SIGCOMM 2012 (August 16, 2012) Private and Verifiable Interdomain Routing Decisions Mingchen Zhao * Wenchao Zhou * Alexander Gurney * Andreas Haeberlen.

Slides:



Advertisements
Similar presentations
Path Splicing with Network Slicing
Advertisements

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
Diagnosing Missing Events in Distributed Systems with Negative Provenance Yang Wu* Mingchen Zhao* Andreas Haeberlen* Wenchao Zhou + Boon Thau Loo* * University.
Secure Network Provenance Wenchao Zhou *, Qiong Fei*, Arjun Narayan*, Andreas Haeberlen*, Boon Thau Loo*, Micah Sherr + * University of Pennsylvania +
LADIS workshop (Oct 11, 2009) A Case for the Accountable Cloud Andreas Haeberlen MPI-SWS.
Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.
Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
Consensus Routing: The Internet as a Distributed System John P. John, Ethan Katz-Bassett, Arvind Krishnamurthy, and Thomas Anderson Presented.
A. Haeberlen Having your Cake and Eating it too: Routing Security with Privacy Protections 1 HotNets-X (November 15, 2011) Alexander Gurney * Andreas Haeberlen.
The Structure of Networks with emphasis on information and social networks T-214-SINE Summer 2011 Chapter 8 Ýmir Vigfússon.
BGP Safety with Spurious Updates Martin Suchara in collaboration with: Alex Fabrikant and Jennifer Rexford IEEE INFOCOM April 14, 2011.
1 Path Splicing Author: Murtaza Motiwala, Megan Elmore, Nick Feamster and Santosh Vempala Publisher: SIGCOMM’08 Presenter: Hsin-Mao Chen Date:2009/12/09.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
Criticisms of I3 Zhichun Li. General Issues Functionality Security Performance Practicality If not significant better than existing schemes, why bother?
Shadow Configurations: A Network Management Primitive Richard Alimi, Ye Wang, Y. Richard Yang Laboratory of Networked Systems Yale University.
NSDI (April 24, 2009) © 2009 Andreas Haeberlen, MPI-SWS 1 NetReview: Detecting when interdomain routing goes wrong Andreas Haeberlen MPI-SWS / Rice Ioannis.
Privacy-Preserving Cross-Domain Network Reachability Quantification
SAVE: Source Address Validity Enforcement Protocol Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA Computer Science Dept 10/04/2001.
Inherently Safe Backup Routing with BGP Lixin Gao (U. Mass Amherst) Timothy Griffin (AT&T Research) Jennifer Rexford (AT&T Research)
Interdomain Routing Security Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays.
1 Design and implementation of a Routing Control Platform Matthew Caesar, Donald Caldwell, Nick Feamster, Jennifer Rexford, Aman Shaikh, Jacobus van der.
A Routing Control Platform for Managing IP Networks Jennifer Rexford Princeton University
Inter-domain Routing security Problems Solutions.
Diagnosing Missing Events in Distributed Systems with Negative Provenance Yang Wu* Mingchen Zhao* Andreas Haeberlen* Wenchao Zhou + Boon Thau Loo* * University.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Considering the Advantages of Using BGP.
Control of Personal Information in a Networked World Rebecca Wright Boaz Barak Jim Aspnes Avi Wigderson Sanjeev Arora David Goodman Joan Feigenbaum ToNC.
Stable Internet Routing Without Global Coordination Jennifer Rexford AT&T Labs--Research Joint work with Lixin Gao.
Building a Strong Foundation for a Future Internet Jennifer Rexford ’91 Computer Science Department (and Electrical Engineering and the Center for IT Policy)
The Structure of Networks with emphasis on information and social networks T-214-SINE Summer 2011 Chapter 8 Ýmir Vigfússon.
Computer Networks Layering and Routing Dina Katabi
Information-Centric Networks07b-1 Week 7 / Paper 2 NIRA: A New Inter-Domain Routing Architecture –Xiaowei Yang, David Clark, Arthur W. Berger –IEEE/ACM.
EQ-BGP: an efficient inter- domain QoS routing protocol Andrzej Bęben Institute of Telecommunications Warsaw University of Technology,
Multi-path Interdomain ROuting by Xu and Rexford Alan Dunn Topics in Network Protocol Design March 5, 2010.
Yongzhi Wang, Jinpeng Wei VIAF: Verification-based Integrity Assurance Framework for MapReduce.
NSDI (April 24, 2009) © 2009 Andreas Haeberlen, MPI-SWS 1 NetReview: Detecting when interdomain routing goes wrong Andreas Haeberlen MPI-SWS / Rice Ioannis.
How Secure are Secure Inter- Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir.
Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.
Lecture 27 Page 1 Advanced Network Security Routing Security Advanced Network Security Peter Reiher August, 2014.
Sign What You Really Care About -- Secure BGP AS Paths Efficiently Yang Xiang, Z. Wang, J. Wu, X. Shi, X. Yin Tsinghua University, Beijing AsiaFI 2011.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.
Detecting Selective Dropping Attacks in BGP Mooi Chuah Kun Huang November 2006.
R-BGP: Staying Connected in a Connected World Nate Kushman Srikanth Kandula, Dina Katabi, and Bruce Maggs.
Routing and Routing Protocols
Efficient Secure BGP AS Path using FS-BGP Xia Yin, Yang Xiang, Zhiliang Wang, Jianping Wu Tsinghua University, Beijing 81th Quebec.
CS 4396 Computer Networks Lab BGP. Inter-AS routing in the Internet: (BGP)
Electronic Cash R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
SOSP 2007 © 2007 Andreas Haeberlen, MPI-SWS 1 Practical accountability for distributed systems Andreas Haeberlen MPI-SWS / Rice University Petr Kuznetsov.
Motivation: Finding the root cause of a symptom
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Course Introduction.
Internet Routing Verification John “JI” Ioannidis AT&T Labs – Research Copyright © 2002 by John Ioannidis. All Rights Reserved.
1 Chapter 14-16a Internet Routing Review. Chapter 14-16: Internet Routing Review 2 Introduction Motivation: Router performance is critical to overall.
BUFFALO: Bloom Filter Forwarding Architecture for Large Organizations Minlan Yu Princeton University Joint work with Alex Fabrikant,
Seyed K. Fayaz, Tushar Sharma, Ari Fogel
Problem: Internet diagnostics and forensics
Aaron Gember-Jacobson
COS 561: Advanced Computer Networks
COS 561: Advanced Computer Networks
COS 561: Advanced Computer Networks
COS 561: Advanced Computer Networks
COS 561: Advanced Computer Networks
COS 561: Advanced Computer Networks
BGP Security Jennifer Rexford Fall 2018 (TTh 1:30-2:50 in Friend 006)
COS 461: Computer Networks
BGP Instability Jennifer Rexford
Ensuring Correctness over Untrusted Private Database
Presentation transcript:

