Michael Rossberg, Rene Golembewski, Guenter Schaefer Ilmenau University of Technology, Germany ICCCN 2012 Attack-Resistant Distributed Time Synchronization for Virtual Private Networks Overview • Distributed Services for Distributed VPNs • Objectives for Robust Time Synchronization • Approach – Offset Estimation – Synchronization • Evaluation • Conclusion & Outlook M. Rossberg - Attack-Resistant Distributed Time Synchronization for Virtual Private Networks 2
Distributed Services for Distributed VPNs • Large VPNs, >100 end-points Private • For scalable, robust Network operation distributed Private Network configuration Public Private Network Network • But what about the Private Network centralized Private Network management? M. Rossberg - Attack-Resistant Distributed Time Synchronization for Virtual Private Networks 3 Distributed Services for Distributed VPNs • Secure time information available only in some places Private Network • Must be distributed in � the VPN Public Network � Private Network Private • NTP etc. would Network create exposed points M. Rossberg - Attack-Resistant Distributed Time Synchronization for Virtual Private Networks 4
Objectives • Operation in global environment (use no broadcast etc.) • Synchronize internally & externally • Integrity (against internal attackers) • Robustness (jitter, asymmetric paths, perhaps DoS attacks) • Scalability M. Rossberg - Attack-Resistant Distributed Time Synchronization for Virtual Private Networks 5 Approach – Overview • All nodes periodically – Exchange time information – Filter invalid data – Adapt towards measured differences • Note: Also done in some WSN approaches, but do so more robust (as this works in this scenario) M. Rossberg - Attack-Resistant Distributed Time Synchronization for Virtual Private Networks 6
Approach – Offset Estimation • Measure RTT and time over encrypted tunnel • Problem: T 1 and T 2 A B may be different due to: {NA} T1 – Jitter – Queuing Delays – Asymmetric Paths T2 {NA,Timestamp} → Multiple measure- ments to filter out all invalid data we can M. Rossberg - Attack-Resistant Distributed Time Synchronization for Virtual Private Networks 7 Approach – Siegel-Estimators • Estimate RTTs and 0.12 time offsets by linear 0.10 functions • Robust estimation by Measured RTT [s] 0.08 using repeated median 0.06 • Resistant against up to 0.04 50% outliers 0.02 • Slopes indicate “confidence” 0.00 0 1000 2000 3000 4000 5000 Time [s] M. Rossberg - Attack-Resistant Distributed Time Synchronization for Virtual Private Networks 8
Approach – Reducing the History • Longer history → More resistant against short term changes • But – Slower adaptation – More computations required • History thinned out over time using Zipf distribution • Newer values are more emphasized • Old values still have an influence M. Rossberg - Attack-Resistant Distributed Time Synchronization for Virtual Private Networks 9 Synchronization Step • Offset estimates of different partners are aggregated • Weighted median assures bad estimates and outliers have no influence • Dampening assures over compensation M. Rossberg - Attack-Resistant Distributed Time Synchronization for Virtual Private Networks 10
Evaluation – Global operation • Uses unicast only → might work globally • But: What about 0.016 asymmetric paths? 0.014 ! of Node Offsets [s] • Experiment: 0.012 0.010 – 32 runs 0.008 – Internet Delays 0.006 – ɣ -distributed Jitter 0.004 → No significant 0.002 0.000 influence! 0.0 0.2 0.4 0.6 Ratio of Asymmetric Links M. Rossberg - Attack-Resistant Distributed Time Synchronization for Virtual Private Networks 11 Evaluation – Synchronization • Adaptation guaranteed, if and if graph of synchronization partners is – Strongly connected – No sub-graphs exist where all nodes are more connected to the sub-graph than to the outside • Fortunately: This is the case for expander graphs and thus most peer-to- peer systems (Short proof in the paper) M. Rossberg - Attack-Resistant Distributed Time Synchronization for Virtual Private Networks 12
Evaluation – Integrity • Which influence have 9 10% of attackers (in a VPN with 100 8 nodes)? ! of Node Offsets [s] 7 • Attackers try to 6 circumvent filter by gradually increasing 5 reported offsets 4 • Measured ! after 500 3 synchronization steps 2 → Some nodes are 1 pulled away, but as offset increases filter 0 0 5 10 15 20 25 works Attacker Drift [ms/s] M. Rossberg - Attack-Resistant Distributed Time Synchronization for Virtual Private Networks 13 Evaluation – Scalability (I) • How does VPN 0.016 size affect 0.014 synchronization ! of Node Offsets [s] 0.012 precision? 0.010 • Measured ! in 0.008 steady state for 0.006 growing VPN 0.004 size 0.002 → No significant 0.000 25 50 100 200 400 impact! VPN Size M. Rossberg - Attack-Resistant Distributed Time Synchronization for Virtual Private Networks 14
Evaluation – Scalability (II) • How does VPN Required Time Synchronization Steps 400 size affect time 350 to stabilization? 300 • Measured steps 250 until error < 0.1s 200 for growing VPN 150 size 100 → Sub-linear 50 impact despite 0 25 50 100 200 400 logarithmic scale! VPN Size M. Rossberg - Attack-Resistant Distributed Time Synchronization for Virtual Private Networks 15 Conclusion & Outlook • Scalable & robust approach to synchronize clocks in distributed systems • Can be applied always if network graph has expansion properties • Optimizations still possible, e.g.: – Weighting of confidence factors – Blacklisting to avoid adaptive attackers M. Rossberg - Attack-Resistant Distributed Time Synchronization for Virtual Private Networks 16
Thank you for your attention! Michael Rossberg michael.rossberg@tu-ilmenau.de Ilmenau University of Technology Germany M. Rossberg - Attack-Resistant Distributed Time Synchronization for Virtual Private Networks 17
Recommend
More recommend
