Presentation is loading. Please wait.

Presentation is loading. Please wait.

Robust Congestion Control for IP Multicast

Published byΆνεμονη Γούσιος Modified over 6 years ago

Similar presentations

Presentation on theme: "Robust Congestion Control for IP Multicast"— Presentation transcript:

1 Robust Congestion Control for IP Multicast
Sergey Gorinsky Applied Research Laboratory Department of Computer Science and Engineering Washington University in St. Louis November 3, 2003

2 The Internet Growth and Its Implications
Evolution of the Internet Original design Small test bed. Close-knit scientific community Today’s reality Global commercial network. Large number of selfish users Need to rethink assumptions in the Internet design Network bandwidth allocation Traditional assumption of universal trust Misbehavior incentives: unfairly high acquisition of bandwidth Misbehavior opportunities: open-source operating systems Challenge: robust allocation of network bandwidth in distrusted environments Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

3 This Talk Focus Outline
Robust congestion control for multicast services Outline Background Congestion control and multicast services Trust model Self-beneficial attacks by a receiver Vulnerabilities of existing multicast protocols Robust mechanisms for multicast congestion control DELTA and SIGMA Conclusion and future work Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

4 Congestion Control Congestion Congestion control
Excessive transmission results in packet losses Uncontrolled retransmission leads to congestion collapse Congestion control Allocation of bandwidth along network paths Prevention of congestion collapse Responsiveness to congestion Efficient utilization Fair sharing Unicast: TCP congestion control [Jacobson 1988] Receiver acknowledges delivered packets Sender adjusts its transmission in response to feedback Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

5 One-to-Many Communications
Dissemination of data to multiple receivers Example Video address by the CEO of an international company to employees Inefficient solutions Direct unicast from the sender to each receiver Broadcast Multicast Hierarchy for data duplication and forwarding Implementations IP multicast: router-based hierarchy [Deering 1991] End-system multicast: host-based hierarchy [Chu 2000] Congestion control challenges Scalability Receiver heterogeneity Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

6 Supporting Scalable IP Multicast
Sender Receiver Receiver Receiver Receivers subscribe to a multicast group at their local edge routers Receivers provide the sender with limited feedback RMTP [Paul 1997], SAMM [Albuquerque 1998], pgmcc [Rizzo 2000], TFMCC [Widmer 2001] Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

7 Addressing Receiver Heterogeneity
Sender 1 Mbps group 3 Mbps group 1 Mbps receiver 4 Mbps receiver 1 Mbps receiver A multicast session is composed of multiple groups Layered multicast: RLM [McCanne 1996], FLID-DL [Byers 2000], WEBRC [Luby 2002] Replicated multicast: DSG [Cheung 1996] Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

8 Talk Outline Background Trust model
Congestion control and multicast Trust model Self-beneficial attacks by a receiver Vulnerabilities of existing multicast protocols Robust mechanisms for multicast congestion control DELTA and SIGMA Conclusion and future work Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

9 Trust Existing protocols Our trust model Sender Receiver Receiver
Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

10 Types of Bandwidth Attacks
Denial-of-service attacks Disruption of network services Intentionally visible Self-beneficial attacks Acquisition of data at an unfairly high rate Intentionally keeping a low profile Easy to launch TCP Daytona [Savage 1999], “throughput improvement” tools Dangerous Our focus: self-beneficial bandwidth attacks Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

11 Vulnerabilities of Multicast Protocols
Paradigms Threats Vulnerable protocols Single-group Multi-group feedback-free Multi-group feedback-driven Feedback-driven transmission adjustment Incorrect reports RMTP, SAMM, TFMCC, pgmcc DSG, SIM, MLDA Failure to report RMTP, TFMCC, pgmcc Forged aggregated reports RMTP Manipulation with suppression pgmcc Group membership regulation Inflated subscription WEBRC, FLID-DL, RLC, RLM Prevention of other receivers from subscription RLM Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

12 Inflated Subscription in FLID-DL
One bottleneck link shared by six sessions: two FLID-DL and four TCP Inflated subscription is a fundamental threat to fair bandwidth allocation Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

13 Protection against Inflated Subscription
Source of inflated subscription: ability to join any group Approach: restricted access to groups Traditional implementation: identity-based access control Secure IGMP [Ballardie 1995], GOTHIC [Judge 2002] Problem: identity does not prove adherence to subscription rules Solution: congestion-dependent group access control Access rights are a function of the congestion status Access keys change every time slot Requirements Minimal generic changes in the network Support of existing and future multicast protocols Preservation of congestion control properties Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

