Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Highly Secure and Efficient Routing Ioannis Avramopulos, Hisashi Kobayashi Randolph Wang Arvind Krishamurthy Dept. of EE Dept. of CS Dept. of CS Dept.

Published byMyron Henderson Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Highly Secure and Efficient Routing Ioannis Avramopulos, Hisashi Kobayashi Randolph Wang Arvind Krishamurthy Dept. of EE Dept. of CS Dept. of CS Dept."— Presentation transcript:

1 1 Highly Secure and Efficient Routing Ioannis Avramopulos, Hisashi Kobayashi Randolph Wang Arvind Krishamurthy Dept. of EE Dept. of CS Dept. of CS Dept. of EE Dept. of CS Dept. of CS Princeton University Yale University Princeton University Yale University Presentation: Huan He

2 2 Contents The routing protocol The routing protocol How the protocol defend adversary How the protocol defend adversary Summary Summary

3 3 Network Failures Simple Simple one where some network component( one or more nodes) simply become inoperative one where some network component( one or more nodes) simply become inoperative Byzantine Byzantine In Byzantine failure, a component becomes faulty and yet continues to operate( incorrectly) In Byzantine failure, a component becomes faulty and yet continues to operate( incorrectly)

4 4 The Routing Protocol This routing protocol is a routing protocol with Byzantine robustness and detection This routing protocol is a routing protocol with Byzantine robustness and detection

5 5 The Routing protocol Basic Idea Basic Idea Specific mechanisms Specific mechanisms Authentication Authentication Route Selection Route Selection Reserved Buffers, Timeouts, and Sequence Numbers Reserved Buffers, Timeouts, and Sequence Numbers

6 6 Some definition What is a faulty node? What is a faulty node? --Does not follow the protocol --Does not follow the protocol --Can be impersonated by another node --Can be impersonated by another node What is a faulty link? What is a faulty link? --Drops packet --Drops packet --Is incident to a faulty node --Is incident to a faulty node If a link is detected to be faulty, one or more of following is true: If a link is detected to be faulty, one or more of following is true: --The upstream router is faulty --The upstream router is faulty --The link is faulty --The link is faulty --the downstream router is faulty --the downstream router is faulty

7 7 The Routing protocol Basic Idea Basic Idea Specific mechanisms Specific mechanisms Authentication Authentication Route Selection Route Selection Reserved Buffers, Timeouts, and Sequence Numbers Reserved Buffers, Timeouts, and Sequence Numbers

8 8 Basic Idea — Packet Forwarding with Fault Detection Source Routing Source Routing Destination acknowledgements Destination acknowledgements Timeouts( to receive ACK or FA from destination) Timeouts( to receive ACK or FA from destination) Fault Announcements( FA) Fault Announcements( FA)

9 9 Basic Idea — A Simple Example S D 3 M 2 4 6 1 × × Route(S,1,4,5,D) 5 Route(S,3,M,6,D) Route(S,2,M,6,D) × ×

10 10 Basic Idea — More We also need more following mechanisms to provide Byzatine robustness We also need more following mechanisms to provide Byzatine robustness Data and control packet authentication Data and control packet authentication A-priori reserved buffers A-priori reserved buffers Monotonically increasing non-wrapping sequence numbers Monotonically increasing non-wrapping sequence numbers Round-robin scheduling of packet transmission Round-robin scheduling of packet transmission Calculation of appropriate time out values Calculation of appropriate time out values

11 11 Basic Idea None of the individual mechanisms of the basic protocol described in here is novel, it is the combination of them that delivers the desired robustness and efficiency None of the individual mechanisms of the basic protocol described in here is novel, it is the combination of them that delivers the desired robustness and efficiency

12 12 The Routing protocol Basic Idea Basic Idea Specific mechanisms Specific mechanisms Authentication Authentication Reserved Buffers, Timeouts, and Sequence Numbers Reserved Buffers, Timeouts, and Sequence Numbers Route Selection Route Selection

13 13Authentication Authentication of Data Packets: Authentication of Data Packets: --Safeguards against modification --Safeguards against modification --Ensures that allocated resources( namely, reserved buffers) --Ensures that allocated resources( namely, reserved buffers) Authentication of Control packets: Authentication of Control packets: --Prevents malicious nodes from forging ACKs and FAs on behalf of non- faulty nodes --Prevents malicious nodes from forging ACKs and FAs on behalf of non- faulty nodes Performance of Authentication mechanism is crucial: Performance of Authentication mechanism is crucial: As authentication must be performed for each packet at each node and the speed of authentication may bound the effective link bandwidth. As authentication must be performed for each packet at each node and the speed of authentication may bound the effective link bandwidth.

