Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
distillation codes and dos resistant multicast

Distillation Codes and DOS Resistant Multicast Prepared for CS 624 - PowerPoint PPT Presentation

Dec 01, 2022 •91 likes •969 views

Distillation Codes and DOS Resistant Multicast Prepared for CS 624 Fabian Monrose Johns Hopkins University Ryan Gardner Multicast Overview Server Router Client Client Client Multicast Overview Multicast enabled routers

  1. Distillation Codes and DOS Resistant Multicast Prepared for CS 624 – Fabian Monrose Johns Hopkins University Ryan Gardner

  2. Multicast Overview Server Router Client Client Client

  3. Multicast Overview • Multicast enabled routers • 224.0.0.0 - 239.255.255.255 (class D) • IGMP (Internet Group Management Protocol) • Subscribe to groups and unsubscribe

  4. Applications • Interactive applications – Teleconferencing – Video conferencing • Information broadcasts – News – Stocks • Updates – Software – Viruses

  5. Challenges • Authenticity • Malicious users • Tolerate packet loss • Minimal delay • (DoS attacks)

  6. Outline • Three naive solutions • Brief summary of related work • Efficient Multicast Stream Authentication using Erasure Codes • Distillation codes • Conclusion

  7. Naive Solution 1 Symmetric Authentication Review of MAC MAC K a,b Alice Bob K a,b K a,b Examples • hmac (sha1, md5) • umac • cbc mac (aes, 3des)

  8. Naive Solution 1 Symmetric Authentication Server K s,g MAC K s,g Router Client Client Client K s,g K s,g K s,g

  9. Naive Solution 1 Symmetric Authentication • Pros – Fast – Low space overhead – Virtually no delay – Simple • Cons – Any member of the group can “authenticate packets”

  10. Naive Solution 2 Sign Every Packet Review of Signature Sig A Alice Bob K priv_A K pub_A (K pub_A ) Examples • RSA-1024 (2048, etc.) • DSA • IBE short signatures

  11. Naive Solution 2 Sign Every Packet Server K priv_S Sig S Router Client Client Client K pub_S K pub_S K pub_S

  12. Naive Solution 2 Sign Every Packet • Pros – Guarantees authenticity – Perfect loss tolerance – Almost no delay • Cons – Computationally expensive for sender and receiver – High bandwidth overhead

  13. Naive Solution 3 Basic Signature Amortization Server P 1 K priv_S P 2 . . . P n Router Sig S (P 1 ,…P n ) Client Client Client K pub_S K pub_S K pub_S

  14. Naive Solution 3 Basic Signature Amortization • Pros – Unforgeable – Low computational cost – Low bandwidth overhead • Cons – No packet loss tolerance – Delay at receiver

  15. Outline • Three naive solutions • Brief summary of related work • Efficient Multicast Stream Authentication using Erasure Codes • Distillation codes • Conclusion

  16. Related Work • “Asymmetric MACs” – TESLA [12,13] – Biba “signature” [11] • Signature amortization…

  17. Signature Amortization • Signature generations are expensive • Boneh, Durfee, and Franklin showed can’t use MACs entirely… [2] • Break single signature into multiple packets • Fundamental issues – Packet loss – Maliciously inserted packets (DoS) • Some work done – Accumulators [16] – Erasure Codes [9,10]

  18. How to Sign Digital Streams [4] CRYPTO ‘97 • Objectives – Stream signing (not necessarily multicast) – Authenticity – Non-repudiation (even for partial streams) – Inexpensive – Low delay • General approach – Authentication chain bootstrapped with signature

  19. How to Sign Digital Streams . . . Packet 3 h(p 4 ) Packet 2 h(p 3 ) Packet 1 h(p 2 ) Signature h(p 1 )

  20. How to Sign Digital Streams • Pros – Simple – Low computation (single signature) – Low overhead – Authenticity – Non-repudiation (even for partial streams) – Low delay (if packets are sent at high frequency) • Cons – No loss tolerance

  21. Digital Signatures for Flows and Multicasts [16] IEEE/ACM Transactions on Networking 1999 • Objectives – Authenticity – “High” signing and verification rates – Loss tolerant – Non-repudiation – Inexpensive – Low delay • General approach – Create a common signature for blocks of packets – Self authenticating packets

  22. Digital Signatures for Flows and Multicasts Star Chaining Packet formation h(p 1 ) (per block) Appended to every Signature packet Packet 1 Packet 2 Packet 3 . . . Send Packet 1 Signature Packet 1 Signature Packet 1 Signature

  23. Digital Signatures for Flows and Multicasts Star Chaining Packet authentication Cached digests h(p i ) block 1 Signature Packet i block 2 from block j block 4

