Authentication for Fragments Craig Partridge BBN Technologies

Slides:



Advertisements
Similar presentations
By Md Emran Mazumder Ottawa University Student no:
Advertisements

Pathload A measurement tool for end-to-end available bandwidth Manish Jain, Univ-Delaware Constantinos Dovrolis, Univ-Delaware Sigcomm 02.
NETWORK LAYER (1) T.Najah AlSubaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.
Principles of Congestion Control Chapter 3.6 Computer Networking: A top-down approach.
NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China.
1 Observations regarding a new architecture Kevin Fall Intel Research, Berkeley 18-Sep-2006, Cambridge, UK.
(4.4) Internet Protocols Layered approach to Internet Software 1.
Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols.
Statistical Analysis of Malformed Packets and Their Origins in the Modern Internet NETREAD UC Berkeley George Porter Oct 4, 2002.
Networks: Sample Performance Problems 1 Sample Network Performance Problems.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
Chapter 12 Network Security.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
CPSC156a: The Internet Co-Evolution of Technology and Society Lecture 3: September 11, 2003 Internet Basics, continued Acknowledgments: R. Wang and J.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
Phalanx: Withstanding (?) Multimillion-Node (?) Botnets Paper by Colin Dixon, Thomas Anderson and Arvind Krishnamurthy NSDI ‘08 ?? by Mark Ison and Gergely.
Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.
John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff
CPSC156: The Internet Co-Evolution of Technology and Society Lecture 2: January 18, 2007 Internet Basics, continued Acknowledgments: R. Wang and J. Rexford.
TCP/IP Basics A review for firewall configuration.
COS 420 Day 16. Agenda Assignment 3 Corrected Poor results 1 C and 2 Ds Spring Break?? Assignment 4 Posted Chap Due April 6 Individual Project Presentations.
Chapter 20: Network Security Business Data Communications, 4e.
TCP/IP Reference Model Host To Network Layer Transport Layer Application Layer Internet Layer.
DELAY-TOLERANT NETWORKS Volodymyr Goncharov Freiburg Uni, WS 2009, Seminar Ad Hoc Netzwerke.
1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?
Communication Networks
Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
10/8/2015CST Computer Networks1 IP Routing CST 415.
CSE4213 Computer Networks II
20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Fall 2002CS 395: Computer Security1 Chapter 11: Message Authentication and Hash Functions.
ACN: RED paper1 Random Early Detection Gateways for Congestion Avoidance Sally Floyd and Van Jacobson, IEEE Transactions on Networking, Vol.1, No. 4, (Aug.
Computer Networks with Internet Technology William Stallings
Internetworking Internet: A network among networks, or a network of networks Allows accommodation of multiple network technologies Universal Service Routers.
IT-320 Chapter 16 Network Security. Objectives 1. Define threat, vulnerability, and exploit, explaining how they relate to each other. 2. Given a scenario,
Page 1 Network Addressing CS.457 Network Design And Management.
Presented by Rebecca Meinhold But How Does the Internet Work?
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
TCP =Transmission Control Protocol IP = Internet Protocol TCP/IP Protocol.
CIS 325: Data Communications1 Chapter Seventeen Network Security.
Security in many layers  Application Layer –  Transport Layer - Secure Socket Layer  Network Layer – IPsec (VPN)  Link Layer – Wireless Communication.
The Integration of the Bundle Security Protocol Features into DTN2 Walter J. Scheirer and Prof. Mooi Choo Chuah Department of Computer Science and Engineering.
UNIT 2 LESSON 8 CS PRINCIPLES. UNIT 2 LESSON 8 OBJECTIVES Students will be able to: Describe how routers develop routing tables to determine how to send.
IP1 The Underlying Technologies. What is inside the Internet? Or What are the key underlying technologies that make it work so successfully? –Packet Switching.
1 Internetworking: IP Packet Switching Reading: (except Implementation; pp )
Hash-Based IP Traceback Alex C. Snoeren +, Craig Partridge, Luis A. Sanchez ++, Christine E. Jones, Fabrice Tchakountio, Stephen T. Kent and W. Timothy.
Jessica Kornblum DSL Seminar Nov. 2, 2001 Hash-Based IP Traceback Alex C. Snoeren +, Craig Partridge, Luis A. Sanchez ++, Christine E. Jones, Fabrice Tchakountio,
IP - Internet Protocol No. 1  Seattle Pacific University IP: The Internet Protocol Kevin Bolding Electrical Engineering Seattle Pacific University.
The Network Layer Role Services Main Functions Standard Functions
IPSecurity.
Impact of New CC on Cross Traffic
Key Distribution in DTNs
How is all that data traffic controlled on the Internet?
IP - The Internet Protocol
IP - The Internet Protocol
Encapsulation/Decapsulation
The TESLA Broadcast Authentication Protocol CS 218 Fall 2017
IP - The Internet Protocol
Timing Analysis of Keystrokes And Timing Attacks on SSH
IP Traceback Problem: How do we determine where malicious packet came from ? It’s a problem because attacker can spoof source IP address If we know where.
IP - The Internet Protocol
Sample Network Performance Problems
Sample Network Performance Problems
IP - The Internet Protocol
Review of Internet Protocols Network Layer
Presentation transcript:

Authentication for Fragments Craig Partridge BBN Technologies

The Problem Router Packet (Fragments) An Intermittent Link Comes Up Which Fragment Do You Send?

Why An Issue? New network scenarios with intermittent (potentially) oversubscribed links New network scenarios with intermittent (potentially) oversubscribed links A desire to send the most valuable traffic first A desire to send the most valuable traffic first Large native unit of authentication Large native unit of authentication –Mobigrams –DTN bundles

Starting Assumptions Datagram may be (re)fragmented at any point in the data and at any time (including during transmission) Datagram may be (re)fragmented at any point in the data and at any time (including during transmission) Fragments do not all follow the same path Fragments do not all follow the same path

Datagram may be (re)fragmented at any point in the data and at any time (including during transmission Nice assumption Nice assumption –Can pre-empt fragments during transmission –Very general Apparently untenable Apparently untenable –Creates unauthenticatable fragments –Creates new style of attack on fragments Bytes 1..j Auth Unit P+1 Bytes k..n Auth Unit P Must fragment on boundaries determined by origin (ugh!) Must fragment on boundaries determined by origin (ugh!)

Fragments do not all follow same path Distributed Romanow-Floyd problem Distributed Romanow-Floyd problem –Fragment lost on path 1 means fragments on path 2 now can only do harm, yet path 2 must treat them as valuable Shared keys problematic Shared keys problematic –Every fragmentation point has private key with each origin? –Public key signatures are BIG Either Either –Each fragment is self authenticating (see PK is BIG) –Or we distribute aggregated authentication information down all possible paths (can we make it small enough?)

Can We Make Authentication Information Small Enough? An idea: send function definition, not signature An idea: send function definition, not signature –Implies result of function is known –E.g. fragment #5 has digital hash of 5 Such functions exist… Such functions exist… –But either compact in representation OR strong enough to provide digital signature –NOT both (yet!) –Why this is a HOTNETS paper

While I Take Questions… This builds on prior work This builds on prior work –Kent/Mogul, Fragmentation Considered Harmful –Romanow/Floyd, Dynamics of TCP Traffic over ATM Networks –Matthis/Heffner/Chandler, Fragmentation Considered Very Harmful –Toilet paper authentication ideas in DTN list

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.