Presentation is loading. Please wait.

Presentation is loading. Please wait.

Distributed Algorithms for Secure Multipath Routing

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Distributed Algorithms for Secure Multipath Routing"— Presentation transcript:

1 Distributed Algorithms for Secure Multipath Routing
Patrick P. C. Lee, Vishal Misra, Dan Rubenstein Distributed Network Analysis (DNA) Lab, Columbia University March 17, 2005

2 Outline Motivation: Security objectives Distributed algorithms:
Why do we use multipath routing to achieve security? Security objectives Distributed algorithms: Bound-Control algorithm Lex-Control algorithm Simulation results

3 Motivation Problem of single-path routing:
source sink An attack/failure shuts down the entire session.

4 Motivation Protection with multipath routing:
source sink An attack/failure causes less damage.

5 Goals Determine the multipath routes that achieve the “best” security:
Minimize the worst-case data loss with/without bandwidth constraints Minimize “severe” data loss with/without bandwidth constraints based on lexicographic optimization Implement a distributed solution: No need to know the global network topology Allow nodes to locally decide link costs Suitable for independently administered networks (e.g., RON)

6 Previous Work Lexicographic optimization: Minimize a non-increasing link-cost sequence a = (a1, a2, …, an) Find a*, where a* = (a1*, a2*, …, an*) ≤ a = (a1, a2, …, an) for every link-cost sequence a Georgiadis et al.’s solution [ToN ’02]: Recursively solve minimax problems on subgraphs Limitations: Centralized solution Does not consider varied bandwidth constraints

7 Our Work Develop two distributed algorithms Bound-Control and Lex-Control: Support fixed-rate model and maximal-rate model Fixed rate: a data session sends data at a fixed rate Maximal rate: a data session sends data at the maximal rate across all network links (i.e., equiv. to min-cut) Suitable for overlay networks and ad hoc networks Prove their optimality in response to single-link attacks. Evaluate the algorithms via simulations in response to single-link and multi-link attacks.

8 Model Assumptions Static network topology Single source-sink pair
Easily generalized to networks with multiple customers/providers Infrequent link attacks/failures Optimize solutions for single-link attacks Evaluate performance for both single-link and multi-link attacks

9 How to Quantify the Cost of a Single-link Attack?
Attack cost of link l: al = xl * cl xl – proportion of session data allocated to link l cl - security constant Measure the vulnerability of link l to an attack Possible physical interpretations: Attack success probability Proportion of xl lost during an attack In practice, security constants can be obtained from security monitoring systems or statistical measurements

10 Example of Setting Security Constants
More vulnerable to attacks (e.g., cl = 0.9) Wireless link sink source Wired link Less vulnerable to attacks (e.g., cl = 0.1) In subsequent discussion of objectives, assume cl = 1 for all links, i.e., attack cost = data loss.

11 One possible data allocation.
Objective 1 One possible data allocation. 5 5 Fixed data rate 10Mb/s 5 source sink 5 5 5 Minimize the worst-case data loss under the single-link attack

12 Another possible data allocation.
Objective 1 Another possible data allocation. Fixed data rate 10Mb/s 5 5 5 5 source 5 sink 5

13 Another possible data allocation.
Objective 1 Another possible data allocation. 5 5 Fixed data rate 10Mb/s 5 5 source 5 sink 5 Worst-case data loss cannot be less than 50%

14 Bandwidth-limited link
Objective 2 6 6 Fixed data rate 10Mb/s 6 source sink Bandwidth-limited link (Only 4Mb/s allowed) 4 4 4 Minimize the worst-case data loss subject to bandwidth constraints

15 Lexicographic Optimization
Objective 3 Lexicographic Optimization (6, 6, 6, 4, 4, 4, 0, 0, 0, 0)  (6, 4, 3, 3, 3, 3, 2, 2, 2, 2) 2 sink 3 source 4 6 sink 6 4 source Fixed data rate 10Mb/s Bandwidth-limited link (Only 4Mbs allowed) Minimize the ith worst-case data loss subject to bandwidth constraints, given already minimized attack costs for the worst-case, 2nd worst-case,…, (i-1)th worst-case.