SIGCOMM 2012 (August 16, 2012) Private and Verifiable Interdomain Routing Decisions Mingchen Zhao * Wenchao Zhou * Alexander Gurney * Andreas Haeberlen * Micah Sherr + Boon Thau Loo * * University of Pennsylvania + Georgetown University 1

SIGCOMM 2012 (August 16, 2012) Motivating Scenario 2 Charlie Doris Eliot Alice Bob 2 hop 3 hop 5 hop (2+1) hop I will always give you my shortest route to Google! ASes are making “promises” about their routing behavior Needed to implement various routing goals, e.g., meeting peer traffic ratios, avoiding use of expensive uplinks, … Neighbors may depend on these being implemented correctly

SIGCOMM 2012 (August 16, 2012) Problem: Detecting broken promises 3 Charlie Doris Eliot Alice Bob 2 hop 3 hop 5 hop (2+1) hop (3+1) hop How do I know whether Bob is keeping his promise? Goal: Verify whether the promise is kept

SIGCOMM 2012 (August 16, 2012) Can auditing help? 4 Charlie Doris Eliot Alice Bob 2 hop 3 hop 5 hop (3+1) hop Audit log 3 hop 5 hop 2 hop Is this enough? Example: NetReview (NSDI 2009)

SIGCOMM 2012 (August 16, 2012) Challenge: Privacy 5 Charlie Doris Eliot Alice Bob 2 hop 3 hop 5 hop (3+1) hop I do not want to reveal all my routes to Alice!

