Presentation is loading. Please wait.

Presentation is loading. Please wait.

Alibi Routing Dave Levin, Youndo Lee, Luke Valenta, Zhihao Li, Victoria Lai, Cristian Lumezanu, Brendan Rowen, Neil Spring, Bobby Bhattacharjee Presented.

Published byThomasina Hood Modified over 8 years ago

Similar presentations

Presentation on theme: "Alibi Routing Dave Levin, Youndo Lee, Luke Valenta, Zhihao Li, Victoria Lai, Cristian Lumezanu, Brendan Rowen, Neil Spring, Bobby Bhattacharjee Presented."— Presentation transcript:

1 Alibi Routing Dave Levin, Youndo Lee, Luke Valenta, Zhihao Li, Victoria Lai, Cristian Lumezanu, Brendan Rowen, Neil Spring, Bobby Bhattacharjee Presented by Kirill Varshavskiy

2 Sniff sniff  State agencies censor and log citizens’ internet traffic  Abundant in certain regions  China  Syria  North Korea  Saudi Arabia  Bahrain  Iran  Vietnam

3 Censor-avoidance  Censorship and Surveillance  Dropping packets  Injecting data into packets  Logging packets  Routing protocols often don’t consider intermediate nodes  Traffic can route through geographic region which might inject data into packet  Data integrity  Nations may log routing info + drop packets

4 Past Approaches  BGP Poisoning (avoidance)  Failure prone regions blacklisted in BGP  Tor (other overlay systems)  Anonymized internet usage  May pass through censored region when going between hops  Geographical routing  Greedy routing, no avoidance  Some systems provide means to monitor regions visited, but no insurance/proof that certain places were not visited

5 What Alibi routing is and what it isn’t  Provides  Overlay P2P network for data routing  Proof that sent packet did not enter forbidden region after packet has completed its RTT  Proof per packet as routing can traverse various paths due to packet switching/routing decisions  Does not Provide  Guarantee that data is not delivered to forbidden region  Malicious nodes not in forbidden region might copy and send it elsewhere  Assurance of reliable communication, just a proof that it didn’t enter the region AFTER transmission

6 Terminology and definitions  Forbidden Region  Geographical location that should not be entered  Represented by a list of coordinates depicting a geo-polygon  Alibi  Relay that can be safely used to divert traffic around forbidden region  Picked such that passing through Alibi AND forbidden region will cause noticeable delay increase  Target regions  Regions in which Alibis might reside  Aid in locating Alibi  δ (delta)  Coefficient to ensure safety under latency fluctuations  Used to determine target regions

7 Proof of avoidance  Proving something did not happen is difficult  Proving something related cannot possibly happen is less difficult  How do you prove packet did not go through forbidden region?  Consider event x depicting a situation in which a packet traverses through a forbidden region  Consider event A depicting a situation where a packet does not traverse through a forbidden region  A and x are mutually exclusive  Showing x is impossible, authors show A is true

8 Assumptions  All non-forbidden nodes are trustworthy  Nodes cannot lie about smaller RTTs  Based on various signing schemes, returned packet will show all (trustworthy) nodes it traversed

9 Relay Guarantees s T f f r d F  Given path s -> r -> d with an RTT rtt_time  Calculate RTT through s, r, and d AND the closest possible f to be rtt_forbidden  If rtt_time is a factor of delta smaller than rtt_forbidden, initial path could not have possibly traversed f

10 Targeting the target region s T f f g d F  Alibi Routing consists of an overlay network of P2P nodes, each with coarse GPS coords  Target region contains Alibi node  Authors partition world into grid of points  For each point, consider it as g, calculate δ threshold  All calculations based on greater-circle distance

11 Target region based on δ

12 Alibi, where art thou? s T f f d F  Each node keeps an active peer list and a neighbor list  Occasionally sends out random nonces to get neighbors’ GPS coords  Ping responses come with correct RTT as nonce is random and thus response cannot be pre- constructed  Each hop from source tries to minimize distance to target region

13 Security Concerns  Time/distance calculations prevent underselling of RTT from malicious nodes  Eclipse attack: surround node with all malicious nodes  Requires attack nodes to be physically close to trustworthy nodes  Algorithm should route hops away from forbidden regions  Sending data copies to attackers  End to end encryption can solve this, otherwise, nothing would effectively prevent this  Laundering traffic: using relays to attack hosts  Similar approach as to other systems, whitelisting, solutions exist

14 Evaluation  Authors simulated deployment of 20,000 nodes and PlanetLab simulation of 245 hosts  “Enemies of the Internet” labeled as forbidden regions + countries with most Internet users (USA, India, Japan)  Most source-destination pairs successful

15 Evaluation  Protocol success using simulation and PlanetLab deployment showed almost 100% success in most δ value cases  Due to limited PlanetLab deployment, at most 2 hops were needed to find relay. Around 40 in simulation.