14 Linkage of Access Rights with the Congestion Status
Updated key Packets Receiver Sender No updated key Updated key Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

15 Robust Group Subscription: DELTA and SIGMA
DELTA (Distribution of ELigibility To Access) In-band distribution of keys from the sender to eligible receivers Transforms a vulnerable multicast protocol into its robust version Requires a protocol-specific instantiation dependent on: Congestion notification Session structure Congested state Subscription rules SIGMA (Secure Internet Group Management Architecture) Generic distribution of keys from the sender to edge routers Key-based group access control at edge routers Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

16 Example of a Protected Protocol
Session structure N cumulative subscription levels First level: group 1 (base layer of data) Second level: groups 1 and 2 (two lower layers of data) … … N-th level: all N groups of the session (all layers of data) Congested state of a receiver Single packet loss in any of the subscribed groups Subscription rules Rule 1: Congested receiver must drop its top group Rule 2: Receiver can preserve its lower groups Rule 3: When authorized by the protocol, uncongested receiver can add the next group (i.e., the group immediately above its top group) Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

17 Rule 1: Congested Receiver Must Drop Its Top Group
Packets of group 4: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Packets of group 3: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Packets of group 2: 1 2 3 4 5 7 6 8 9 10 Packets of group 1: 1 2 3 4 5 Packets of a subscription level carry components of a key for its top group where is XOR, is a component in packet p of group j Time slot Problem: each packet of group 1 carries N components Reason: different keys use independent components Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

18 Rule 1: Congested Receiver Must Drop Its Top Group
Packets of group 4: 16 17 18 19 20 Packets of group 3: 11 12 13 14 15 Packets of group 2: 7 6 8 9 10 Packets of group 1: 1 2 3 4 5 Time slot Packets of a subscription level carry components of a key for its top group where is XOR, is a component in packet p of group j Problem: each packet of group 1 carries N components Reason: different keys use independent components Solution: keys reuse components from lower groups Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

19 Rule 2: Receiver Can Preserve Its Lower Groups
Packets of group 4: 16 17 18 19 20 3 Packets of group 3: 11 12 13 14 15 2 Each packet of group g carries a decrease key for group g-1 1 Packets of group 2: 7 6 8 9 10 Packets of group 1: 1 2 3 4 5 Time slot Top key for each group g where is XOR, is a component in packet p of group j Requirement: knowledge of should not reveal Solution: decrease key and top key for each group are different Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

20 Rule 3: Authorized Uncongested Receiver Can Add Group
Packets of group 4: 16 17 18 19 20 3 Packets of group 3: 11 12 13 14 15 2 Packets of group 2: 7 6 8 9 10 1 Packets of group 1: 1 2 3 4 5 Time slot Increase key for each authorized group where is XOR, is a component in packet p of group j Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

21 Generalizing the Solution
Above example of DELTA instantiation Protected protocol No support for reliable delivery Loss-driven detection of congestion Layered multicast Single-loss definition for the congested state Protection against individual attacks Extensions Protection against collusion attacks DELTA instantiations for other types of protocols Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

22 DELTA Instantiations for Different Types of Protocols
Reliability Reliable protocols (vs. unreliable protocols) Sender distributes components among both original and additional packets Congestion notification ECN (vs. loss) Edge routers change the component in each marked packet Session structure Replicated multicast (vs. layered multicast) Keys consist of components from a single group Congested state Loss rate exceeding a threshold (vs. single packet loss) n packets are transmitted to a subscription level (k,n) threshold scheme is used to generate components [Shamir 1979] k components are necessary and sufficient for reconstructing the key Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

23 SIGMA Distribution of keys from the sender to edge routers
Challenge: generic network support DELTA-style reconstruction of keys from components is protocol-specific Solution: multicast of group addresses and keys to edge routers Special packets carry address-key tuples Edge routers intercept these packets Forward error correction provides reliable delivery Key-based group access control at edge routers Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

24 Group Access Control in SIGMA
Operation timeline New challenges in group management Adding a group Unconditional access to the added group for two consecutive time slots Admitting a new receiver into the session Intermittently unrestricted access to the minimal group Time slots Edge routers control access to the groups using the keys for time slot S+2 Receivers submit their group subscription requests The sender distributes the keys for time slot S+2 to edge routers and eligible receivers S S+1 S+2 Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

25 Protection against Inflated Subscription
DELTA and SIGMA protect against inflated subscription Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

26 Preservation of Congestion Control Properties
Responsiveness Efficiency DELTA and SIGMA preserve congestion control properties Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

