Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 A Cryptographic Approach to Safe Inter-domain Traffic Engineering Sridhar Machiraju SAHARA Retreat, Summer 2004.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1 A Cryptographic Approach to Safe Inter-domain Traffic Engineering Sridhar Machiraju SAHARA Retreat, Summer 2004."— Presentation transcript:

1 1 A Cryptographic Approach to Safe Inter-domain Traffic Engineering Sridhar Machiraju SAHARA Retreat, Summer 2004

2 2 Outline Motivation Defining the Problem Proposed Solution Random Noise Discussion and Conclusions

3 3 Motivation In BGP, Autonomous Systems (ASs) are abstracted as a node in a graph

4 4 In reality, AS1 AS2 AS3 Peering links Internal links

5 5 In BGP, AS1 AS2 AS3 Peering links Internal links

6 6 Motivation Why? –Scalability –Confidentiality of intra-domain information, e.g., link quality, routing, flow info, policies etc. Why is this bad? Traffic engineering by one AS can send flows over “bad” paths in neighboring ASs In BGP, Autonomous Systems (ASs) are abstracted as a node in a graph

7 7 Outline Motivation Defining the Problem Proposed Solution Random Noise Discussion and Conclusions

8 8 High-level Problem Statement A Source of flow F In A, this path has most available bandwidth B

9 9 High-level Problem Statement BA Source of flow F Destination of flow F In A, this path has most available bandwidth path with best end-to-end available bandwidth

10 10 High-level Problem Statement Design a technique so that neighboring domains conduct traffic engineering cooperatively in a scalable fashion without having to reveal confidential intra-domain information? BA Source of flow F Destination of flow F In A, this path has most available bandwidth path with best end-to-end available bandwidth

11 11 Formalizing the Problem Consider traffic from A to B that can exit one of P peering points Confidential information Two kinds of constraints (of A and B) – –Given demand T i, find amount of traffic, x ik of flow F i to transit peering point k –For every “bottleneck” link,, all traffic traversing it must not exceed avail b/w

12 12 A Linear Programming Problem… Constraints: Constraints in AS A (private to A) Constraints in AS B (private to B) amount of each flow exchanged at peering points Objective: maximize/minimize C T X: –(minimize) maximum link utilization –(maximize) total traffic exchanged –(minimize) average/maximum path inflation

13 13 Outline Motivation Defining the Problem Proposed Solution Random Noise Discussion and Conclusions

14 14 Overview of Solution Sub-matrices of V,W are private to A, B A and B transform the above into: Solve LP1’ and X=QX’ V’, W’, X’, X, C’, C do not reveal any information about private information of A and B to each other (almost) LP1 LP1’

15 15 Transforming the LP problem A sends encrypted sub-matrix, E(V A ) and E(W A ) to B B chooses random invertible P and Q B sends E(V’)=PE(V)Q and E(W’)=PE(W) –requires addition of encrypted values and multiplication by known scalars (V B, W B ) –These can be performed by homomorphic encryption schemes, e.g., Paillier’s A decrypts E(V’) and E(W’) to obtain LP1’

16 16 The Final Solution A B E(V A ), E(W A ) B A E(V’)=PE(V)Q E(W’)=PE(W) Solve V’X’<W’ for X’ Send X=QX’ E() represents encryption by A

17 17 Outline Motivation Defining the Problem Proposed Solution Random Noise Discussion and Conclusions

18 18 Small random noise is OK LP1’ does not leak any information about V B, W B only if V has full rank So, add small random noise to matrix entries –this can be done by homomorphic encryptions How does this affect the LP problem? –Constraints may not be violated by small noise –Objective function may be affected, though

19 19 Effect of random noise(1) 10 constraints; objective – maximize flow

20 20 Effect of random noise(2) Objective – maximize (–1*path inflation) About 2-3% unsolvable problems too!

21 21 Outline Motivation Defining the Problem Proposed Solution Discussion and Conclusions Random Noise

22 22 Discussion Scalability –LP problem transformation is quadratic in terms of number of cryptographic operations –But, traffic engineering not frequent (hourly) Threat model –ASs are assumed to be rational, i.e., do not inject wrong inputs Future work: Experiment with real topologies and quantify time complexity

23 23 Conclusions Inter-domain routing could benefit a lot from cooperation which is hindered by confidentiality requirements We demonstrate this for the case of safe traffic engineering Other cases of inter-domain cooperation – policy safety, resource allocation and intrusion detection: –checking global invariants –computing global functions

Download ppt "1 A Cryptographic Approach to Safe Inter-domain Traffic Engineering Sridhar Machiraju SAHARA Retreat, Summer 2004."