  24. Digital Signatures for Flows and Multicasts • Pros – Authenticity – “High” signing and verification rates – Perfect loss tolerance – Non-repudiation • Cons – Small sender delay – Extremely high bandwidth overhead

  25. Summary of Related Work • Still significant deficiencies – No loss tolerance – Extremely high bandwidth overhead – Vulnerable to DoS attacks • Computational • Memory exhaustion

  26. Outline • Three naive solutions • Brief summary of related work • Efficient Multicast Stream Authentication using Erasure Codes • Distillation codes • Conclusion

  27. Efficient Multicast Stream Authentication using Erasure Codes [10] ACM Transactions on Information and Systems Security 2003 • Objectives – Ensure authenticity (non-repudiation) – Robustness to packet loss – Minimal overhead & delay – Robust against en route packet modification or insertion of small number of bogus packets • General approach – Amortize a signature over several packets using erasure codes

  28. Erasure Codes • Sender – Take m objects (the original data) and creates n “erasure encoded objects” • Receiver – Needs any m of the n objects sent, and can reconstruct “erasure decode” the original data • Space optimal

  29. Information Dispersal Algorithm (IDA) [14] • Basics – Create an n row matrix A such that any m of the n rows are linearly independent – Multiply that by our data – On receipt of m chunks, grab the corresponding m rows of A, A’ – Multiply received data by A’ -1 • Kevin will cover… • Pretty light computationally – One matrix multiplication at each end (matrix inversion at receiver) – O( n 2 ) encode – O( m 2 ) decode

  30. Signature Amortization using IDA - Description Break a stream up into blocks P 1,1 P 1,2 P 1,m P 2,1 P 2,2 P 2,m P 3,1 P 3,2 P 3,m P 4,1 . . . . . . . . .

  31. Signature Amortization using IDA For each block P 1 P 2 P n . . . h F . . . Packet digest F = h(P 1 )|| h(P 2 )|| … ||h(P n )

  32. Signature Amortization using IDA Erasure encode F using IDA Packet digest F . . . 1 2 m (broken into m chucks) IDA Erasure Encode . . . Encoded packet digest c 1 c 2 c 3 c 4 c n

  33. Signature Amortization using IDA F . . . Packet digest 1 2 m Sign F h h(F) sign(K priv ) sig K_priv (F) (m symbols) Erasure IDA Erasure Encode Encode Signature . . . Encoded signature ! 1 ! 2 ! 3 ! 4 ! n

  34. Signature Amortization using IDA Form each packet P 1 P 2 P n . . . . . . P i c 1 c 2 c 3 c 4 c n c i ! i . . . ! 1 ! 2 ! 3 ! 4 ! n

  35. Signature Amortization using IDA Reconstruction P i Need m packets: c i ! i . . . c 1 c 2 c m . . . ! 1 ! 2 ! m IDA Erasure Decode IDA Erasure Decode F = h(P 1 )|| h(P 2 )|| … ||h(P n ) Packet Digest sig K_priv (F) digest signature

  36. Signature Amortization using IDA Verification h(F) Packet h F = h(P 1 )|| h(P 2 )|| … ||h(P n ) digest y/n Signature Verify Digest sig K_priv (F) signature For each packet P i , verify: F = h(P 1 )|| h(P 2 )|| … ||h(P n ) P i extract compute hash = h(P i ) h(P i )

  37. Delays • Sender – Must append information to n packets before sending • Receiver – Must receive m packets to authenticate and use – (Frequently, all m packets should arrive approximately at the same time) • Consequences – Approximate additional delay of the time span of each block – For minimal delay, we need smaller block size

  38. Practical Costs - Computation Operations possible per Computational costs per block second Sender Receiver Pentium 2.4 GHz Erasure 1 0 2,755 encodes Erasure 0 1 3,700 decodes 25 RSA-1024 1 0 signature generations RSA-1024 0 1 1,170 signature verifications We can send approximately one block every 40 ms.

  39. Acceptable Delay The International Telecommunications Union – Telecommunications Standardization Sector states the following maximum end to end transmission times that they consider “allowable” with echo control. (Recommendation G.114) [5] Delay Acceptability. acceptable to most 0 - 150 ms user application. acceptable when the 150 - 400 ms impact on quality is aware of. 400 ms unacceptable

  40. Practical Costs - Bandwidth Given: n/m = 1.5 using RSA-1024 20 byte SHA-1 hash blocks of 64 packets (unencoded) of size 1024 bytes (65536 bytes total) Bandwidth overhead = 2112 bytes per block 3.2% Conclusion: Costs are extremely reasonable in the simple case.