14 14 Authentication Digital signature Digital signature --Most straightforward authentication mechanism --Most straightforward authentication mechanism --Poor performance --Poor performance

15 15Authentication The multicast authentication construction of Canetti The multicast authentication construction of Canetti MAC d =f(Key sd ) MAC d =f(Key sd ) MAC( Message Authentication code) MAC( Message Authentication code) Limitatione: Limitatione: Vulnerable to an adversary that tampers with only a subset of the authentication tags( when used to secure data packet forwarding) Vulnerable to an adversary that tampers with only a subset of the authentication tags( when used to secure data packet forwarding)

16 16Authentication Tesla Tesla --A broadcast authentication protocol that relies on loose clock synchronization and delayed key disclosure --A broadcast authentication protocol that relies on loose clock synchronization and delayed key disclosure --limitations: --limitations: 1.Delayed authentication is vulnerable to a DoS attack 1.Delayed authentication is vulnerable to a DoS attack 2.Nodes will have no recent enough Tesla keys to efficiently authenticate newly released keys when two nodes not communicated securely for a substantial period of time (For Tesla keys is periodic flooding ) 2.Nodes will have no recent enough Tesla keys to efficiently authenticate newly released keys when two nodes not communicated securely for a substantial period of time (For Tesla keys is periodic flooding )

17 17 Authentication MACs based on pairwise secret keys MACs based on pairwise secret keys  Given a path, the computation of the MAC for node n i receives as input both the message and the MACs for nodes n i+1, …,t MACs are therefore computed sequentially from destination to the first intermediate node.

18 18 Authentication MACs based on pairwise secret keys MACs based on pairwise secret keys SN1N2N3T SN1N2N3T MAC ST =F [ Key ST, PKT ST ] MAC SN3 =F [ Key SN3, MAC ST, PKT SN3 ]

19 19 Authentication MACs based on pairwise secret keys MACs based on pairwise secret keys --Prevent malicious router trigger an FA for a non- faulty link --Prevent malicious router trigger an FA for a non- faulty link --Performance is good --Performance is good For 1500B packets, the upper bound on link bandwidth is 50Mbps using this authentication, while the bound on link bandwidth becomes less than 2Mbps using digital signature. For 1500B packets, the upper bound on link bandwidth is 50Mbps using this authentication, while the bound on link bandwidth becomes less than 2Mbps using digital signature.

20 20 Authentication MACs based on pairwise secret keys MACs based on pairwise secret keys  The same structure is used for data packets, ACKs, and FAs. If this structure is used for ACKs and FAs, then it gives the adversary the advantage to discredit link in the path between the source and the adversarial router If this structure is used for ACKs and FAs, then it gives the adversary the advantage to discredit link in the path between the source and the adversarial router ? ?

21 21 The Routing Protocol Basic Idea Basic Idea Specific mechanisms Specific mechanisms Authentication Authentication Reserved Buffers, Timeouts, and Sequence Numbers Reserved Buffers, Timeouts, and Sequence Numbers Route Selection Route Selection

22 22 Reserved Buffers, Timeouts, and sequence Numbers Problem: Problem: Routers may drop packets due to congestion Routers may drop packets due to congestion  Malicious nodes can incur congestion by overwhelming the network with their own packets, so it is desirable to be able to deliver packets despite the presence of such malicious sources  For congestion is not inherently a network fault, it is desirable to be able to disassociate fault announcements with congestion,

