Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Authenticated Adversarial Routing Yair Amir, Paul Bunn, Rafail Ostrovsky 6 th IACR Theory of Cryptography Conference March 15, 2009.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Authenticated Adversarial Routing Yair Amir, Paul Bunn, Rafail Ostrovsky 6 th IACR Theory of Cryptography Conference March 15, 2009."— Presentation transcript:

1 1 Authenticated Adversarial Routing Yair Amir, Paul Bunn, Rafail Ostrovsky 6 th IACR Theory of Cryptography Conference March 15, 2009

2 2 Authenticated Adversarial Routing Problem Statement Solution Ideas Conclusion

3 3 Authenticated Adversarial Routing Problem Statement Adversarial Networks Statement of Result Previous Work Solution Ideas Conclusion

4 4 The Network S R {m 1, m 2, m 3, …} Most basic task: two “uncorrupted” nodes need to communicate

5 5 The Adversary For clarity, break-up adversary into 2 (collaborating) adversaries: Node-controlling Malicious Adversary Edge-scheduling Adversary

6 6 Edge-Scheduling Adversary S R End-to-End, Synchronous Only 1 packet can cross an edge per round Controls Edges (Up/Down) {m 1, m 2, m 3, …}

7 7 Edge-Scheduling Adversary End-to-End, Synchronous Only 1 packet can cross an edge per round Controls Edges (Up/Down) Conforming (Always a Path!) S R {m 1, m 2, m 3, …}

8 8 Node-Controlling Adversary Controls Nodes “Malicious” ⇒ Nodes act arbitrarily “Dynamic” ⇒ Adaptive corruption Conforming (Always a Path!) Polynomially Bounded S R {m 1, m 2, m 3, …}

9 9 Node-Controlling Adversary S R Controls Nodes “Malicious” ⇒ Nodes act arbitrarily “Dynamic” ⇒ Adaptive corruption Conforming (Always a Path!) # Malicious nodes allowed >> n/2 {m 1, m 2, m 3, …}

10 10 The Problem: Goals of Routing S R Correctness: “Packets are output by R without duplication or omission” Throughput: Number of messages received as a function of time Memory per Node {m 1, m 2, m 3, …}

11 11 Our Main Result Theorem (informal): If OWF’s exist THEN routing that is resilient against any poly-time conforming (node- controlling + edge-scheduling) adversary can be achieved with: Throughput: Linear O(t ) rounds  t packets delivered Memory per Node: O(n 4 log n) Proof is constructive, local control

12 12 History of Routing in Malicious Networks Fault Detection, Fault Localization [Awerbuch Holmer Nita-Rotaru Rubens 02] [Barak Goldberg Xiao 08] A priori select a single-path Fault Detection/Localization performed on this path After identifying fault, new path selected Open in [BGX 08]: how do we handle adaptive routing?

13 13 Authenticated Adversarial Routing Problem Statement Solution Ideas Naïve Solutions Dynamic Topology Networks - [AG 88] [AMS 89] [AGR 92] [AAGMRS 97] [KOR 98] Highlights of our Solution Conclusion

14 14 Naïve Solutions Flooding: Sender floods one message + index + signature Nodes broadcast message with highest index Receiver floods confirmation of receipt + signature Nodes broadcast confirmation with highest index S R {m 1, m 2, m 3, …}

15 15 Naïve Solutions Flooding: Slow: Delivery is sublinear Expensive (Pay for Bandwidth Used) S R {m 1, m 2, m 3, …}

16 16 Slide Protocol “Slide” Protocol: [Afek Gafni 88], [Awerbuch Mansour Shavit 89], [Afek Gafni Rosen 92], [Afek Awerbuch Gafni Mansour Rosen Shavit 97] How it works: Edges viewed as directional Internal nodes maintain buffers on every edge (size n) Protocol proceeds in 3 steps: { … … … … … … n

17 17 … … … … … … ……………… RS …… “Slide” Protocol: [Afek Gafni 88], [Awerbuch Mansour Shavit 89], [Afek Gafni Rosen 92], [Afek Awerbuch Gafni Mansour Rosen Shavit 97] How it works: Edges viewed as directional Internal nodes maintain buffers on every edge (size n) Protocol proceeds in 3 steps: Slide Protocol n {