  41. Authentication Probability • Burst losses are an important part of their analysis • 2 models – 2 state Markov chain model (2-MC) – “Biased coin toss”

  42. 2 State Markov Chain Model (2-MC) p 1,0 p 0,0 p 1,1 Packet arrives Packet lost p 0,1 used: ! 0 = 0.8 " = 8

  43. Biased Coin Toss Model q q q 1-q 1-q 1-q 1-q 1-q Packet Packet Packet Packet . . . arrives lost lost lost 1 2 b

Recommend

Distillation Codes and DOS Resistant Multicast Moderation Prepared for CS 624 Fabian Monrose

Distillation Codes and DOS Resistant Multicast Moderation Prepared for CS 624 Fabian Monrose

Distillation Codes and DOS Resistant Multicast Moderation Prepared for CS 624 Fabian Monrose Johns Hopkins University Kevin Snow & Ryan Gardner Recall We showed how distillation codes broke received packets into partitions to reduce

303 views • 26 slides
Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance

Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance

Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance Vector Multicast Routing Protocol (DVMRP) Last Modified: Core Based Trees (CBT) Protocol Independent Multicast (PIM) 4/9/2003 1:15:00 PM

627 views • 12 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.121 / Fall-04 / RKa, NB Multicast2-1 Multicast in local area networks

623 views • 24 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.121 / S-03 / RKa, NB Multicast2-1 Multicast in local area networks

533 views • 26 slides
Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode

Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode

Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode Source Tree, Shared Tree Reliable Multicast Polly Huang Whiteboard, File Transfer AT&T Labs Research huang@catarina.usc.edu

510 views • 6 slides
IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to

IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to

IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to many propagation of data Uses of multicast Financial data IPTV Gaming T ypes of multicast Any-source multicast (ASM)

299 views • 17 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.2121 / Fall-2007 / RKa, NB Multicast2-1 Multicast in local area networks

493 views • 25 slides
Early DoS and Worms Examples of recent worms and DoS attacks Slammer Worm Shaft DoS attack

Early DoS and Worms Examples of recent worms and DoS attacks Slammer Worm Shaft DoS attack

Outline Introduction to worms Potential damage that *could* be caused (theoretical) Early DoS and Worms Examples of recent worms and DoS attacks Slammer Worm Shaft DoS attack Ben Wilde Mstream DoS attack 7 February, 2005

725 views • 14 slides
Application Layer Multicast Instructor: Hamid R. Rabiee Spring 2012 Outline Introduction

Application Layer Multicast Instructor: Hamid R. Rabiee Spring 2012 Outline Introduction

Application Layer Multicast Instructor: Hamid R. Rabiee Spring 2012 Outline Introduction IP Multicast vs. Application-Layer Multicast Limitations of IP Multicast Deployment level in ALM Multicast Tree Formation Tree-first

521 views • 39 slides
Multicast Control Multicast Control Protocol (MCOP) Protocol (MCOP)

Multicast Control Multicast Control Protocol (MCOP) Protocol (MCOP)

Multicast Control Multicast Control Protocol (MCOP) Protocol (MCOP) draft-lehtonen-magma-mcop-01.txt draft-lehtonen-magma-mcop-01.txt Multicast & Anycast Group Multicast & Anycast Group Membership WG Membership WG 55th IETF

472 views • 7 slides
Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture

Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture

Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture Damage 1 Balanced Mix Design: ETG Definition Asphalt mix design using performance tests on appropriately conditioned specimens that address

481 views • 46 slides
Complex distillation systems. Theory and models. Pio Aguirre INGAR Santa Fe-Argentina Outline

Complex distillation systems. Theory and models. Pio Aguirre INGAR Santa Fe-Argentina Outline

Complex distillation systems. Theory and models. Pio Aguirre INGAR Santa Fe-Argentina Outline 1.- Introduction. 2.- Theory in simple columns design. 3.- Reversible distillation columns and sequences. 4.- Optimal synthesis distillation

725 views • 59 slides
Internet Architecture WG : DoS-resistant Internet Subgroup Report Mark Handley University

Internet Architecture WG : DoS-resistant Internet Subgroup Report Mark Handley University

Internet Architecture WG : DoS-resistant Internet Subgroup Report Mark Handley University College London DoS-Resistant Internet Working Group Initial meeting held January 27th in London: The objective of the initial meeting is to share

316 views • 27 slides
Effective Topic Distillation Effective Topic Distillation with Key Resource Pre- -selection

Effective Topic Distillation Effective Topic Distillation with Key Resource Pre- -selection