23 23 Reserved Buffers, Timeouts, and Sequence Numbers Solution: Solution:  Priori Buffer reservation --Ensure that packets are never dropped because of congestion --Ensure that packets are never dropped because of congestion  Round-Robin scheduling --Minimize the “ interference ” between sources --Minimize the “ interference ” between sources  Timeouts equal to the worst case RTT to the destination --Attempt to ensure that FAs are not triggered because of congestion --Attempt to ensure that FAs are not triggered because of congestion  Sequence Number and limitation Window --Detecting and dropping illegitimate packets that are due to either replays or faulty sources --Detecting and dropping illegitimate packets that are due to either replays or faulty sources  Fault announcements should only be relevant to the source of the packet that triggered the announcement

24 24 The Routing Protocol Basic Idea Basic Idea Specific mechanisms Specific mechanisms Authentication Authentication Reserved Buffers, Timeouts, and Sequence Numbers Reserved Buffers, Timeouts, and Sequence Numbers Route Selection Route Selection

25 25 Route Selection Shortest path algorithm Shortest path algorithm Route Selection Utilizes: Route Selection Utilizes:  A topological map  Fault announcements  Buffer# available to this source at each link  Link bandwidth  Prefix spans

26 26 Route Selection Specifically: Specifically:  The links corresponding to valid fault announcements are deleted from the topological map of the sauce  Links that lack available buffers for this source due to currently outstanding packets are temporarily deleted from topological map

27 27 Route Selection Prefix Spans: Prefix Spans:  The use of Prefix Spans is clearly desirable for maximizing the throughput of packets sent through a link  Trade-off is it prevents certain link from being used by sources that are far away from the link, thereby reducing the number of usable paths in the system. Path Length Number Of Usable paths Prefix Spans Bandwidth

28 28 Route Selection Shortest path algorithm Shortest path algorithm  Based on the Bellman-Ford shortest path algorithm that calculates shortest paths in a network where the links have different bandwidths and prefix spans.  The complexity of the algorithm is O(H*|E|) given G(V,E) H=maximum prefix span over all edges H=maximum prefix span over all edges

29 29 Contents The routing protocol The routing protocol How the protocol defend adversary How the protocol defend adversary Summary Summary

30 30 Adversary The protocol is designed to withstand adversary attack so that it can continue to deliver packets as long as a none faulty path exists. The protocol is designed to withstand adversary attack so that it can continue to deliver packets as long as a none faulty path exists.

31 31Adversary  Adversary can create spurious unauthenticated traffic try to block authenticated traffic at non- faulty routers This protocol require authentication to work at line speed This protocol require authentication to work at line speed  Adversary can create spurious authenticated traffic, try to block authenticated traffic from non-faulty sources at non-faulty routers Non-faulty sources are ensure buffers and link bandwidth Non-faulty sources are ensure buffers and link bandwidth

32 32Adversary  Adversary can replay authenticated traffic that has originated from other non-faulty sources, try to pending authenticated traffic from non-faulty sources The authenticated traffic from non-faulty sources carries sequence numbers that are larger than those of replayed traffic and priority is given to packets with larger sequence number The authenticated traffic from non-faulty sources carries sequence numbers that are larger than those of replayed traffic and priority is given to packets with larger sequence number  Adversary can mis-route packets Mis-routed packets are dropped at the next non- faulty router, if the router does not appear in the source-specified path Mis-routed packets are dropped at the next non- faulty router, if the router does not appear in the source-specified path

33 33 Adversary  Adversary can modify packets Modifying the content protected by the authentication tag is equivalent to dropping the corresponding packet. Modifying the content protected by the authentication tag is equivalent to dropping the corresponding packet. Modifying the MACs of upstream routers has no effect, since those MACs are not further utilized. Modifying the MACs of upstream routers has no effect, since those MACs are not further utilized. Modifying the MACs of downstream routers is equivalent to dropping the corresponding packet. Modifying the MACs of downstream routers is equivalent to dropping the corresponding packet. ?

