bo Li ‡ † Shanghai Jiao Tong University ‡ HK University.
Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates Zhenhai Duan, Xin Yuan Department of Computer Science Florida State.
One Hop for RPKI, One Giant Leap for BGP Security Yossi Gilad (Hebrew University) Joint work with Avichai Cohen (Hebrew University), Amir Herzberg (Bar.
Decoy Router Placement Against a Smart Adversary Jacopo Cesareo, Michael Schapira, and Jennifer Rexford Princeton University.
Configuration for routing example
GPSR Greedy Perimeter Stateless Routing
No Direction Home: The True cost of Routing Around Decoys
Can Economic Incentives Make the ‘Net Work?
COS 561: Advanced Computer Networks
COS 561: Advanced Computer Networks
Fixing the Internet: Think Locally, Impact Globally
Presentation transcript:

Decoy Router Placement Jacopo Cesareo, Michael Schapira, and Jennifer Rexford Princeton University

Decoy Router Placement Decoy router along the path to decoy destination … directs traffic to the covert destination 2 client decoy destination covert destination decoy router

Placement Problem Given clients, destinations, and paths –Clients: {c i } –Decoy destinations: {d j } –Paths: {P ij } from client c i to decoy destination d j Select K decoy routers –Decoy routers: {r k } from a set of candidates R To maximize –# client/decoy pairs that traverse a decoy router, or –# clients traversing a decoy router for some decoy dest 3 c1c1 c2c2 c3c3 d1d1 d2d2 P 11 P 32

Greedy Placement Algorithm Computational limits –NP hard to find the optimal solution –Best approximation has ~2/3 bound Heuristic based on “popularity” –# of (c i, d j ) pairs traversing the router, or –# of c i traversing the router to reach some decoy dest Greedy algorithm achieves the ~2/3 bound! –Select the most popular candidate –Remove all parties it “covers” –Recompute the popularities –Repeat until K routers are chosen 4 c1c1 c2c2 c3c3 d1d1 d2d2 P 11 P 32

Initial Experiment Autonomous System (AS) level model –RouteViews measurements of interdomain routing –CAIDA inferences of AS-level relationships –Simulation of AS-level routing decisions Example experiment –Clients: all ASes located in Australia –Decoy destinations: ASes for Amazon and eBay –Candidate decoy routers: all ASes outside Australia Results for two scenarios –# of client/decoy pairs that traverse a decoy router, or –# of clients that traverse a decoy router for some decoy 5

Good Placement  Good Coverage 6

Conclusions and Future Work Good coverage with relatively few decoy routers –Effective placement algorithm with good bound –Clients concentrated through a few regional ISPs –A few large ISPs provide most wide-area connectivity Future work –Wider range of clients and decoy destinations –Direct measurements of AS paths and router-level paths –Selection of decoy destinations given the decoy routers –Reactions of adversaries to circumvent decoy routers 7

Backup Slides 8

Decoy Router ASes For clients in Australia –Decoy routers for clients  Cogent, AOL, NTT, ReachNetworks, Verizon  174, 1668, 2914, 4637, 701 –Decoy routers for client/decoy-destination pairs  Singapore Telecom, ReachNetworks, Tata Communications, Cogent, Level3, Telecom New Zealand, NTT, KDDI, NetAccess For clients in China –Decoy routers for clients  Cogent, SwissCom, NetAccess, … –Decoy routers for client/decoy-destination pairs  Cogent, Qwest, SwissCom, AOL, NetAccess, KDDI, Verizon, Deutsche Telekom, … 9

Placement Algorithm: China 10

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.