Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 SCION: Scalability, Control and Isolation On Next-Generation Networks Xin Zhang, Hsu-Chun Hsiao, Geoff Hasker, Haowen Chan, Adrian Perrig, David Andersen.

Published byAdelia Ferguson Modified over 9 years ago

Similar presentations

Presentation on theme: "1 SCION: Scalability, Control and Isolation On Next-Generation Networks Xin Zhang, Hsu-Chun Hsiao, Geoff Hasker, Haowen Chan, Adrian Perrig, David Andersen."— Presentation transcript:

1 1 SCION: Scalability, Control and Isolation On Next-Generation Networks Xin Zhang, Hsu-Chun Hsiao, Geoff Hasker, Haowen Chan, Adrian Perrig, David Andersen

2 Reasons for Clean-Slate Design Someone may just want to deploy a new Internet Possible for specialized high-reliability networks, e.g., smart grid We need to have a design ready Even if we want to evolve current Internet, we need to have a goal, know how good a network could be 2 The question is not: why deploy a new Internet? But: why are we still putting up with the current Internet?

3 Application Transport Data link Network Physical The Internet is still unreliable and insecure! 3 Feb 2008: Pakistani ISP hijacks YouTube prefix Apr 2010: A Chinese ISP inserts fake routes affecting thousands of US networks. Nov 2010: 10% of Internet traffic 'hijacked' to Chinese servers due to DNS Tampering. S-BGP origin attest. S-BGP route attest. DNSSec Multi-path  Fixes to date – ad hoc, patches  Inconvenient truths  S-BGP: delayed convergence  Global PKI: single root of trust

4 Limitations of the Current Internet  Too little or too much path control by end points D C A B M D’s prefix here! 4 Prefer the red path … Prefer the red path …  Destination has too little control over inbound paths  Source has too much control to aggregate DDoS traffic

5 Limitations of the Current Internet  Too little or too much path control by end points 5  Destination has too little control over inbound paths  Source has too much control to aggregate DDoS traffic  Lack of routing isolation  A failure/attack can have global effects  Global visibility of paths is not scalable  Lack of route freshness  Current (S-)BGP enables replaying of obsolete paths  Huge routing/forwarding table size

6 Related Work  Routing security  S-BGP, soBGP, psBGP, SPV, PGBGP  Routing control  Multipath (MIRO, Deflection, Path splicing, Pathlet), NIRA  Scalable and policy-based routing  HLP, HAIR, RBF  Secure DNS  DNSSec  Source accountability and router accountability  AIP, Statistical FL, PAAI 6

7 Which Internet Do You Want? 7 Current Internet? New Internet!

8 Wish List (1): Isolation 8 … M Attacks (e.g., bad routes) … …  Localization of attacks  Mutually distrusting domains, no single root of trust … Independent routing region

9 Wish List (2): Balanced Control 99 … CMU PSC I2 L3 … D CAB Hide the peering link from CMU Hide the peering link from CMU  Source, destination, transit ISPs all have path control  Support rich policies and DDoS defenses

10 Wish List (3): Explicit Trust 10 CMU PSC Level 3 I2  Know who needs to be trusted XYZ Who will forward Packets on the path? Who will forward Packets on the path? Go through X and Z, but not Y Go through X and Z, but not Y  Enforceable accountability … Internet

11 SCION Architectural Goals High availability, even for networks with malicious parties Explicit trust for network operations Minimal TCB: limit number of entities that need to be trusted for any operation –Strong isolation from untrusted parties Operate with mutually distrusting entities –No single root of trust Enable route control for ISPs, receivers, senders Simplicity, efficiency, flexibility, and scalability 11

12 SCION Architecture Overview 12 Source Destination PCB  Trust domain (TD)s  Isolation and scalability  Path construction  scalability  Path resolution  Control  Explicit trust  Route joining (shortcuts)  Efficiency, flexibility S: blue paths D: red paths S: blue paths D: red paths path srv TD TD Core AD: admin domain

13 Logical Decomposition  Split the network into a set of trust domains (TD) 13 TD: isolation of route computation TD cores: interconnected Tier-1 ADs (ISPs) SourceDestination core Up-paths Down-paths

14 Path Construction Goal: each endpoint learns multiple verifiable paths to its core Discovering paths via Path Construction Beacons (PCBs) TD Core periodically initiates PCBs Providers advertise upstream topology to peering and customer ADs ADs perform the following operations Collect PCBs For each neighbor AD, select which k PCBs to forward Update cryptographic information in PCBs Endpoint AD will receive up to k PCBs from each upstream AD, and select k down-paths and up-paths 14

15 Path Construction Beacons (PCBs) 15 TD Core A B C PCB Embed into pkts : interface: Opaque field: expiration time : signature = SIG( || || ) = ||MAC( ) = SIG( || || || ) = || MAC( || ) PCB = || MAC( || ) = SIG( || || || )

16 Path Construction 16 Interfaces: Opaque field: Signature: TC  A:I(TC): ϕ ||{ϕ,{ϕ, TC1} O(TC) : { ϕ, TC1} ||MAC Ktc ( { ϕ, TC1} || ϕ ) Σ(TC): Sign( I(TC) || T(TC) || O(TC) || ϕ ) A  C:I(A): I(TC)|| {A1, A2} O(A) : {A1, A2} || MAC Ka ( {A1, A2} ||O(TC) ) Σ(A): Sign( I(A) || T(A) || O(A) ||Σ(TC) ) TD Core (TC) AB CD G FE 12 2 1 2 1 2 1 3 1 32 4 111 I(i) = previous-hop interfaces || local interfaces O(i) = local interfaces || MAC over local interfaces and O(i-1) Σ(i) = sign over I(i), T(i), O(i), and Σ(i-1), with cert of pub key