34 34 Adversary  Adversary can drop packets Timeout at intermediate nodes pinpoint the location of faults. Timeout at intermediate nodes pinpoint the location of faults. This implies the protocol ’ s Byzantine robustness, is argued by the following theorem: a packet transmission from a non-faulty source will resulty in either the reception of a destination acknowledgement or the deletion of a faulty link at the deletion of a faulty link at the source ’ s topological map This implies the protocol ’ s Byzantine robustness, is argued by the following theorem: a packet transmission from a non-faulty source will resulty in either the reception of a destination acknowledgement or the deletion of a faulty link at the deletion of a faulty link at the source ’ s topological map

35 35 Contents Our routing protocol Our routing protocol How the protocol defend adversary How the protocol defend adversary Summary Summary

36 36 Summary The protocol can be seen as a combination of several components. While none of these is novel by itself, it is the integration of them that is crucial for the correctness and efficiency of the protocol The protocol can be seen as a combination of several components. While none of these is novel by itself, it is the integration of them that is crucial for the correctness and efficiency of the protocol

37 37 Summary These components are : These components are :  Source routing  Destination acknowledgements  Timeouts  Fault announcements  Authentication  Reserved Buffer  Sequence Numbers  Round-Robin scheduling

38 38 Thank You!

Download ppt "1 Highly Secure and Efficient Routing Ioannis Avramopulos, Hisashi Kobayashi Randolph Wang Arvind Krishamurthy Dept. of EE Dept. of CS Dept. of CS Dept."

Similar presentations

Karlston D'Emanuele Distance Vector Routing Protocols Notes courtesy of Mr. Joe Cordina Password Removed www.uniunderground.com.

Karlston D'Emanuele Distance Vector Routing Protocols Notes courtesy of Mr. Joe Cordina Password Removed
Congestion Control and Fairness Models Nick Feamster CS 4251 Computer Networking II Spring 2008.

Congestion Control and Fairness Models Nick Feamster CS 4251 Computer Networking II Spring 2008.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.
1 CS 194: Distributed Systems Process resilience, Reliable Group Communication Scott Shenker and Ion Stoica Computer Science Division Department of Electrical.

1 CS 194: Distributed Systems Process resilience, Reliable Group Communication Scott Shenker and Ion Stoica Computer Science Division Department of Electrical.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Authors: Alexander Afanasyev, Priya Mahadevany, Ilya Moiseenko, Ersin Uzuny, Lixia Zhang Publisher: IFIP Networking, 2013 (International Federation for.

Authors: Alexander Afanasyev, Priya Mahadevany, Ilya Moiseenko, Ersin Uzuny, Lixia Zhang Publisher: IFIP Networking, 2013 (International Federation for.
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
Congestion Control Created by M Bateman, A Ruddle & C Allison As part of the TCP View project.

Congestion Control Created by M Bateman, A Ruddle & C Allison As part of the TCP View project.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Courtesy: Nick McKeown, Stanford

Courtesy: Nick McKeown, Stanford
What is Flow Control ? Flow Control determines how a network resources, such as channel bandwidth, buffer capacity and control state are allocated to packet.

What is Flow Control ? Flow Control determines how a network resources, such as channel bandwidth, buffer capacity and control state are allocated to packet.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?

1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
SRG PeerReview: Practical Accountability for Distributed Systems Andreas Heaberlen, Petr Kouznetsov, and Peter Druschel SOSP’07.

SRG PeerReview: Practical Accountability for Distributed Systems Andreas Heaberlen, Petr Kouznetsov, and Peter Druschel SOSP’07.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Timed Efficient Stream Loss-Tolerant Authentication. (RFC 4082) Habib Moukalled 1/29/08.

Timed Efficient Stream Loss-Tolerant Authentication. (RFC 4082) Habib Moukalled 1/29/08.
Centre for Wireless Communications University of Oulu, Finland

Centre for Wireless Communications University of Oulu, Finland
1 Relates to Lab 4. This module covers link state routing and the Open Shortest Path First (OSPF) routing protocol. Dynamic Routing Protocols II OSPF.

1 Relates to Lab 4. This module covers link state routing and the Open Shortest Path First (OSPF) routing protocol. Dynamic Routing Protocols II OSPF.

Similar presentations

Ads by Google