Presentation is loading. Please wait.

Presentation is loading. Please wait.

Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.

Published byAntonio McDougall Modified over 11 years ago

Similar presentations

Presentation on theme: "Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker."— Presentation transcript:

1 Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker

2 IP Layer Names Dont Have Secure Bindings There are three kinds of IP layer names: IP address, IP prefix, AS number No secure binding of host to its IP addresses No secure binding of AS number to its IP prefixes

3 Problematic Result: IP Lacks Accountability Any host can spoof any other host No intrinsic support in IP to detect or prevent A network can advertise prefixes arbitrarily Many misconfigs; some examples of ill intent S-BGP requires external mechanisms to bind prefix to AS and AS to public key No intrinsic support in IP to detect or prevent Accountability: Ability to associate action with entity or hold entity responsible for action Basis for security in real-world Foundation for raising level of Internet security

4 AIP: Accountable Internet Protocol Goal: Intrinsic support for network-layer accountability in the Internet Key idea: New addressing (naming) scheme for networks and hosts Simple protocols that use properties of addressing scheme as foundation Securing BGP, anti-spoofing, targeted traffic throttling (anti-DoS)

5 AIP Addressing Autonomous domains, each with unique ID (smaller than an AS) AD1 AD2 AD3 Address = AD1:EID Each host has a global EID [HIP, DOA, LISP] AD and EID are self-certifying [ SFS ] flat names AD = hash(public_key_of_AD, other_stuff) Self-certification binds name to named entity AD and EID are self-certifying [ SFS ] flat names AD = hash(public_key_of_AD, other_stuff) Self-certification binds name to named entity If multihomed, has multiple addresses AD1:EID,AD2:EID,AD3:EID AD and EID are self-certifying [ SFS ] flat names AD = hash(public_key_of_AD, other_stuff) Self-certification binds name to named entity AD and EID are self-certifying [ SFS ] flat names AD = hash(public_key_of_AD, other_stuff) Self-certification binds name to named entity

6 AIP Forwarding and Routing Y:EID AD R AD G AD B AD Y Source Routers in R, G, B use only AD field to forward: route_lookup(Y) Once packet is in AD Y (destination AD), Ys routers: route_lookup(EID) Inter-AD routing uses AD numbers as routing objects: Y: AD path = [B G R]; B: AD path = [G R]; etc. Note absence of prefixes Intra-AD routing disseminates EIDs (many ways possible)

7 With AIP Addresses, Accountability is Intrinsic (Recall) Ability to associate action with entity or hold entity responsible for action Control-plane accountability improves security of routing protocol (BGP) Source accountability detects spoofing and forgery Also helps throttle traffic from well- intentioned [ Shaw ] compromised hosts Mechanisms borrow ideas from previous work [ S-BGP, uRPF ], but goals achieved more readily

8 Control-Plane Accountability (for BGP) Origin authentication: Ensure routing prefix being originated by AS X actually belongs to X Path authentication: Ensuring accuracy of AS path S-BGP and soBGP require external infrastructures Routing registry recording prefix ownership PKI (database) mapping AS to its public key In practice, registries notoriously inaccurate With AIP: ADs exchange pub keys via BGP messages Path auth identical to S-BGP (but no PKI) Origin auth achieved just like that (no registry)

9 Source Accountability: Detecting Spoofing Property 1: When challenged, only entity with AD As private key can prove packet was sent with source address A: Property 2: When challenged, only entity with EID Es private key can prove packet was sent with source address :E Any entity seeing packet can check these two properties using a verification protocol

10 AIP Verification Protocol Receive pkt w/ src A:E Drop pkt Send nonce to A or E Nonce response must be signed w/ As (or Es) priv key Receive nonce resp Verify signature Add A (or E):iface to accept cache Local AD? N Y N Trust nbhr AD? N Y Accept & forward Y In accept cache? SLA, uRPF, …