16 Conclusion and Comments  Alibi routing can be used as an intelligent P2P network that bypasses unwanted territories in an efficient manner  Current implementation has to be manually configured. Would be interesting to see how system works in a practical deployment with backoff techniques  Does not tackle various downsides of the algorithm, for example being surrounded by forbidden region or having several forbidden regions, or failure cases where alibis incur too much of a latency to be effective  Authors mention Alibi routing can be used in tandem with Tor, which should be very beneficial to both technologies  P2P design requires lots of nodes to be online/active

17 References  https://en.wikipedia.org/wiki/Internet_censorship https://en.wikipedia.org/wiki/Internet_censorship  http://conferences.sigcomm.org/sigcomm/2015/pdf/papers/p611.pdf http://conferences.sigcomm.org/sigcomm/2015/pdf/papers/p611.pdf  http://alibi.cs.umd.edu/ http://alibi.cs.umd.edu/  https://firemon-firemon.netdna-ssl.com/wp- content/uploads/2014/11/firewall.lgo_.jpg https://firemon-firemon.netdna-ssl.com/wp- content/uploads/2014/11/firewall.lgo_.jpg  http://archive.cone.informatik.uni- freiburg.de/people/ruehrup/georouting.png http://archive.cone.informatik.uni- freiburg.de/people/ruehrup/georouting.png

18 Discussion  Would you use Alibi routing for your Internet use? (show of hands)  What other cases has Alibi routing not considered?  How does this system handle Internet hubs? If hub for lots of the world’s internet traffic is relayed through a forbidden region, how will the system adapt?  Should this P2P network consider congestion of relay nodes as potential bottleneck?

19 Questions?

Download ppt "Alibi Routing Dave Levin, Youndo Lee, Luke Valenta, Zhihao Li, Victoria Lai, Cristian Lumezanu, Brendan Rowen, Neil Spring, Bobby Bhattacharjee Presented."

Similar presentations

Ch. 12 Routing in Switched Networks

Ch. 12 Routing in Switched Networks
Chris Karlof and David Wagner

Chris Karlof and David Wagner
ECE 5970 02/24/2005 A Survey on Position-Based Routing in Mobile Ad-Hoc Networks Alok Sabherwal.

ECE /24/2005 A Survey on Position-Based Routing in Mobile Ad-Hoc Networks Alok Sabherwal.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Ch. 12 Routing in Switched Networks. 12.1 Routing in Packet Switched Networks Routing Algorithm Requirements –Correctness –Simplicity –Robustness--the.

Ch. 12 Routing in Switched Networks Routing in Packet Switched Networks Routing Algorithm Requirements –Correctness –Simplicity –Robustness--the.
Data and Computer Communications

Data and Computer Communications
LASTor: A Low-Latency AS-Aware Tor Client

LASTor: A Low-Latency AS-Aware Tor Client
Impact Analysis of Cheating in Application Level Multicast s 1090176 Masayuki Higuchi.

Impact Analysis of Cheating in Application Level Multicast s 1090176 Masayuki Higuchi.
Fabián E. Bustamante, 2007 Meridian: A lightweight network location service without virtual coordinates B. Wong, A. Slivkins and E. Gün Sirer SIGCOM 2005.

Fabián E. Bustamante, 2007 Meridian: A lightweight network location service without virtual coordinates B. Wong, A. Slivkins and E. Gün Sirer SIGCOM 2005.
EL9331 Meridian: A Lightweight Network Location Service without Virtual Coordinates Bernard Wong, Aleksandrs Slivkins, Emin Gun Sirer SIGCOMM’05 ( Slides.

EL9331 Meridian: A Lightweight Network Location Service without Virtual Coordinates Bernard Wong, Aleksandrs Slivkins, Emin Gun Sirer SIGCOMM’05 ( Slides.
Rumor Routing in Sensor Networks David Braginsky and Deborah Estrin Presented By Tu Tran 1.

Rumor Routing in Sensor Networks David Braginsky and Deborah Estrin Presented By Tu Tran 1.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
SUSTAIN: An Adaptive Fault Tolerance Service for Geographically Overlapping Wireless Cyber-Physical Systems Gholam Abbas Angouti Kolucheh, Qi Han

SUSTAIN: An Adaptive Fault Tolerance Service for Geographically Overlapping Wireless Cyber-Physical Systems Gholam Abbas Angouti Kolucheh, Qi Han
Ashish Gupta Under Guidance of Prof. B.N. Jain Department of Computer Science and Engineering Advanced Networking Laboratory.

Ashish Gupta Under Guidance of Prof. B.N. Jain Department of Computer Science and Engineering Advanced Networking Laboratory.
IPlane: An Information Plane for Distributed Services Offence by: Anup Goyal Sagar Vemuri.

IPlane: An Information Plane for Distributed Services Offence by: Anup Goyal Sagar Vemuri.
Criticisms of I3 Jack Lange. General Issues ► Design ► Performance ► Practicality.

Criticisms of I3 Jack Lange. General Issues ► Design ► Performance ► Practicality.
Criticisms of I3 Zhichun Li. General Issues Functionality Security Performance Practicality If not significant better than existing schemes, why bother?

Criticisms of I3 Zhichun Li. General Issues Functionality Security Performance Practicality If not significant better than existing schemes, why bother?
An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
© 2003 By Default! A Free sample background from www.powerpointbackgrounds.com Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

Similar presentations

Ads by Google