Download presentation
Presentation is loading. Please wait.
1
1 A Cryptographic Approach to Safe Inter-domain Traffic Engineering Sridhar Machiraju SAHARA Retreat, Summer 2004
2
2 Outline Motivation Defining the Problem Proposed Solution Random Noise Discussion and Conclusions
3
3 Motivation In BGP, Autonomous Systems (ASs) are abstracted as a node in a graph
4
4 In reality, AS1 AS2 AS3 Peering links Internal links
5
5 In BGP, AS1 AS2 AS3 Peering links Internal links
6
6 Motivation Why? –Scalability –Confidentiality of intra-domain information, e.g., link quality, routing, flow info, policies etc. Why is this bad? Traffic engineering by one AS can send flows over “bad” paths in neighboring ASs In BGP, Autonomous Systems (ASs) are abstracted as a node in a graph
7
7 Outline Motivation Defining the Problem Proposed Solution Random Noise Discussion and Conclusions
8
8 High-level Problem Statement A Source of flow F In A, this path has most available bandwidth B
9
9 High-level Problem Statement BA Source of flow F Destination of flow F In A, this path has most available bandwidth path with best end-to-end available bandwidth
10
10 High-level Problem Statement Design a technique so that neighboring domains conduct traffic engineering cooperatively in a scalable fashion without having to reveal confidential intra-domain information? BA Source of flow F Destination of flow F In A, this path has most available bandwidth path with best end-to-end available bandwidth
11
11 Formalizing the Problem Consider traffic from A to B that can exit one of P peering points Confidential information Two kinds of constraints (of A and B) – –Given demand T i, find amount of traffic, x ik of flow F i to transit peering point k –For every “bottleneck” link,, all traffic traversing it must not exceed avail b/w
12
12 A Linear Programming Problem… Constraints: Constraints in AS A (private to A) Constraints in AS B (private to B) amount of each flow exchanged at peering points Objective: maximize/minimize C T X: –(minimize) maximum link utilization –(maximize) total traffic exchanged –(minimize) average/maximum path inflation
13
13 Outline Motivation Defining the Problem Proposed Solution Random Noise Discussion and Conclusions
14
14 Overview of Solution Sub-matrices of V,W are private to A, B A and B transform the above into: Solve LP1’ and X=QX’ V’, W’, X’, X, C’, C do not reveal any information about private information of A and B to each other (almost) LP1 LP1’
15
15 Transforming the LP problem A sends encrypted sub-matrix, E(V A ) and E(W A ) to B B chooses random invertible P and Q B sends E(V’)=PE(V)Q and E(W’)=PE(W) –requires addition of encrypted values and multiplication by known scalars (V B, W B ) –These can be performed by homomorphic encryption schemes, e.g., Paillier’s A decrypts E(V’) and E(W’) to obtain LP1’
16
16 The Final Solution A B E(V A ), E(W A ) B A E(V’)=PE(V)Q E(W’)=PE(W) Solve V’X’<W’ for X’ Send X=QX’ E() represents encryption by A
17
17 Outline Motivation Defining the Problem Proposed Solution Random Noise Discussion and Conclusions
18
18 Small random noise is OK LP1’ does not leak any information about V B, W B only if V has full rank So, add small random noise to matrix entries –this can be done by homomorphic encryptions How does this affect the LP problem? –Constraints may not be violated by small noise –Objective function may be affected, though
19
19 Effect of random noise(1) 10 constraints; objective – maximize flow
20
20 Effect of random noise(2) Objective – maximize (–1*path inflation) About 2-3% unsolvable problems too!
21
21 Outline Motivation Defining the Problem Proposed Solution Discussion and Conclusions Random Noise
22
22 Discussion Scalability –LP problem transformation is quadratic in terms of number of cryptographic operations –But, traffic engineering not frequent (hourly) Threat model –ASs are assumed to be rational, i.e., do not inject wrong inputs Future work: Experiment with real topologies and quantify time complexity
23
23 Conclusions Inter-domain routing could benefit a lot from cooperation which is hindered by confidentiality requirements We demonstrate this for the case of safe traffic engineering Other cases of inter-domain cooperation – policy safety, resource allocation and intrusion detection: –checking global invariants –computing global functions
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.