16 Solving Objective 1: Preflow-Push
Map minimax problem to max-flow problem Preflow-push algorithm [Goldberg & Tarjan, 89]: Nodes find the maximum flow from source to sink in a distributed fashion. Basic idea of solving Objective 1 [Ahuja, 86]: Each node sets capacity constraints of its outgoing links: cap(l) = 1/cl. Nodes solve max-flow problem under capacity constraints in a distributed fashion. Each node allocates data for its outgoing links: (link flow) / (max flow).

17 Solving Objective 2: Bound-Control
Bandwidth constraint: fraction bound bl bl = (bandwidth of link l) / (session data rate) Capacity constraint: cap(l) = min(1/cl, bl*f) f = flow reaching the sink Upper bound in max-flow problem Basic idea of solving Objective 2: Repeat Distributed execution of Preflow-Push Each node adjusts capacity constraints for its outgoing links Until capacity constraints satisfied

18 Solving Objective 3: Lex-Control
Basic idea – solve lexicographic optimization: Repeat Distributed execution of Bound-Control Each node identifies critical links among its outgoing links Until all critical links spotted Critical Links Links whose data allocation has to be fixed to preserve the optimal attack cost In practice, Lex-Control provides the necessary resilience in 3 or 4 lexicographic iterations. Lexicographic iteration

19 Recap of Algorithms Lex-Control algorithm Bound-Control algorithm Preflow-Push algorithm Hierarchical solution to the three security objectives

20 Experimental Setup Consider three random networks generated by BRITE:
200 nodes, 600 links 200 nodes, 800 links 200 nodes, 1000 links Randomly assign security constants (0 to 1) and bandwidths (1 to 5 Mb/s) for all links Metrics: Attack cost Number of executions of Preflow-push Routing overhead

21 Experiment 1 – Bound-Control
Minimized worst-case attack cost vs. different session throughputs

22 Experiment 1 – Bound-Control
Network setting Attack cost 200 nodes, 600 links 0.73 200 nodes, 800 links 0.72 200 nodes, 1000 links 0.78 Single shortest path approach Network setting Attack cost 200 nodes, 600 links 0.34 200 nodes, 800 links 0.19 200 nodes, 1000 links 0.16 Bound-Control (for maximal-rate model) Bound-Control reduces the worst-case attack cost by 50-70%.

23 Experiment 2 – Lex-Control
Number of links with severe attack cost vs. number of lexicographic iterations. Attack cost is severe if it’s at least 25% of the worst-case attack cost. E.g., for the attack-cost sequence (1, 0.5, 0.25, 0.1, 0.1), number of links with severe attack cost is 3.

24 Summary of Experiments
Bound-Control vs. Single-Path Routing: Reduce the worst-case attack cost by 50-70% Lex-Control vs. Bound-Control Reduce # of links with severe attack costs by ~50% Reduce aggregate attack cost in multi-link attacks: by ~40% in the uniform 50-link attack by ~23% in the proportional 5-link attack by ~12% in the worst-case 5-link attack 3 or 4 lexicographic iterations are enough

25 Conclusions In this talk: More details in the paper:
Proposed two distributed algorithms Bound-Control and Lex-Control that optimize respective security objectives. Illustrated performance of Bound-Control and Lex-Control via simulation analysis. More details in the paper: Optimality proof Simulation results for multi-link attacks

Download ppt "Distributed Algorithms for Secure Multipath Routing"

Similar presentations

Impact of Interference on Multi-hop Wireless Network Performance

Impact of Interference on Multi-hop Wireless Network Performance
Utility Optimization for Event-Driven Distributed Infrastructures Cristian Lumezanu University of Maryland, College Park Sumeer BholaMark Astley IBM T.J.

Utility Optimization for Event-Driven Distributed Infrastructures Cristian Lumezanu University of Maryland, College Park Sumeer BholaMark Astley IBM T.J.
Optimal Capacity Sharing of Networks with Multiple Overlays Zheng Ma, Jiang Chen, Yang Richard Yang and Arvind Krishnamurthy Yale University University.

