Presentation is loading. Please wait.

Presentation is loading. Please wait.

SCION: Scalability, Control and Isolation On Next-Generation Networks

Similar presentations


Presentation on theme: "SCION: Scalability, Control and Isolation On Next-Generation Networks"— Presentation transcript:

1 SCION: Scalability, Control and Isolation On Next-Generation Networks
Xin Zhang, Hsu-Chun Hsiao, Geoff Hasker, Haowen Chan, Adrian Perrig, David Andersen

2 The Internet is still unreliable and insecure!
Feb 2008: Pakistani ISP hijacks YouTube prefix Apr 2010: A Chinese ISP inserts fake routes affecting thousands of US networks. Nov 2010: 10% of Internet traffic 'hijacked' to Chinese servers due to DNS Tampering. Application Transport Data link Network Physical S-BGP origin attest. S-BGP route attest. Multi-path DNSSec Whats the Australian ISP example? https://threatpost.com/en_us/blogs/chinese-dns-tampering-big-threat-internet-security Fixes to date – ad hoc, patches Inconvenient truths S-BGP: delayed convergence Global PKI: single root of trust

3 Limitations of the Current Internet
Too little or too much path control by end points Destination has too little control over inbound paths Source has too much control to aggregate DDoS traffic A Prefer the red path … B M C D’s prefix here! D

4 Limitations of the Current Internet
Too little or too much path control by end points Destination has too little control over inbound paths Source has too much control to aggregate DDoS traffic Lack of routing isolation A failure/attack can have global effects Global visibility of paths is not scalable Lack of route freshness Current (S-)BGP enables replaying of obsolete paths

5 Related Work Routing security Routing control
S-BGP, soBGP, psBGP, SPV, PGBGP Routing control Multipath (MIRO, Deflection, Path splicing, Pathlet), NIRA Scalable and policy-based routing HLP, HAIR, RBF Secure DNS DNSSec Source accountability and router accountability AIP, Statistical FL, PAAI Because these limitations are really fundamental, fixing those issues requires to fundamentally change the way BGP works. Therefore, we call for a re-design, including routing, forwarding, addressing, and address lookup.

6 Wish List (1): Isolation
Localization of attacks Mutually distrusting domains, no single root of trust Independent routing region … … … … … … … … M Attacks (e.g., bad routes)

7 Wish List (2): Balanced Control
Source, destination, transit ISPs all have path control Support rich policies and DDoS defenses … … … … CMU PSC I2 L3 … … D C A B Hide the peering link from CMU 7

8 Wish List (3): Explicit Trust
Know who needs to be trusted Enforceable accountability … … … … … … X Y Z Internet Level 3 I2 PSC Who will forward Packets on the path? Go through X and Z, but not Y CMU

9 SCION Architecture Overview
Trust domain (TD)s Isolation and scalability S: blue paths D: red paths path srv TD TD Core Path construction scalability PCB PCB PCB PCB Path resolution Control Explicit trust AD: admin domain Al the nodes shown in this figure represent a TD, e.g., united states Each node can be though of as an ISP or administrative domain, or AD Path construction achieves scalability Path resolution achieves control Route joining (shortcuts) Efficiency, flexibility Destination Source

10 Logical Decomposition
Split the network into a set of trust domains (TD) TD: isolation of route computation TD cores: interconnected Tier-1 ADs (ISPs) core core Down-paths Up-paths Jurisdictional boundary Note: very similar to routing in the current Internet Destination Source

11 Path Construction Beacons (PCBs)
: interface : Opaque field : expiration time : signature TD Core = ||MAC( ) PCB = SIG( || || ) A = || MAC( || ) PCB = SIG( || || || ) Lets take a closer look at this path construction protocol with a single topology, where nodes A, B, and C represent three different ADs in the same TD. Although the details may look complicated, the main point is quite simple but powerful. Essentially, first, we use digital signatures to provide strong protection and accountability for the control-plane PCBs, In this way malicious ADs cannot launch path falsification attacks to attract packets. At data-plane however, we only use light-weight, symmetric MAC, to guarantee the paths formed at control-plane are followed by line-speed data packets. B PCB = || MAC( || ) PCB = SIG( || || || ) C Embed into pkts

12 SCION Security Benefits
S-BGP etc SCION Isolation Scalability, freshness Path replay attack Collusion attack Single root of trust Trusted Computing Base Whole Internet TD Core and on-path ADs Path Control Source End-to-end control Only up-path Destination No control Inbound paths DDoS Open attacks Enable defenses First in SCION, the isolation across trust domains facilitates scalability, because the routing updates are only propagated within the local trust domain. In addition, in each trust domain, only the TD core initiates PCBs, which further improves scalability. In contract in current S-BGP or other path-vector based routing protocols,

13 Performance Benefits Scalability Flexibility Simplicity and efficiency
Routing updates are scoped within the local TD Flexibility Transit ISPs can embed local routing policies in opaque fields Simplicity and efficiency No inter-domain forwarding table Symmetric verification during forwarding

14 Evaluation Methodology
Use of CAIDA topology information Assume 5 TDs (AfriNIC, ARIN, APNIC, LACNIC, RIPE) We compare to S-BGP/BGP

15 Performance Evaluation
Additional path length (AD hops) compared to BGP without shortcuts: 21% longer with shortcuts: 1 down/up- path: 6.7% 2 down/up- path: 3.5% 5 down/up- path: 2.5%

16 Policy Expressiveness Evaluation
Fraction of BGP paths available under SCION, reflecting SCION’s expressiveness of BGP policies With k=5, can find 85% of same paths

17 Security Evaluation Resilience against routing and data-plane attacks
Malicious ADs announce bogus links between each other S-BGP With k=5, can find 85% of same paths SCION

18 Conclusions Basic architecture design for a next-generation network that emphasizes isolation, control and explicit trust Highly efficient, scalable, available architecture Enables numerous additional security mechanisms, e.g., network capabilities Application Transport Data link Network Physical

19 Xin Zhang <xzhang1@cmu.edu>
Questions? Xin Zhang


Download ppt "SCION: Scalability, Control and Isolation On Next-Generation Networks"

Similar presentations


Ads by Google