Presentation is loading. Please wait.

Presentation is loading. Please wait.

A System for Authenticated Policy-Compliant Routing Barath Raghavan and Alex C. Snoeren UC San Diego.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "A System for Authenticated Policy-Compliant Routing Barath Raghavan and Alex C. Snoeren UC San Diego."— Presentation transcript:

1 A System for Authenticated Policy-Compliant Routing Barath Raghavan and Alex C. Snoeren UC San Diego

2 Routing Today ISPs perform wide-area routing through BGP –Used to express local policy and traffic eng. –Problem: users can’t express routing preferences Overlay routing / IP source routing –Enables edge routing control –Allows pooling of resources –Problem: may interfere with ISP policy and traffic engineering

3 Our system: Platypus Loose source routing in which… –Users can pick their routes –ISPs control placement of indirection points … and authentication which enables… –ISPs to verify the policy-compliance of traffic –Is easily accountable –Delegation of source routing rights by users

4 An example ISP 1ISP 2 C ISP 3 H1 H2 20 5 5 10 Local policy avoids customer route through C Default route Optimal route C could forward traffic

5 The challenge How can C provide forwarding service? ISP 1ISP 2 H1 H2 ISP 3 Forwarding relationship P H3 P OKBAD C

6 Our system: Platypus ISP 1 C H1 1. Negotiate contract 2. Receive source routing info 3. Stamp + send packets P Packet explicitly sent through C Indirection point to route through

7 Key building blocks Routing system providing basic connectivity Path discovery mechanisms / services Negotiation of business relationships Mechanism for authenticated loose source routing

8 Network Capabilities Specify a hop of the source route, including: –Point of indirection, called a waypoint –The responsible party, called the resource principal Waypoints are: –Chosen by ISPs –Specified by a routable IP address Waypoint ID Resource Principal ID

9 Authentication Sniffer Requires asymmetry of information: H1 must know more than H3 Goal: Distinguish between valid and invalid packets ISP 1 H1 C H3

10 Authentication keys Each waypoint has one waypoint key k Each resource principal has a secret key s –Derived from waypoint key using a keyed MAC –Unique given a waypoint and a capability MAC Waypoint key k Capability c Secret s Waypoint ID Resource Principal ID

11 Waypoint ID Packet Stamping IP Header Waypoint ID Resource Principal ID Auth Info (Binding) MAC Secret s Invariant headers + payload Payload Platypus Header Capabilities

12 Packet Verification Payload IP Header Platypus Header MAC Waypoint key k Capability c MAC Secret s Header+payload Binding b = Packet binding b’ Forward Temporal secret s

13 Temporal secret keys expire periodically –Expiration allows for changing policies No time sync required –Secret computation includes Key ID/time –Enables expiration on order of clock drift Requires lookup of temporal secrets

14 Key lookup DNS-based key lookup –DNS reply contains encrypted secret –No key distribution infrastructure required –Key lookup as fast as DNS lookup ISP 1 C H1 Operates key server DNS query DNS reply containing temporal secret

15 Delegation Users may pass out their capabilities –How might they restrict others’ use? Capability delegation: –Principals can restrict capabilities –Limits holder to destinations within an IP prefix –Useful to ensure similar reverse paths ISP 1ISP 2 C ISP 3 H1 H2 Undesirable asymmetry

16 Implementation End-host based stamping/forwarding User-level and kernel module versions 500 550 600 650 700 750 800 850 900 500 600 700 800 900 1000 Output Rate (Kpps) Input Rate (Kpps) Linux native forwarding Platypus null forwarding Platypus UMAC forwarding

17 Per-packet latency Total per-packet time = I/O time + header processing I/O time ~ 2 µ s Worst-case header processing time < 2 µ s Header processing overhead 68 byte348 byte1500 byte Null 172 ns173 ns181 ns UMAC695 ns998 ns1908 ns

18 Deployment Incrementally deployable –Does not require inter-ISP cooperation –Loose source-routing based How might ISPs deploy Platypus? –Where should they be placed? –How many Platypus waypoints are needed?