17 Path Construction 17 O(C) : {C1, C4} || MAC Ka ( {C1, C4} || O(A) ) Σ(C): Sign( I(C) || T(C) || O(C) ||Σ(A) ) C  E: C? – One PCB per neighbor I(C): I(A)|| {C1, C4} Also include peering link! I C,D (C):{C4,C2} || TD || AID D O C,D (C): {C4, C2} ||MAC Kc ( {C4, C2} ) Σ C,D (C): Sign( I C,D (C) || T C,D (C) || O C,D (C) || O(C) ) TD Core (TC) AB CD G FE 12 2 1 2 1 2 1 3 1 32 4 111 Interfaces: Opaque field: Signature: I(i) = previous-hop interfaces || local interfaces O(i) = local interfaces || MAC over local interfaces and O(i-1) Σ(i) = sign over I(i), T(i), O(i), and Σ(i-1), with cert of pub key

18 Address/Path Resolution TD core provides address/path resolution servers Each endpoint is identified as an AID:EID pair. AID is signed by the containing TD, and EID is signed by the containing AD (with AID). Address is a public key [AIP 2008] Each AD registers name / address at address resolution server, uses an up-path to reach TD core Private key used to sign name  address mapping ADs select which down-paths to announce ADs sign down-paths with private key and register down- paths with path resolution servers 18

19 Route Joining Local traffic should not need to traverse TD core Sender obtains receiver’s k down-paths Sender intersects its up-paths with receiver’s down-paths Sender selects preferred routes based on k 2 options 19

20 Forwarding Down-path contains all forwarding decisions (AD traversed) from endpoint AD to TD core Ingress/egress points for each AD, authenticated in opaque fields ADs use internal routing to send traffic from ingress to egress point Joined end-to-end route contains full forwarding information from source to destination No routing / forwarding tables needed! 20

21 Discussion Incremental Deployment Current ISP topologies are consistent with the TDs in SCION ISPs use MPLS to forward traffic within their networks Only edge routers need to deploy SCION Can use IP tunnels to connect SCION edge routers in different ADs 21 Limitations ✗ ADs need to keep updating down-paths on path server ✗ Increased packet size ✗ Static path binding, which may hamper dynamic re-routing

22 SCION Security Benefits 22 S-BGP etcSCION Isolation Scalability, freshness Path replay attack Collusion attack Single root of trust Trusted Computing BaseWhole Internet TD Core and on-path ADs Path Control SourceEnd-to-end controlOnly up-path DestinationNo controlInbound paths DDoSOpen attacksEnable defenses

23 Performance Benefits  Scalability  Routing updates are scoped within the local TD  Flexibility  Transit ISPs can embed local routing policies in opaque fields  Simplicity and efficiency  No interdomain forwarding table  Current network layer: routing table explosion  Symmetric verification during forwarding  Simple routers, energy efficient, and cost efficient 23

24 Evaluation Methodology  Use of CAIDA topology information  Assume 5 TDs (AfriNIC, ARIN, APNIC, LACNIC, RIPE)  We compare to S-BGP/BGP 24

25 Performance Evaluation  Additional path length (AD hops) compared to BGP  without shortcuts: 21% longer  with shortcuts:  1 down/up- path: 6.7%  2 down/up- path: 3.5%  5 down/up- path: 2.5% 25

26 Policy Expressiveness Evaluation  Fraction of BGP paths available under SCION, reflecting SCION’s expressiveness of BGP policies 26

27 Security Evaluation  Resilience against routing and data-plane attacks  Malicious ADs announce bogus links between each other 27 SCION S-BGP

28 Conclusions Basic architecture design for a next- generation network that emphasizes isolation, control and explicit trust Highly efficient, scalable, available architecture Enables numerous additional security mechanisms, e.g., network capabilities 28 Application Transport Data link Network Physical

29 Questions? 29 Xin Zhang

Download ppt "1 SCION: Scalability, Control and Isolation On Next-Generation Networks Xin Zhang, Hsu-Chun Hsiao, Geoff Hasker, Haowen Chan, Adrian Perrig, David Andersen."

Similar presentations

Multihoming and Multi-path Routing

Multihoming and Multi-path Routing
Network Support for Sharing. 2 CABO: Concurrent Architectures are Better than One No single set of protocols or functions –Different applications with.

Network Support for Sharing. 2 CABO: Concurrent Architectures are Better than One No single set of protocols or functions –Different applications with.
Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.

Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.
Multihoming and Multi-path Routing

Multihoming and Multi-path Routing
SCION: Scalability, Control and Isolation On Next-Generation Networks

SCION: Scalability, Control and Isolation On Next-Generation Networks
Internetworking II: MPLS, Security, and Traffic Engineering

Internetworking II: MPLS, Security, and Traffic Engineering
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.
Availability Centric Routing (ACR) Robust Interdomain Routing Without BGP Security July 25 th, 2006.

Availability Centric Routing (ACR) Robust Interdomain Routing Without BGP Security July 25 th, 2006.
SCION: Scalability, Control, and Isolation On Next-Generation Networks 2011-05-04 Seungmin Kang.

SCION: Scalability, Control, and Isolation On Next-Generation Networks Seungmin Kang.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Interdomain Routing Security COS 461: Computer Networks Michael Schapira.

Interdomain Routing Security COS 461: Computer Networks Michael Schapira.
© 2003 By Default! A Free sample background from www.powerpointbackgrounds.com Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

Similar presentations

Ads by Google