Presentation is loading. Please wait.

Presentation is loading. Please wait.

Decoy Router Placement Jacopo Cesareo, Michael Schapira, and Jennifer Rexford Princeton University.

Published byShauna Fleming Modified over 8 years ago

Similar presentations

Presentation on theme: "Decoy Router Placement Jacopo Cesareo, Michael Schapira, and Jennifer Rexford Princeton University."— Presentation transcript:

1 Decoy Router Placement Jacopo Cesareo, Michael Schapira, and Jennifer Rexford Princeton University

2 Decoy Router Placement Decoy router along the path to decoy destination … directs traffic to the covert destination 2 client decoy destination covert destination decoy router

3 Placement Problem Given clients, destinations, and paths –Clients: {c i } –Decoy destinations: {d j } –Paths: {P ij } from client c i to decoy destination d j Select K decoy routers –Decoy routers: {r k } from a set of candidates R To maximize –# client/decoy pairs that traverse a decoy router, or –# clients traversing a decoy router for some decoy dest 3 c1c1 c2c2 c3c3 d1d1 d2d2 P 11 P 32

4 Greedy Placement Algorithm Computational limits –NP hard to find the optimal solution –Best approximation has ~2/3 bound Heuristic based on “popularity” –# of (c i, d j ) pairs traversing the router, or –# of c i traversing the router to reach some decoy dest Greedy algorithm achieves the ~2/3 bound! –Select the most popular candidate –Remove all parties it “covers” –Recompute the popularities –Repeat until K routers are chosen 4 c1c1 c2c2 c3c3 d1d1 d2d2 P 11 P 32

5 Initial Experiment Autonomous System (AS) level model –RouteViews measurements of interdomain routing –CAIDA inferences of AS-level relationships –Simulation of AS-level routing decisions Example experiment –Clients: all ASes located in Australia –Decoy destinations: ASes for Amazon and eBay –Candidate decoy routers: all ASes outside Australia Results for two scenarios –# of client/decoy pairs that traverse a decoy router, or –# of clients that traverse a decoy router for some decoy 5

6 Good Placement  Good Coverage 6

7 Conclusions and Future Work Good coverage with relatively few decoy routers –Effective placement algorithm with good bound –Clients concentrated through a few regional ISPs –A few large ISPs provide most wide-area connectivity Future work –Wider range of clients and decoy destinations –Direct measurements of AS paths and router-level paths –Selection of decoy destinations given the decoy routers –Reactions of adversaries to circumvent decoy routers 7

8 Backup Slides 8

9 Decoy Router ASes For clients in Australia –Decoy routers for clients  Cogent, AOL, NTT, ReachNetworks, Verizon  174, 1668, 2914, 4637, 701 –Decoy routers for client/decoy-destination pairs  Singapore Telecom, ReachNetworks, Tata Communications, Cogent, Level3, Telecom New Zealand, NTT, KDDI, NetAccess For clients in China –Decoy routers for clients  Cogent, SwissCom, NetAccess, … –Decoy routers for client/decoy-destination pairs  Cogent, Qwest, SwissCom, AOL, NetAccess, KDDI, Verizon, Deutsche Telekom, … 9

10 Placement Algorithm: China 10

Download ppt "Decoy Router Placement Jacopo Cesareo, Michael Schapira, and Jennifer Rexford Princeton University."

Similar presentations

1 Incentive-Compatible Interdomain Routing Joan Feigenbaum Yale University Vijay Ramachandran Stevens Institute of Technology Michael Schapira The Hebrew.

1 Incentive-Compatible Interdomain Routing Joan Feigenbaum Yale University Vijay Ramachandran Stevens Institute of Technology Michael Schapira The Hebrew.
Traveling Salesperson Problem

Traveling Salesperson Problem
Minimizing Seed Set for Viral Marketing Cheng Long & Raymond Chi-Wing Wong Presented by: Cheng Long 20-August-2011.

Minimizing Seed Set for Viral Marketing Cheng Long & Raymond Chi-Wing Wong Presented by: Cheng Long 20-August-2011.
Censorship Resistance: Decoy Routing Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.

Censorship Resistance: Decoy Routing Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
CSE534- Fundamentals of Computer Networking Lecture 12-13: Internet Connectivity + IXPs (The Underbelly of the Internet) Based on slides by D. Choffnes.

CSE534- Fundamentals of Computer Networking Lecture 12-13: Internet Connectivity + IXPs (The Underbelly of the Internet) Based on slides by D. Choffnes.
Let the Market Drive Deployment A Strategy for Transitioning to BGP Security Phillipa Gill University of Toronto Sharon Goldberg Boston University Michael.

Let the Market Drive Deployment A Strategy for Transitioning to BGP Security Phillipa Gill University of Toronto Sharon Goldberg Boston University Michael.
Lecture 6 Overlay Networks CPE 401/601 Computer Network Systems slides are modified from Jennifer Rexford.

Lecture 6 Overlay Networks CPE 401/601 Computer Network Systems slides are modified from Jennifer Rexford.
Part II: Inter-domain Routing Policies. March 8, 20042 What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!

Part II: Inter-domain Routing Policies. March 8, What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!
Progress in inferring business relationships between ASs Dmitri Krioukov 4 th CAIDA-WIDE Workshop.

Progress in inferring business relationships between ASs Dmitri Krioukov 4 th CAIDA-WIDE Workshop.
Traffic Engineering With Traditional IP Routing Protocols

Traffic Engineering With Traditional IP Routing Protocols
Interdomain Routing Security COS 461: Computer Networks Michael Schapira.

Interdomain Routing Security COS 461: Computer Networks Michael Schapira.
Traffic Engineering Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

Traffic Engineering Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.
1 Traffic Engineering for ISP Networks Jennifer Rexford IP Network Management and Performance AT&T Labs - Research; Florham Park, NJ

1 Traffic Engineering for ISP Networks Jennifer Rexford IP Network Management and Performance AT&T Labs - Research; Florham Park, NJ
Traffic Engineering in IP Networks Jennifer Rexford Computer Science Department Princeton University; Princeton, NJ

Traffic Engineering in IP Networks Jennifer Rexford Computer Science Department Princeton University; Princeton, NJ
Stable Internet Routing Without Global Coordination Jennifer Rexford Princeton University Joint work with Lixin Gao (UMass-Amherst)

Stable Internet Routing Without Global Coordination Jennifer Rexford Princeton University Joint work with Lixin Gao (UMass-Amherst)
Slide -1- February, 2006 Interdomain Routing Gordon Wilfong Distinguished Member of Technical Staff Algorithms Research Department Mathematical and Algorithmic.

Slide -1- February, 2006 Interdomain Routing Gordon Wilfong Distinguished Member of Technical Staff Algorithms Research Department Mathematical and Algorithmic.
Dynamics of Hot-Potato Routing in IP Networks Renata Teixeira (UC San Diego) with Aman Shaikh (AT&T), Tim Griffin(Intel),

Dynamics of Hot-Potato Routing in IP Networks Renata Teixeira (UC San Diego) with Aman Shaikh (AT&T), Tim Griffin(Intel),
Characterizing the Internet Hierarchy from Multiple Vantage Points Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park,

Characterizing the Internet Hierarchy from Multiple Vantage Points Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park,
Interdomain Routing Establish routes between autonomous systems (ASes). Currently done with the Border Gateway Protocol (BGP). AT&T Qwest Comcast Verizon.

Interdomain Routing Establish routes between autonomous systems (ASes). Currently done with the Border Gateway Protocol (BGP). AT&T Qwest Comcast Verizon.

Similar presentations

Ads by Google