Highly Secure and Efficient Routing

1
Highly Secure and Efficient Routing

• Ioannis Avramopulos, Hisashi Kobayashi
  Randolph Wang Arvind Krishamurthy
• Dept. of EE
  Dept. of CS
  Dept. of CS
• 
  Princeton University
  Yale University

Presentation Huan He
2
Contents

• The routing protocol
• How the protocol defend adversary
• Summary

3
Network Failures

• Simple
• one where some network component( one or more
  nodes) simply become inoperative
• Byzantine
• In Byzantine failure, a component becomes
  faulty and yet continues to operate( incorrectly)

4
The Routing Protocol

• This routing protocol is a routing protocol with
  Byzantine robustness and detection

5
The Routing protocol

• Basic Idea
• Specific mechanisms
• Authentication
• Route Selection
• Reserved Buffers, Timeouts, and Sequence Numbers

6
Some definition

• What is a faulty node?
• --Does not follow the protocol
• --Can be impersonated by another node
• What is a faulty link?
• --Drops packet
• --Is incident to a faulty node
• If a link is detected to be faulty, one or more
  of following is true
• --The upstream router is faulty
• --The link is faulty
• --the downstream router is faulty

7
The Routing protocol

• Basic Idea
• Specific mechanisms
• Authentication
• Route Selection
• Reserved Buffers, Timeouts, and Sequence Numbers

8
Basic IdeaPacket Forwarding with Fault Detection

• Source Routing
• Destination acknowledgements
• Timeouts( to receive ACK or FA from destination)
• Fault Announcements( FA)

9
Basic IdeaA Simple Example

Route(S,2,M,6,D)
D

Route(S,3,M,6,D)
5
6
4
Route(S,1,4,5,D)
M


2
1
3
S
10
Basic IdeaMore

• We also need more following mechanisms to provide
  Byzatine robustness
• Data and control packet authentication
• A-priori reserved buffers
• Monotonically increasing non-wrapping sequence
  numbers
• Round-robin scheduling of packet transmission
• Calculation of appropriate time out values

11
Basic Idea

• None of the individual mechanisms of the basic
  protocol described in here is novel, it is the
  combination of them that delivers the desired
  robustness and efficiency

12
The Routing protocol

• Basic Idea
• Specific mechanisms
• Authentication
• Reserved Buffers, Timeouts, and Sequence Numbers
• Route Selection

13
Authentication

• Authentication of Data Packets
• --Safeguards against modification
• --Ensures that allocated resources( namely,
  reserved buffers)
• Authentication of Control packets
• --Prevents malicious nodes from forging ACKs
  and FAs on behalf of non- faulty nodes
• Performance of Authentication mechanism is
  crucial
• As authentication must be performed for each
  packet at each node and the speed of
  authentication may bound the effective link
  bandwidth.

14
Authentication

• Digital signature
• --Most straightforward authentication mechanism
• --Poor performance

15
Authentication

• The multicast authentication construction of
  Canetti
• MACdf(Keysd)
• MAC( Message Authentication code)
• Limitatione
• Vulnerable to an adversary that tampers with
  only a subset of the authentication tags( when
  used to secure data packet forwarding)

16
Authentication

• Tesla
• --A broadcast authentication protocol that
  relies on loose clock synchronization and delayed
  key disclosure
• --limitations
• 1.Delayed authentication is vulnerable to a
  DoS attack
• 2.Nodes will have no recent enough Tesla
  keys to efficiently authenticate newly released
  keys when two nodes not communicated securely for
  a substantial period of time (For Tesla keys is
  periodic flooding )

17
Authentication

• MACs based on pairwise secret keys
• Given a path lts,,ni , ni1 ,tgt, the
  computation of the MAC for node ni receives as
  input both the message and the MACs for nodes
  ni1,,t MACs are therefore computed sequentially
  from destination to the first intermediate node.

18
Authentication

• MACs based on pairwise secret keys

S
N1
N2
N3
T
MACSTF KeyST, PKTST
S
N1
N2
N3
T
MACSN3F KeySN3, MACST, PKTSN3
19
Authentication

• MACs based on pairwise secret keys
• --Prevent malicious router trigger an FA for a
  non-faulty link
• --Performance is good
• For 1500B packets, the upper bound on link
  bandwidth is 50Mbps using this authentication,
  while the bound on link bandwidth becomes less
  than 2Mbps using digital signature.