11 AIP Enables Secure Shut-Off Problem: Compromised host X sending stream of unwanted traffic to destination D X is well-intentioned, owner benign [ Shaw ] D = A D :E D sends signed shut-off pkt to X = A X :E X Shut-off = {Ds pub key, hash of recent pkt recd from X by D, TTL} signed by Ds priv key Self-cert address, so D cant shut-off traffic to D Can send shut-offs to hosts or to ADs Shut-off scheme implemented in NIC firmware Immutable by host software (updates require physical access via USB/serial port)

12 AIP Enables Secure Shut-Off Problem: Compromised host X sending stream of unwanted traffic to destination D X is well-intentioned, owner benign [ Shaw ] D X Shut-off packet signed by D to X: {time, Ds pub key, hash of recent pkt recd from X by D, TTL} Can send shut-offs to hosts or to ADs Shut-off scheme implemented in NIC firmware Immutable by host software (updates require physical access via USB/serial port)

13 Limitations and Concerns AIP handles spoofing, but what about minting? Any entity can make up self-certified addresses Each AD must control #EIDs per host to protect Any entity can make up routing announcements for non-existent ADs Were studying a few approaches to this problem Key management and compromise? Each AD has master key pair and current key pair; uses master to issue change But AD number and all its addresses must change More concerns in paper: routing scalability wrt state and update volume), traffic engineering, …

14 Conclusion Q: How to achieve network-layer accountability in an internetwork? A: Self-certifying internetwork addresses AD:EID (AIP) Each field derived from public keys Control-plane (routing) and source (anti- spoofing) accountability are now intrinsic Ideas compose well with other mechanisms for mobility, higher availability, etc.

Download ppt "Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker."

Similar presentations

Accountable Internet Protocol

Accountable Internet Protocol
Network Support for Accountability Nick Feamster Georgia Tech Collaborative Response with David Andersen (CMU), Hari Balakrishnan (MIT), Scott Shenker.

Network Support for Accountability Nick Feamster Georgia Tech Collaborative Response with David Andersen (CMU), Hari Balakrishnan (MIT), Scott Shenker.
Accountable Internet Protocol David Andersen (CMU) Hari Balakrishnan (MIT) Nick Feamster (Georgia Tech) Scott Shenker (Berkeley)

Accountable Internet Protocol David Andersen (CMU) Hari Balakrishnan (MIT) Nick Feamster (Georgia Tech) Scott Shenker (Berkeley)
IP Security Nick Feamster CS 6262 Spring 2009. IP Security have a range of application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.

IP Security Nick Feamster CS 6262 Spring IP Security have a range of application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
Multihoming and Multi-path Routing

Multihoming and Multi-path Routing
Network Support for Sharing. 2 CABO: Concurrent Architectures are Better than One No single set of protocols or functions –Different applications with.

Network Support for Sharing. 2 CABO: Concurrent Architectures are Better than One No single set of protocols or functions –Different applications with.
Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
Improving Internet Availability Network Accountability Architectural foundations for defense against spoofing, route hijacking, etc. Architecture for Market.

Improving Internet Availability Network Accountability Architectural foundations for defense against spoofing, route hijacking, etc. Architecture for Market.
Shutup An E2E Approach to DoS Defense Paul Francis Saikat Guha Cornell.

Shutup An E2E Approach to DoS Defense Paul Francis Saikat Guha Cornell.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
1 Data-Oriented Network Architecture (DONA) Scott Shenker (M. Chowla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, I. Stoica)

1 Data-Oriented Network Architecture (DONA) Scott Shenker (M. Chowla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, I. Stoica)
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.

Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.
IP Forwarding Relates to Lab 3.

IP Forwarding Relates to Lab 3.
Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China.

NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday 26.09.2005 C. Today I³SI³HIPHI³.

1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.
1 Towards Secure Interdomain Routing For Dr. Aggarwal 60-592 Win 2004.

1 Towards Secure Interdomain Routing For Dr. Aggarwal Win 2004.
NISNet Winter School Finse 2008 1 Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

Similar presentations

Ads by Google