27 Research Summary Relaxed the traditional assumption of universal trust in multicast congestion control Focused on self-beneficial attacks of misbehaving receivers Classified and demonstrated vulnerabilities in multicast protocols Designed protection against inflated subscription DELTA and SIGMA: congestion-dependent group access control Generic network support Robustness to individual attacks (and extension for collusion attacks) Robust adaptation of FLID-DL (and RLM) protocols Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

28 Future Work Robust bandwidth allocation in peer-to-peer multicast
Routing with misbehaving receivers New types of attacks Eliciting a self-beneficial multicast hierarchy Slow forwarding Trusted base Sender Receiver Misbehaving receiver Receiver Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis

Download ppt "Robust Congestion Control for IP Multicast"

Similar presentations

1 IP - The Internet Protocol Relates to Lab 2. A module on the Internet Protocol.

1 IP - The Internet Protocol Relates to Lab 2. A module on the Internet Protocol.
Push Technology Humie Leung Annabelle Huo. Introduction Push technology is a set of technologies used to send information to a client without the client.

Push Technology Humie Leung Annabelle Huo. Introduction Push technology is a set of technologies used to send information to a client without the client.
1 School of Computing Science Simon Fraser University CMPT 771/471: Internet Architecture & Protocols TCP-Friendly Transport Protocols.

1 School of Computing Science Simon Fraser University CMPT 771/471: Internet Architecture & Protocols TCP-Friendly Transport Protocols.
IPv4 - The Internet Protocol Version 4

IPv4 - The Internet Protocol Version 4
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
OSI Model OSI LAYER / MODEL.

OSI Model OSI LAYER / MODEL.
1 IP - The Internet Protocol Relates to Lab 2. A module on the Internet Protocol.

1 IP - The Internet Protocol Relates to Lab 2. A module on the Internet Protocol.
Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli University of Calif, Berkeley and Lawrence Berkeley National Laboratory SIGCOMM.

Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli University of Calif, Berkeley and Lawrence Berkeley National Laboratory SIGCOMM.
Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli SIGCOMM 1996.

Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli SIGCOMM 1996.
Network Congestion Gabriel Nell UC Berkeley. Outline Background: what is congestion? Congestion control – End-to-end – Router-based Economic insights.

Network Congestion Gabriel Nell UC Berkeley. Outline Background: what is congestion? Congestion control – End-to-end – Router-based Economic insights.
Multimedia Robert Grimm New York University. Content: Multimedia Overview  Multimedia = audio and video  Saroiu et al.—An Analysis of Internet Content.

Multimedia Robert Grimm New York University. Content: Multimedia Overview  Multimedia = audio and video  Saroiu et al.—An Analysis of Internet Content.
Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.

Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.
1 Network Layer: Host-to-Host Communication. 2 Network Layer: Motivation Can we built a global network such as Internet by extending LAN segments using.

1 Network Layer: Host-to-Host Communication. 2 Network Layer: Motivation Can we built a global network such as Internet by extending LAN segments using.
Reliable Transport Layers in Wireless Networks Mark Perillo Electrical and Computer Engineering.

Reliable Transport Layers in Wireless Networks Mark Perillo Electrical and Computer Engineering.
An Active Reliable Multicast Framework for the Grids M. Maimour & C. Pham ICCS 2002, Amsterdam Network Support and Services for Computational Grids Sunday,

An Active Reliable Multicast Framework for the Grids M. Maimour & C. Pham ICCS 2002, Amsterdam Network Support and Services for Computational Grids Sunday,
Error Checking continued. Network Layers in Action Each layer in the OSI Model will add header information that pertains to that specific protocol. On.

Error Checking continued. Network Layers in Action Each layer in the OSI Model will add header information that pertains to that specific protocol. On.
CSE679: Multicast and Multimedia r Basics r Addressing r Routing r Hierarchical multicast r QoS multicast.

CSE679: Multicast and Multimedia r Basics r Addressing r Routing r Hierarchical multicast r QoS multicast.
Receiver-driven Layered Multicast Paper by- Steven McCanne, Van Jacobson and Martin Vetterli – ACM SIGCOMM 1996 Presented By – Manoj Sivakumar.

Receiver-driven Layered Multicast Paper by- Steven McCanne, Van Jacobson and Martin Vetterli – ACM SIGCOMM 1996 Presented By – Manoj Sivakumar.
OIS Model TCP/IP Model.

OIS Model TCP/IP Model.
Introduction to Networks CS587x Lecture 1 Department of Computer Science Iowa State University.

Introduction to Networks CS587x Lecture 1 Department of Computer Science Iowa State University.

Similar presentations

Ads by Google