18 18 “Slide” Protocol: [Afek Gafni 88], [Awerbuch Mansour Shavit 89], [Afek Gafni Rosen 92], [Afek Awerbuch Gafni Mansour Rosen Shavit 97] How it works: Edges viewed as directional Internal nodes maintain buffers on every edge (size n) Protocol proceeds in 3 steps: …………………… RS H = n H = n-1 H = 2 H = 1 H = n-1 H = 2H = 1H = 0 1) Communicate Heights 2) Transfer Packets3) Re-Shuffle Locally Slide Protocol

19 19 RS “Slide” Protocol: [Afek Gafni 88], [Awerbuch Mansour Shavit 89], [Afek Gafni Rosen 92], [Afek Awerbuch Gafni Mansour Rosen Shavit 97] How it works: Edges viewed as directional Internal nodes maintain buffers on every edge (size n) Protocol proceeds in 3 steps: 1) Communicate Heights 2) Transfer Packets3) Re-Shuffle Locally Slide Protocol Packets “flow” downhill from S to R

20 20 Correctness: Throughput: Memory: Linear (Optimal with respect to Conforming Adversary!) O(n 2 log n) “Slide” Protocol: [Afek Gafni 88], [Awerbuch Mansour Shavit 89], [Afek Gafni Rosen 92], [Afek Awerbuch Gafni Mansour Rosen Shavit 97] How it works: Edges viewed as directional Internal nodes maintain buffers on every edge (size n) Protocol proceeds in 3 steps: 1) Communicate Heights 2) Transfer Packets3) Re-Shuffle Locally Slide Protocol

21 21 Towards Our Solution S R Assume signatures for all packets Adv cannot insert “new” packets – are we done? NO! We must counter all malicious behavior: Examples: Message Deletion; Message Duplication; “Play- Dead”; … {m 1, m 2, m 3, …}

22 22 Sketch of Proof Start with “Slide” protocol Every message of O(n 3 ) bits is expanded into a codeword of O(n 3 ) packets Sender signs all packets he inserts “Routing with Responsibility”: Every time a packet is transferred across an edge, adjacent nodes sign various forms of communication

23 23 After the O(n 3 ) rounds allotted to the transfer of any message, we prove one of the following happens: 1. R can decode the codeword Successful message transmission Great, proceed to the next message! 2. R did not receive 8 n 3 packets Packet Deletion Keep track (signed) volume across each edge of total volume 3. R has received a duplicated packet Packet Duplication + Packet Deletion Keep track (signed) # of appearances of each packet across each edge 4. S was not able to insert 12n 3 packets Packet Duplication Keep track (signed) of potential changes across each edge Sketch of Proof

24 24 Blacklist Non-responding nodes put on blacklist by sender Control information is flooded Control info is much smaller then messages, so does not impact throughput Blacklisted nodes don’t transfer messages (until they are removed) Nodes crucial to link S and R won’t remain on blacklist for long

25 25 Authenticated Adversarial Routing Problem Statement Solution Approach and Description Conclusion

26 26 Conclusion 1 st routing protocol secure against (node-controlling+edge-scheduling) conforming adversary Same Throughput as non-secure protocols: Throughput: Linear (Optimal!) More Memory as non-secure protocols, but still polynomial: Memory: O(n 4 log n) vs. O(n 2 log n)

27 27 After the O(n 3 ) rounds allotted to the transfer of any message, we prove one of the following happens: 1. R can decode the codeword “Successful” message transmission 2. R did not receive 8 n 3 packets Packet Deletion 3. R has received a duplicated packet Packet Duplication + Packet Deletion 4. S was not able to insert 12n 3 packets Packet Duplication Sketch of Proof AB 57

28 28 Sketch of Proof AB P 102 (5, P 102 ) After the O(n 3 ) rounds allotted to the transfer of any message, we prove one of the following happens: 1. R can decode the codeword “Successful” message transmission 2. R did not receive 8 n 3 packets Packet Deletion 3. R has received a duplicated packet Packet Duplication + Packet Deletion 4. S was not able to insert 12n 3 packets Packet Duplication

29 29 Sketch of Proof AB (-5,3) 2 5 3 4 1 1 (-3, 2) C D -3 3 2 After the O(n 3 ) rounds allotted to the transfer of any message, we prove one of the following happens: 1. R can decode the codeword “Successful” message transmission 2. R did not receive 8 n 3 packets Packet Deletion 3. R has received a duplicated packet Packet Duplication + Packet Deletion 4. S was not able to insert 12n 3 packets Packet Duplication

Download ppt "1 Authenticated Adversarial Routing Yair Amir, Paul Bunn, Rafail Ostrovsky 6 th IACR Theory of Cryptography Conference March 15, 2009."