Optimal Capacity Sharing of Networks with Multiple Overlays Zheng Ma, Jiang Chen, Yang Richard Yang and Arvind Krishnamurthy Yale University University.
Impact of Interference on Multi-hop Wireless Network Performance Kamal Jain, Jitu Padhye, Venkat Padmanabhan and Lili Qiu Microsoft Research Redmond.

Impact of Interference on Multi-hop Wireless Network Performance Kamal Jain, Jitu Padhye, Venkat Padmanabhan and Lili Qiu Microsoft Research Redmond.
Mobility Increase the Capacity of Ad-hoc Wireless Network Matthias Gossglauser / David Tse Infocom 2001.

Mobility Increase the Capacity of Ad-hoc Wireless Network Matthias Gossglauser / David Tse Infocom 2001.
The strength of routing Schemes. Main issues Eliminating the buzz: Are there real differences between forwarding schemes: OSPF vs. MPLS? Can we quantify.

The strength of routing Schemes. Main issues Eliminating the buzz: Are there real differences between forwarding schemes: OSPF vs. MPLS? Can we quantify.
Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.
Interconnect throughput modeling. Important network performance metrics Throughput – Point to point (link bandwidth + end host software overheads) – Aggregate.

Interconnect throughput modeling. Important network performance metrics Throughput – Point to point (link bandwidth + end host software overheads) – Aggregate.
1 Advancing Supercomputer Performance Through Interconnection Topology Synthesis Yi Zhu, Michael Taylor, Scott B. Baden and Chung-Kuan Cheng Department.

1 Advancing Supercomputer Performance Through Interconnection Topology Synthesis Yi Zhu, Michael Taylor, Scott B. Baden and Chung-Kuan Cheng Department.
2015-5-131 Short-Term Fairness and Long- Term QoS Lei Ying ECE dept, Iowa State University, Joint work with Bo Tan, UIUC and R. Srikant, UIUC.

Short-Term Fairness and Long- Term QoS Lei Ying ECE dept, Iowa State University, Joint work with Bo Tan, UIUC and R. Srikant, UIUC.
Kuang-Hao Liu et al Presented by Xin Che 11/18/09.

Kuang-Hao Liu et al Presented by Xin Che 11/18/09.
Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.

Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.
Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.

Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.
WiOpt’03: Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks March 3-5, 2003, INRIA Sophia-Antipolis, France Session : Energy Efficiency.

WiOpt’03: Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks March 3-5, 2003, INRIA Sophia-Antipolis, France Session : Energy Efficiency.
DNA Research Group 1 Growth Codes: Maximizing Sensor Network Data Persistence Abhinav Kamra, Vishal Misra, Dan Rubenstein Department of Computer Science,

DNA Research Group 1 Growth Codes: Maximizing Sensor Network Data Persistence Abhinav Kamra, Vishal Misra, Dan Rubenstein Department of Computer Science,
Network Optimization Models: Maximum Flow Problems In this handout: The problem statement Solving by linear programming Augmenting path algorithm.

Network Optimization Models: Maximum Flow Problems In this handout: The problem statement Solving by linear programming Augmenting path algorithm.
PROFITABLE CONNECTION ASSIGNMENT IN ALL OPTICAL WDM NETWORKS VISHAL ANAND LANDER (Lab. for Advanced Network Design, Evaluation and Research) In collaboration.

PROFITABLE CONNECTION ASSIGNMENT IN ALL OPTICAL WDM NETWORKS VISHAL ANAND LANDER (Lab. for Advanced Network Design, Evaluation and Research) In collaboration.
Yashar Ganjali Joint work with: Abtin Keshavarzian June 4, 2003 Single-Path vs. Multi-Path Routing in Ad Hoc Networks.

Yashar Ganjali Joint work with: Abtin Keshavarzian June 4, 2003 Single-Path vs. Multi-Path Routing in Ad Hoc Networks.
Jerry Chou and Bill Lin University of California, San Diego

Jerry Chou and Bill Lin University of California, San Diego
CISS Princeton, March 20081 Optimization via Communication Networks Matthew Andrews Alcatel-Lucent Bell Labs.

CISS Princeton, March Optimization via Communication Networks Matthew Andrews Alcatel-Lucent Bell Labs.

Similar presentations

Ads by Google