19 Measurement study UCSD KAIST Nortel Coloco Lulea R R R R R R R R R ISP RR R

20 Waypoint effectiveness (MCI) 0 20 40 60 80 100 120 140 160 180 2 4 8 16 32 64 128 256 512 1024 Latency (ms) # of waypoints UCSD-Lulea UCSD-Lulea opt UCSD-KAIST UCSD-KAIST opt Coloco-Lulea Coloco-Lulea opt UCSD-Nortel UCSD-Nortel opt

21 Summary and future work Platypus provides: –Source routing with ISP control of waypoints –Means for authenticating source routed packets Incremental deployment –Flow-based Platypus with existing hardware New forwarding business model –Anyone can sell/resell forwarding service –Real-time pricing of capabilities

22 Scalability Forwarding state –Waypoints only need O(1) state Key lookup –Lookup overhead is small (3 crypto operations) –One key server ~ 500,000 lookups / sec Per-principal accounting –High speed approx. per-flow counters [Kumar ’04]

23 Platypus header format Flags Capability List Length Capability List Pointer Encapsulated Protocol Original Source Address Final Destination Address Waypoint Address Resource PrincipalFlagsKey ID Binding 4 bytes Version

24 Temporal secret computation For a capability c and waypoint key k: s = MAC k ( c.way||c.rp||(((t>>n) & 0xFFFFFFF0) | c.id) ) The exception to this is at key ID wraparound –(t>>n) is either incremented or decremented by 1 Waypoint ID Resource PrincipalKey IDFlags

25 Measurement results (QWEST) 0 20 40 60 80 100 120 140 160 180 2 4 8 16 32 64 128 256 512 1024 Latency (ms) # of clusters UCSD-Lulea UCSD-Lulea opt UCSD-KAIST UCSD-KAIST opt Coloco-Lulea Coloco-Lulea opt UCSD-Nortel UCSD-Nortel opt

26 Measurement results (GBLX) 0 20 40 60 80 100 120 140 160 180 2 4 8 16 32 64 128 256 512 1024 Latency (ms) # of clusters UCSD-Lulea UCSD-Lulea opt UCSD-KAIST UCSD-KAIST opt Coloco-Lulea Coloco-Lulea opt UCSD-Nortel UCSD-Nortel opt

27 Measurement results (SPRINT) 0 20 40 60 80 100 120 140 160 180 2 4 8 16 32 64 128 256 512 1024 Latency (ms) # of clusters UCSD-Lulea UCSD-Lulea opt UCSD-KAIST UCSD-KAIST opt Coloco-Lulea Coloco-Lulea opt UCSD-Nortel UCSD-Nortel opt

28 Example: Virtual multihoming ISP 1ISP 2 ISP 3 Local ISP Using Platypus, C can virtually multihome with ISPs 1 and 3 C

29 Example: Affecting Inbound Traffic ISP 1ISP 2 ISP 3 C Using Platypus, C can distribute delegated capabilities that are restricted to send to prefixes within C

Download ppt "A System for Authenticated Policy-Compliant Routing Barath Raghavan and Alex C. Snoeren UC San Diego."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 4: Routing Concepts Routing Protocols.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 4: Routing Concepts Routing Protocols.
Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.

Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
IP Forwarding Relates to Lab 3.

IP Forwarding Relates to Lab 3.
Internetworking II: MPLS, Security, and Traffic Engineering

Internetworking II: MPLS, Security, and Traffic Engineering
Loose Source Routing as a Mechanism for Traffic Policies Katerina Argyraki and David R. Cheriton Presented by Thuan Huynh, Robert Patro, and Shomir Wilson.

Loose Source Routing as a Mechanism for Traffic Policies Katerina Argyraki and David R. Cheriton Presented by Thuan Huynh, Robert Patro, and Shomir Wilson.
Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
IPv6 Victor T. Norman.

IPv6 Victor T. Norman.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—4-1 Implementing Inter-VLAN Routing Deploying Multilayer Switching with Cisco Express Forwarding.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—4-1 Implementing Inter-VLAN Routing Deploying Multilayer Switching with Cisco Express Forwarding.
Lecture 6 Overlay Networks CPE 401/601 Computer Network Systems slides are modified from Jennifer Rexford.

Lecture 6 Overlay Networks CPE 401/601 Computer Network Systems slides are modified from Jennifer Rexford.
1 IPv6 Packet Format. 2 Objectives IPv6 vs IPv4 IPv6 Packet Format IPv6 fields IPv6 and data-link technologies.

1 IPv6 Packet Format. 2 Objectives IPv6 vs IPv4 IPv6 Packet Format IPv6 fields IPv6 and data-link technologies.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Mini Introduction to BGP Michalis Faloutsos. What Is BGP?  Border Gateway Protocol BGP-4  The de-facto interdomain routing protocol  BGP enables policy.

Mini Introduction to BGP Michalis Faloutsos. What Is BGP?  Border Gateway Protocol BGP-4  The de-facto interdomain routing protocol  BGP enables policy.

Similar presentations

Ads by Google