Similar presentations

Impact of Interference on Multi-hop Wireless Network Performance Kamal Jain, Jitu Padhye, Venkat Padmanabhan and Lili Qiu Microsoft Research Redmond.

Impact of Interference on Multi-hop Wireless Network Performance Kamal Jain, Jitu Padhye, Venkat Padmanabhan and Lili Qiu Microsoft Research Redmond.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 Traffic Engineering (TE). 2 Network Congestion Causes of congestion –Lack of network resources –Uneven distribution of traffic caused by current dynamic.

1 Traffic Engineering (TE). 2 Network Congestion Causes of congestion –Lack of network resources –Uneven distribution of traffic caused by current dynamic.
1 EL736 Communications Networks II: Design and Algorithms Class3: Network Design Modeling Yong Liu 09/19/2007.

1 EL736 Communications Networks II: Design and Algorithms Class3: Network Design Modeling Yong Liu 09/19/2007.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
A. Haeberlen Having your Cake and Eating it too: Routing Security with Privacy Protections 1 HotNets-X (November 15, 2011) Alexander Gurney * Andreas Haeberlen.

A. Haeberlen Having your Cake and Eating it too: Routing Security with Privacy Protections 1 HotNets-X (November 15, 2011) Alexander Gurney * Andreas Haeberlen.
1 Internet Path Inflation Xenofontas Dimitropoulos.

1 Internet Path Inflation Xenofontas Dimitropoulos.
Part II: Inter-domain Routing Policies. March 8, 20042 What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!

Part II: Inter-domain Routing Policies. March 8, What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!
Computer Science 6390 – Advanced Computer Networks Dr. Jorge A. Cobb How to provide Inter-domain multicast routing? PIM-SM MSDP MBGP.

Computer Science 6390 – Advanced Computer Networks Dr. Jorge A. Cobb How to provide Inter-domain multicast routing? PIM-SM MSDP MBGP.
Loss and Delay Accountability for the Internet by Presented by:Eric Chan Kai Chen.

Loss and Delay Accountability for the Internet by Presented by:Eric Chan Kai Chen.
1 A survey of Internet Topology Discovery. 2 Outline Motivations Internet topology IP Interface Level Router Level AS Level PoP Level.

1 A survey of Internet Topology Discovery. 2 Outline Motivations Internet topology IP Interface Level Router Level AS Level PoP Level.
Inter-Domain Path Computation in MPLS Authors: Faisal Aslam, Zartash Afzal Uzmi, Adrian Farrel, and Michal Pioro Zartash Afzal Uzmi Department of Computer.

Inter-Domain Path Computation in MPLS Authors: Faisal Aslam, Zartash Afzal Uzmi, Adrian Farrel, and Michal Pioro Zartash Afzal Uzmi Department of Computer.
Traffic Engineering With Traditional IP Routing Protocols

Traffic Engineering With Traditional IP Routing Protocols
1 Tutorial 5 Safe “Peering Backup” Routing With BGP Based on:

1 Tutorial 5 Safe “Peering Backup” Routing With BGP Based on:
Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.

Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.
1 Traffic Engineering for ISP Networks Jennifer Rexford IP Network Management and Performance AT&T Labs - Research; Florham Park, NJ

1 Traffic Engineering for ISP Networks Jennifer Rexford IP Network Management and Performance AT&T Labs - Research; Florham Park, NJ
ASWP – Ad-hoc Routing with Interference Consideration June 28, 2005.

ASWP – Ad-hoc Routing with Interference Consideration June 28, 2005.
Internet Networking Spring 2004 Tutorial 5 Safe “Peering Backup” Routing With BGP.

Internet Networking Spring 2004 Tutorial 5 Safe “Peering Backup” Routing With BGP.
Traffic Engineering in IP Networks Jennifer Rexford Computer Science Department Princeton University; Princeton, NJ

Traffic Engineering in IP Networks Jennifer Rexford Computer Science Department Princeton University; Princeton, NJ
1 Reconciling Confidentiality with Cooperation in Interdomain Routing Sridhar Machiraju SAHARA Retreat, January 2004.

1 Reconciling Confidentiality with Cooperation in Interdomain Routing Sridhar Machiraju SAHARA Retreat, January 2004.

Similar presentations

Ads by Google