RID Implementation Report Toshifumi Kai (kai@trc.mew.co.jp), Akito Nagashima (akito_nagashima@mewe1.mewnet.or.jp), Hiroshige Nakatani (nakatani@trc.mew.co.jp), Naohiro Fukuda (fukuda@trc.mew.co.jp), Shimizu Hiroshi (shimizu@trc.mew.co.jp) Matsushita Electric Works, Ltd. Teruaki Takahashi (c300070@ns.kogakuin.ac.jp), Akira Hashiguchi (akira@cooweb.com), Takayuki Suzuki (t-suzuki@pf6.so-net.ne.jp) Katsuji Tsukamoto (tsukamoto@tsukaken.jp) Kogakuin University
Plan for Test by Mew 2004 Sep 27th – Oct 1st Phase 1 (Finished) … RID system only MEW’s XML format is not same as RID format, No Encryption and Authentication 2004 Nov 1th – Dec 30th Phase 2 (Planned and on Going) …RID with Traceback MEW’s XML format is not same as RID format, No Encryption and Authentication 2005 Jan 1th – Phase 3 (Not Planned Yet) …RID with Traceback Full Implemented system
MEW’s Implementation Status • Renaming Source Found to message result for not found case (-> history area) ‘Message Type 3 with NULL Attacker’s IP’ equal ‘Not Found’ • Notification field for traceback system added for Source Found Message (-> free form text area) It would be necessary for the following cases, if the initiator assigns false negative (FN) traceback and it requires FP, responder assigns false positive (FP), then the traced result may be no meaning for initiator. For example, between different traceback systems (hash traceback and icmp traceback). Also, in the case of caused system down of traceback system, it should be reported by the notification. • MEW’s XML format is not equal for RID’s XML format Implementation is not completed yet and modified for test purpose now. • Encryption and authentication is not implemented yet. Implementation of SSL/XML encryption and authentication using CA remained • Transport protocol is implemented with soap/http/tcp
Simple Test • We setup a very simple test case: star topology and straight chained topology with 7 PCs. • 7 PCs as NMSes and without routers and traceback system between them • We measured the response time until the source found (result) message will send to initiator • NMS and the CPU time when the NMS handle the XML interpretation and SOAP • communication. When it were straight topology, and if AS numbers were 7.
Test Results • Straight Chained Topology: Response time for traceback was 1.6 sec, and Response time for handling SOAP/XML was 0.46 sec for 7 ASes. • Star Topology: Response time for traceback was 0.6 sec, and Response time for handling SOAP/XML was 0.23 sec for 6 ASes. • It will take about 0.1-0.22 sec per AS for handling traceback , 0.038-0.065 sec per AS for handling SOAP/XML , And total response time will be about 0.138-0.285 sec per AS. Note: We assume and feed the tracing time (delay) of inside AS defined as fixed value. First and Middle AS; 0.2sec Attacker’s AS (Final AS); 0.4sec (We plan to test with the real tracing time in next month)
Reference
Spec for NMS • CPU : – Pentium 4 3.0GHz • Memory : – 512MBytes • Network: – Fast Ether (100Base-T) • Transport Protocol: NMS(RID) – TCP + HTTP + Open SOAP (Inter-AS traceback • Inter-AS Traceback Protocol: Software) – RID-mew (modified RID + XML)
Chained AS Topology AS Num Topology V A V Victim 1 A Attacker AS1 V A 4 AS1 AS2 AS3 AS4 V A 7 AS1 AS2 AS3 AS4 AS5 AS6 AS7
Timeline for Chained Trace Start-Tracing Trace Finished Time to Trace Request Result message AS1 Int-AS trace message Request message AS2 Int-AS trace Request t1 message Int-AS trace AS3 t2 AS4 Int-AS trace T=t1+t2+t3+t4 = RID Processing Time ( SOAP Protocol + XML *AS num = 4 Translation ) t3 t4
Chained Results 2 . 5 RID Processing Time ( SOAP Protocol + XML RID Processing Time ( Tracing Time SOAP Translation ) for Total Protocol + XML Translation ) Total Time for tracing Internal AS AS num int-AS 2 1 0.4 0.053916 2 0.6 0.096066 ] c 1 . 5 e 3 0.8 0.189532 s [ e m i 4 1.0 0.252760 T g n i 5 1.2 0.315661 c a 1 r T 6 1.4 0.401333 7 1.6 0.466741 0 . 5 [sec] 0 1 2 3 4 5 6 7 A S N u m b e r s *We assume that the tracing time of inside AS defined as fixed value ( first and middle AS;0.2sec, Attacker’s AS; 0.4sec )
Star AS Topology Num of 1 3 6 Neighbor AS V A A A V AS4 V AS3 AS1 AS1 AS2 A A AS3 AS4 Topology AS2 AS2 AS1 AS3 AS3 A A A A AS2 A A: Attacker V: Victim
Timeline for Star Topology Start Tracing Trace Finished Time for Tracing AS1 Int-AS trace AS2 Int-AS trace Result message AS3 Int-AS trace Request message AS4 Int-AS trace ※ num of neighbor AS was 3
Star Results Tracing Num of Time for RID Processing Time ( 1 . 5 neighbor each Int- SOAP Protocol + XML Translation ) AS AS RID Processing Time ( SOAP Protocol + XML Translation ) 1 0 . 6 0 . 0 9 6 0 6 6 Time for each tracing Internal AS ] 2 0 . 6 0 . 1 5 7 6 9 2 c 1 e s [ e 3 0 . 6 0 . 1 7 7 4 6 9 m i T g 4 0 . 6 0 . 1 8 0 3 9 0 n i c a 0 . 5 r T 5 0 . 6 0 . 2 1 9 4 2 9 6 0 . 6 0 . 2 3 7 4 5 9 0 1 2 3 4 5 6 n u m o f C h i l d A S *We assume that the tracing time of inside AS defined as fixed value ( first and middle AS;0.2sec, Attacker’s AS; 0.4sec )
Recommend
More recommend