interdomain routing decisions
play

Interdomain Routing Decisions Mingchen Zhao * Wenchao Zhou * - PowerPoint PPT Presentation

Private and Verifiable Interdomain Routing Decisions Mingchen Zhao * Wenchao Zhou * Alexander Gurney * Andreas Haeberlen * Micah Sherr + Boon Thau Loo * * University of Pennsylvania + Georgetown University 1 SIGCOMM 2012 (August 16, 2012)


  1. Private and Verifiable Interdomain Routing Decisions Mingchen Zhao * Wenchao Zhou * Alexander Gurney * Andreas Haeberlen * Micah Sherr + Boon Thau Loo * * University of Pennsylvania + Georgetown University 1 SIGCOMM 2012 (August 16, 2012)

  2. SIGCOMM 2012 (August 16, 2012)

  3. SIGCOMM 2012 (August 16, 2012)

  4. SIGCOMM 2012 (August 16, 2012)

  5. SIGCOMM 2012 (August 16, 2012)

  6. SIGCOMM 2012 (August 16, 2012)

  7. SIGCOMM 2012 (August 16, 2012)

  8. SIGCOMM 2012 (August 16, 2012)

  9. SIGCOMM 2012 (August 16, 2012)

  10. SIGCOMM 2012 (August 16, 2012)

  11. SIGCOMM 2012 (August 16, 2012)

  12. SIGCOMM 2012 (August 16, 2012)

  13. Challenge: Privacy Charlie Bob (3+1) hop 5 hop Doris Alice Eliot I do not want to reveal all my routes to Alice! 13 SIGCOMM 2012 (August 16, 2012)

  14. Can we have our cake and eat it too? Privacy Security Security S-BGP, soBGP, psBGP, NetReview , … 14 SIGCOMM 2012 (August 16, 2012)

  15. Goals Security: If Bob breaks his promise, Alice • will detect it. Privacy: Verification does not reveal more • information than BGP. Evidence: If Bob breaks his promise, Alice • can prove it. Accuracy: If Bob does not break his • promise, nobody can prove he did. 15 SIGCOMM 2012 (August 16, 2012)

  16. SIGCOMM 2012 (August 16, 2012)

  17. SIGCOMM 2012 (August 16, 2012)

  18. SIGCOMM 2012 (August 16, 2012)

  19. Outline • Motivation • Goal: Verify promises about routing decisions • Challenge: Privacy • The SPIDeR system • Evaluation • Summary 19 SIGCOMM 2012 (August 16, 2012)

  20. SIGCOMM 2012 (August 16, 2012)

  21. SIGCOMM 2012 (August 16, 2012)

  22. SIGCOMM 2012 (August 16, 2012)

  23. SIGCOMM 2012 (August 16, 2012)

  24. SIGCOMM 2012 (August 16, 2012)

  25. Background: Merkle Hash Tree • Merkle Tree Path to the root Commitment Hash Hash Hash Hash Hash Hash Hash Hash Hash Hash Hash Hash b 1 b 2 b 3 b 2 b 4 Proof that the second value is b 2 Values Reveals nothing about b 1 , b 3 , b 4 ! 25 SIGCOMM 2012 (August 16, 2012)

  26. SIGCOMM 2012 (August 16, 2012)

  27. SIGCOMM 2012 (August 16, 2012)

  28. SIGCOMM 2012 (August 16, 2012)

  29. SIGCOMM 2012 (August 16, 2012)

  30. SIGCOMM 2012 (August 16, 2012)

  31. SIGCOMM 2012 (August 16, 2012)

  32. SIGCOMM 2012 (August 16, 2012)

  33. SIGCOMM 2012 (August 16, 2012)

  34. SIGCOMM 2012 (August 16, 2012)

  35. SIGCOMM 2012 (August 16, 2012)

  36. Making SPIDeR practical So far: We can verify promises about a single • prefix and a single decision • We have a protocol • It meets all four goals • We proved the correctness (in a TR) • Guarantees hold even if an AS is malicious Practical issues • Multiple prefixes , temporal privacy, loose • synchronization, logging system, withdrawals, incremental deployment Loose synchronization, Logging sys 36 SIGCOMM 2012 (August 16, 2012)

  37. Multi-Prefix: Additional Challenges • 37 SIGCOMM 2012 (August 16, 2012)

  38. SIGCOMM 2012 (August 16, 2012)

  39. SIGCOMM 2012 (August 16, 2012)

  40. Outline • Motivation • The SPIDeR system • Single prefix • Practical Challenges • Evaluation • Functionality check • Microbenchmarks • Overhead • Summary 40 SIGCOMM 2012 (August 16, 2012)

  41. Evaluation: Microbenchmarks An important metric is how fast we can • make hash trees. • How quickly can we capture transient routing configuration problems? Experiment: generate a tree for a full BGP • routing table on Dell PowerEdge 860. • Result: 17.4s (with three cores) • Scales almost linearly with the number of cores 41 SIGCOMM 2012 (August 16, 2012)

  42. Evaluation: Experimental Overhead Data Collected Small AS topology with Quagga routers • Injected a RouteViews trace • AS 5’s SPIDeR ran on a single machine • 42 SIGCOMM 2012 (August 16, 2012)

  43. Evaluation: Overhead Computation • • 2.4 GHz core: 81.3% utilized • Commodity workstation is sufficient Bandwidth • • Signatures etc.: 20.8kbps • Verifying 1% of commitments per minute: 3.0Mbps • On the order of a single DSL upstream link Storage • • Keeping 1 year’s worth of logs: 145.7GB • Fits on a commodity hard drive 43 SIGCOMM 2012 (August 16, 2012)

  44. Evaluation: Overhead Computation • • 2.4 GHz core: 81.3% utilized • Commodity workstation is sufficient Bandwidth • • A small AS could run SPIDeR on a single • Signatures etc.: 20.8kbps machine • Verifying 1% of commitments per minute: 3.0Mbps • On the order of a single DSL upstream link Storage • • Keeping 1 year’s worth of logs: 145.7GB • Fits on a commodity hard drive 44 SIGCOMM 2012 (August 16, 2012)

  45. Summary • Goal: Verify promises about interdomain routing decisions • Problem: Offer both security and privacy • Solution: Collaborative verification • Implemented in the SPIDeR system • Provable security and privacy guarantees • Efficient enough to run on a single commodity workstation More information: http://snp.cis.upenn.edu/ 45 SIGCOMM 2012 (August 16, 2012)

Recommend


More recommend