Effective Topic Distillation Effective Topic Distillation with Key Resource Pre- -selection selection with Key Resource Pre Yiqun Liu, Min Zhang and Shaoping Ma State Key Lab of Intelligent Tech. & Sys. Tsinghua University, Beijing,

271 views • 22 slides
Distillation. Optimal operation using simple control structures Sigurd Skogestad, NTNU, Trondheim

Distillation. Optimal operation using simple control structures Sigurd Skogestad, NTNU, Trondheim

Distillation. Optimal operation using simple control structures Sigurd Skogestad, NTNU, Trondheim EFCE Working Group on Separations, Gteborg, Sweden, June 2019 Distillation is part of the future 1. Its a myth that distillation is bad in

656 views • 53 slides
Multicast Mobility Rajeev Koodli Problem Space Multicast data reception and transmission is

Multicast Mobility Rajeev Koodli Problem Space Multicast data reception and transmission is

Multicast Mobility Rajeev Koodli Problem Space Multicast data reception and transmission is not guaranteed without explicit signaling synchronized with mobility What specific actions are needed to ensure: Continued multicast data

235 views • 5 slides
This study examines a sample scope for learning using technology as a platform for preschoolers.

This study examines a sample scope for learning using technology as a platform for preschoolers.

This study examines a sample scope for learning using technology as a platform for preschoolers. Partnering with IDA who provided the technology, we began a 3 month pilot study with the Kindergarten classes (K1 and K2) during Term 1, 2015.

702 views • 34 slides
PhD Defense Symbolic Proofs of Computational Indistinguishability Adrien Koutsos Thse

PhD Defense Symbolic Proofs of Computational Indistinguishability Adrien Koutsos Thse

PhD Defense Symbolic Proofs of Computational Indistinguishability Adrien Koutsos Thse prpare au sein du LSV, ENS Paris-Saclay September 27, 2019 Introduction Motivation Security Protocols Distributed programs which aim at providing some

1.55k views • 142 slides
When Virtual Hell Freezes Over- Reversing C++ Code <3 Gal Zaban @0xgalz id;whoami Gal

When Virtual Hell Freezes Over- Reversing C++ Code <3 Gal Zaban @0xgalz id;whoami Gal

When Virtual Hell Freezes Over- Reversing C++ Code <3 Gal Zaban @0xgalz id;whoami Gal Zaban Reverse Engineer Security Researcher at Viral Security Group In my spare-time I like sewing This is my own private research

924 views • 56 slides
Making the Case & Expanding Opportunities March 18, 2015 Photo Credit: Nebraska is Home

Making the Case & Expanding Opportunities March 18, 2015 Photo Credit: Nebraska is Home

Refugee Economic Contributions: Making the Case & Expanding Opportunities March 18, 2015 Photo Credit: Nebraska is Home Fostering Community Engagement and Welcoming Communities is supported by the Office of Refugee Resettlement

843 views • 62 slides
Computer Security Cunsheng DING, HKUST COMP4631 Dr. Cunsheng DING Computer Security

Computer Security Cunsheng DING, HKUST COMP4631 Dr. Cunsheng DING Computer Security

Dr. Cunsheng DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 Dr. Cunsheng DING Computer Security HKUST, Hong Kong Lecture 12: Key Distribution Protocols Outline of this Lecture 1.

181 views • 15 slides
Energy Efficiency in Data Centers Through Optimized operations Eswar Viswanathan Director

Energy Efficiency in Data Centers Through Optimized operations Eswar Viswanathan Director

Energy Efficiency in Data Centers Through Optimized operations Eswar Viswanathan Director Data Center Lifecycle Services International Secure Power Division Confidential Property of Schneider Electric | Our technologies ensure that

457 views • 19 slides
An Algorithm better than AO*? Blai Bonet Universidad Sim on Bol var Caracas, Venezuela

An Algorithm better than AO*? Blai Bonet Universidad Sim on Bol var Caracas, Venezuela

An Algorithm better than AO*? Blai Bonet Universidad Sim on Bol var Caracas, Venezuela H ector Geffner ICREA and Universitat Pompeu Fabra Barcelona, Spain 7/2005 An Algorithm Better than AO*? B. Bonet and H. Geffner; 7/05 1

662 views • 14 slides
An Invitation to Homotopy Type Theory Tingxiang Zou Type Theory Formal Systems: Churchs

An Invitation to Homotopy Type Theory Tingxiang Zou Type Theory Formal Systems: Churchs

An Invitation to Homotopy Type Theory Tingxiang Zou Type Theory Formal Systems: Churchs simply typed lambda calculus (1940); Martin L ofs dependent type theory (1971-1984) Origin: Russells theory of types The world is

849 views • 12 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.