Similar presentations

Provable Unlinkability Against Traffic Analysis Ron Berman Joint work with Amos Fiat and Amnon Ta-Shma School of Computer Science, Tel-Aviv University.

Provable Unlinkability Against Traffic Analysis Ron Berman Joint work with Amos Fiat and Amnon Ta-Shma School of Computer Science, Tel-Aviv University.
Exercises and Solutions Lecture 1

Exercises and Solutions Lecture 1
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Interconnection Networks: Flow Control and Microarchitecture.

Interconnection Networks: Flow Control and Microarchitecture.
Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.
DISTRIBUTED SYSTEMS II FAULT-TOLERANT BROADCAST Prof Philippas Tsigas Distributed Computing and Systems Research Group.

DISTRIBUTED SYSTEMS II FAULT-TOLERANT BROADCAST Prof Philippas Tsigas Distributed Computing and Systems Research Group.
Introduction to Computer Science 2 Lecture 7: Extended binary trees

Introduction to Computer Science 2 Lecture 7: Extended binary trees
Shi Bai, Weiyi Zhang, Guoliang Xue, Jian Tang, and Chonggang Wang University of Minnesota, AT&T Lab, Arizona State University, Syracuse University, NEC.

Shi Bai, Weiyi Zhang, Guoliang Xue, Jian Tang, and Chonggang Wang University of Minnesota, AT&T Lab, Arizona State University, Syracuse University, NEC.
Multicast in Wireless Mesh Network Xuan (William) Zhang Xun Shi.

Multicast in Wireless Mesh Network Xuan (William) Zhang Xun Shi.
Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!

Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
Congestion Control Created by M Bateman, A Ruddle & C Allison As part of the TCP View project.

Congestion Control Created by M Bateman, A Ruddle & C Allison As part of the TCP View project.
1 Vipul Goyal Abhishek Jain Rafail Ostrovsky Silas Richelson Ivan Visconti Microsoft Research India MIT and BU UCLA University of Salerno, Italy Constant.

1 Vipul Goyal Abhishek Jain Rafail Ostrovsky Silas Richelson Ivan Visconti Microsoft Research India MIT and BU UCLA University of Salerno, Italy Constant.
Enhancing Source-Location Privacy in Sensor Network Routing P.Kamat, Y. Zhang, W. Trappe, C. Ozturk In Proceedings of the 25th IEEE International Conference.

Enhancing Source-Location Privacy in Sensor Network Routing P.Kamat, Y. Zhang, W. Trappe, C. Ozturk In Proceedings of the 25th IEEE International Conference.
A Probabilistic Misbehavior Detection Scheme towards Efficient Trust Establishment in Delay-tolerant Networks Haojin Zhu, Suguo Du, Zhaoyu Gao, Mianxiong.

A Probabilistic Misbehavior Detection Scheme towards Efficient Trust Establishment in Delay-tolerant Networks Haojin Zhu, Suguo Du, Zhaoyu Gao, Mianxiong.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Data Consistency in Sensor Networks: Secure Agreement Fatemeh Borran Supervised by: Panos Papadimitratos, Marcin Poturalski Prof. Jean-Pierre Hubaux IC-29.

Data Consistency in Sensor Networks: Secure Agreement Fatemeh Borran Supervised by: Panos Papadimitratos, Marcin Poturalski Prof. Jean-Pierre Hubaux IC-29.
Securing OLSR Using Node Locations Daniele Raffo Cédric Adjih Thomas Clausen Paul Mühlethaler 11 th European Wireless Conference 2005 (EW 2005) April 10-13.

Securing OLSR Using Node Locations Daniele Raffo Cédric Adjih Thomas Clausen Paul Mühlethaler 11 th European Wireless Conference 2005 (EW 2005) April
Linear-time encodable and decodable error-correcting codes Daniel A. Spielman Presented by Tian Sang Jed Liu 2003 March 3rd.

Linear-time encodable and decodable error-correcting codes Daniel A. Spielman Presented by Tian Sang Jed Liu 2003 March 3rd.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.

A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.

Similar presentations

Ads by Google