SIGCOMM 2012 (August 16, 2012) Security Can we have our cake and eat it too? 6 Privacy Security S-BGP, soBGP, psBGP, NetReview, …

SIGCOMM 2012 (August 16, 2012) Goals Security: If Bob breaks his promise, Alice will detect it. Privacy: Verification does not reveal more information than BGP. Evidence: If Bob breaks his promise, Alice can prove it. Accuracy: If Bob does not break his promise, nobody can prove he did. 7

SIGCOMM 2012 (August 16, 2012) Approach: Collaborative Verification 8 Alice Bob Charlie DorisEliot Idea: break the verification into small pieces Assign each piece to someone who can verify it with only local knowledge Successful verification of all pieces implies that the promise has been kept

SIGCOMM 2012 (August 16, 2012) Outline Motivation Goal: Verify promises about routing decisions Challenge: Privacy The SPIDeR system Evaluation Summary 9

SIGCOMM 2012 (August 16, 2012) Modeling promises 10 3 hop route 4 hop route 5 hop route Indifference Class 3 hop Asia Customer 3 hop Euro peer 3 hop Africa Provider 4 hop Africa Customer 5 hop Asia Provider 5 hop Euro Provider 4 hop Euro peer >>

SIGCOMM 2012 (August 16, 2012) Modeling promises 11 Customer route Peer route Provider route Indifference Class 3 hop Asia Customer 4 hop Africa Customer 5 hop Asia Provider 5 hop Euro Provider 4 hop Euro peer 3 hop Euro peer 3 hop Africa Provider >> Our study of 88 real AS policies shows that most of the popular promises can be modeled in this way.

SIGCOMM 2012 (August 16, 2012) Background: Merkle Hash Tree Merkle Tree 12 b1b1 b2b2 b3b3 b4b4 Hash b2b2 Proof that the second value is b 2 Reveals nothing about b 1, b 3, b 4 ! Path to the root Values Commitment

SIGCOMM 2012 (August 16, 2012) Charlie Doris Eliot Alice Bob SPIDeR: single prefix case Bit k set to 1: "I have a route that is at most k hops long" Bit 3 is set! Bob acknowledges the 3-hop route! a) No bit below 2 is set; this is the shortest route! b) All bits above 2 are set; Bob didn't lie to the others! Merkle hash tree hop 3 hop 5 hop (2+1) hop

SIGCOMM 2012 (August 16, 2012) Charlie Doris Eliot Alice Bob SPIDeR: single prefix case Bit k set to 1: "I have a route that is at most k hops long" Merkle hash tree hop 3 hop 5 hop (3+1) hop Bit 2 is set; there is a better route. If Bob picks the correct route, no neighbor learns anything new! If Bob picks the wrong route, at least one neighbor can detect it!

SIGCOMM 2012 (August 16, 2012) Making SPIDeR practical So far: We can verify promises about a single prefix and a single decision We have a protocol It meets all four goals We proved the correctness (in a TR) Guarantees hold even if an AS is malicious Practical issues, temporal privacy, loose synchronization, logging system, withdrawals, incremental deployment Loose synchronization, Logging sys 15 Multiple prefixes

SIGCOMM 2012 (August 16, 2012) Multi-Prefix: Additional Challenges 16

SIGCOMM 2012 (August 16, 2012) Modified Ternary Tree 0 E E E E E E 17 Efficiency: run one instance to verify all the prefixes Privacy: verifiers cannot learn anything about other prefixes.

SIGCOMM 2012 (August 16, 2012) Outline Motivation The SPIDeR system Single prefix Practical Challenges Evaluation Functionality check Microbenchmarks Overhead Summary 18

SIGCOMM 2012 (August 16, 2012) Evaluation: Microbenchmarks An important metric is how fast we can make hash trees. How quickly can we capture transient routing configuration problems? Experiment: generate a tree for a full BGP routing table on Dell PowerEdge 860. Result: 17.4s (with three cores) Scales almost linearly with the number of cores 19

SIGCOMM 2012 (August 16, 2012) Evaluation: Experimental Overhead Small AS topology with Quagga routers Injected a RouteViews trace AS 5’s SPIDeR ran on a single machine 20 Data Collected

SIGCOMM 2012 (August 16, 2012) Evaluation: Overhead Computation 2.4 GHz core: 81.3% utilized Commodity workstation is sufficient Bandwidth Signatures etc.: 20.8kbps Verifying 1% of commitments per minute: 3.0Mbps On the order of a single DSL upstream link Storage Keeping 1 year’s worth of logs: 145.7GB Fits on a commodity hard drive 21 A small AS could run SPIDeR on a single machine

SIGCOMM 2012 (August 16, 2012) Summary Goal: Verify promises about interdomain routing decisions Problem: Offer both security and privacy Solution: Collaborative verification Implemented in the SPIDeR system Provable security and privacy guarantees Efficient enough to run on a single commodity workstation 22 More information:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.