20
Authentication

• MACs based on pairwise secret keys
• The same structure is used for data packets,
  ACKs, and FAs.
• If this structure is used for ACKs and FAs,
  then it gives the adversary the advantage to
  discredit link in the path between the source and
  the adversarial router

?
?
21
The Routing Protocol

• Basic Idea
• Specific mechanisms
• Authentication
• Reserved Buffers, Timeouts, and Sequence Numbers
• Route Selection

22
Reserved Buffers, Timeouts, and sequence Numbers

• Problem
• Routers may drop packets due to congestion
• Malicious nodes can incur congestion by
  overwhelming the network with their own packets,
  so it is desirable to be able to deliver packets
  despite the presence of such malicious sources
• For congestion is not inherently a network fault,
  it is desirable to be able to disassociate fault
  announcements with congestion,

23
Reserved Buffers, Timeouts, and Sequence Numbers

• Solution
• Priori Buffer reservation
• --Ensure that packets are never dropped
  because of congestion
• Round-Robin scheduling
• --Minimize the interference between sources
• Timeouts equal to the worst case RTT to the
  destination
• --Attempt to ensure that FAs are not
  triggered because of congestion
• Sequence Number and limitation Window
• --Detecting and dropping illegitimate packets
  that are due to either replays or faulty sources
• Fault announcements should only be relevant to
  the source of the packet that triggered the
  announcement

24
The Routing Protocol

• Basic Idea
• Specific mechanisms
• Authentication
• Reserved Buffers, Timeouts, and Sequence Numbers
• Route Selection

25
Route Selection

• Shortest path algorithm
• Route Selection Utilizes
• A topological map
• Fault announcements
• Buffer available to this source at each link
• Link bandwidth
• Prefix spans

26
Route Selection

• Specifically
• The links corresponding to valid fault
  announcements are deleted from the topological
  map of the sauce
• Links that lack available buffers for this source
  due to currently outstanding packets are
  temporarily deleted from topological map

27
Route Selection

• Prefix Spans
• The use of Prefix Spans is clearly desirable for
  maximizing the throughput of packets sent through
  a link
• Trade-off is it prevents certain link from being
  used by sources that are far away from the link,
  thereby reducing the number of usable paths in
  the system.

Path Length
Bandwidth
Number Of Usable paths
Prefix Spans
28
Route Selection

• Shortest path algorithm
• Based on the Bellman-Ford shortest path
  algorithm that calculates shortest paths in a
  network where the links have different bandwidths
  and prefix spans.
• The complexity of the algorithm is O(HE) given
  G(V,E)
• Hmaximum prefix span over all edges

29
Contents

• The routing protocol
• How the protocol defend adversary
• Summary

30
Adversary

• The protocol is designed to withstand adversary
  attack so that it can continue to deliver packets
  as long as a none faulty path exists.

31
Adversary

• Adversary can create spurious unauthenticated
  traffic try to block authenticated traffic at
  non-faulty routers
• This protocol require authentication to work at
  line speed

• Adversary can create spurious authenticated
  traffic, try to block authenticated traffic from
  non-faulty sources at non-faulty routers
• Non-faulty sources are ensure buffers and link
  bandwidth

32
Adversary

• Adversary can replay authenticated traffic that
  has originated from other non-faulty sources, try
  to pending authenticated traffic from non-faulty
  sources
• The authenticated traffic from non-faulty sources
  carries sequence numbers that are larger than
  those of replayed traffic and priority is given
  to packets with larger sequence number

• Adversary can mis-route packets
• Mis-routed packets are dropped at the next
  non-faulty router, if the router does not appear
  in the source-specified path

33
Adversary

• Adversary can modify packets
• Modifying the content protected by the
  authentication tag is equivalent to dropping the
  corresponding packet.
• Modifying the MACs of upstream routers has no
  effect, since those MACs are not further
  utilized.
• Modifying the MACs of downstream routers is
  equivalent to dropping the corresponding packet.

?
34
Adversary

• Adversary can drop packets
• Timeout at intermediate nodes pinpoint the
  location of faults.
• This implies the protocols Byzantine robustness,
  is argued by the following theorem a packet
  transmission from a non-faulty source will
  resulty in either the reception of a destination
  acknowledgement or the deletion of a faulty link
  at the deletion of a faulty link at the sources
  topological map

35
Contents

• Our routing protocol
• How the protocol defend adversary
• Summary

36
Summary

• The protocol can be seen as a combination of
  several components. While none of these is novel
  by itself, it is the integration of them that is
  crucial for the correctness and efficiency of the
  protocol

37
Summary

• These components are
• Source routing
• Destination acknowledgements
• Timeouts
• Fault announcements
• Authentication
• Reserved Buffer
• Sequence Numbers
• Round-Robin scheduling

38
Thank You!