using off path and on path signaling for internet security
play

Using Off-Path and On-Path Signaling for Internet Security Saikat - PowerPoint PPT Presentation

Mar 31, 2024 •480 likes •651 views

Using Off-Path and On-Path Signaling for Internet Security Saikat Guha, Paul Francis Cornell University IETF 66 Off-path BoF Guha and Francis Using Off-path and On-Path Signaling for Internet Security Architecture Default-Off Data-Path

  1. Using Off-Path and On-Path Signaling for Internet Security Saikat Guha, Paul Francis Cornell University IETF 66 Off-path BoF Guha and Francis Using Off-path and On-Path Signaling for Internet Security

  2. Architecture ◮ Default-Off Data-Path ◮ Turned “on” after off-path negotiation ◮ Default-On Off-Path Signaling ◮ Rate-limited ◮ Mediated by intermediaries ◮ Heavily Secured ◮ On-Path Signaling ◮ Coupled Off-Path negotiation with Data-Path Guha and Francis Using Off-path and On-Path Signaling for Internet Security

  3. Network Elements g policy.cornell.edu policy.cs.cornell.edu Internet Cornell CS alice@cornell.edu Guha and Francis Using Off-path and On-Path Signaling for Internet Security

  4. Discover P-Box g policy.cornell.edu policy.cs.cornell.edu Cornell CS alice@cornell.edu Guha and Francis Using Off-path and On-Path Signaling for Internet Security

  5. Register Off-path policy.cornell.edu policy.cs.cornell.edu REGISTER alice@cornell.edu Cornell CS app = vncserver location = office ... alice@cornell.edu Guha and Francis Using Off-path and On-Path Signaling for Internet Security

  6. Request Data-Path policy.cornell.edu policy.cs.cornell.edu INVITE To: alice@cornell.edu; app=vncserver Cornell CS From: bob@acme.com; app=vncviewer alice@cornell.edu bob@acme.com Guha and Francis Using Off-path and On-Path Signaling for Internet Security

  7. Data-Path with Keys policy.cornell.edu policy.cs.cornell.edu OK 128.84.223.110:4111 Key-saikat: 123ABC Key-cs: 456DEF Cornell CS Key-cornell: 789012 Encryption: ssl alice@cornell.edu bob@acme.com Guha and Francis Using Off-path and On-Path Signaling for Internet Security

  8. Authorized Data g policy.cornell.edu policy.cs.cornell.edu DATA <xyz> Auth-saikat: (123ABC) Auth-cs: (456DEF) Cornell CS Auth-cornell: (789012) alice@cornell.edu bob@acme.com Guha and Francis Using Off-path and On-Path Signaling for Internet Security

  9. Network Elements g Off-path ◮ Policy ◮ Presence ◮ Messaging policy.cornell.edu policy.cs.cornell.edu Internet Cornell CS On-Path alice@cornell.edu ◮ Firewall ◮ TURN Relay ◮ Auditor Guha and Francis Using Off-path and On-Path Signaling for Internet Security

  10. Discover P-Box g P-Box Discovery ◮ Static policy.cornell.edu policy.cs.cornell.edu ◮ DHCP (at boot) Cornell CS ◮ Off-Path Query alice@cornell.edu ◮ On-Path Query Guha and Francis Using Off-path and On-Path Signaling for Internet Security

  11. Register Off-path Authenticate ◮ User, Domain ◮ Application ◮ Location policy.cornell.edu policy.cs.cornell.edu REGISTER alice@cornell.edu Cornell CS app = vncserver location = office Mechanism ... alice@cornell.edu ◮ Certificates ◮ Trusted Computing Guha and Francis Using Off-path and On-Path Signaling for Internet Security

  12. Request Data-Path Request policy.cornell.edu ◮ Authentication policy.cs.cornell.edu INVITE To: alice@cornell.edu; app=vncserver Cornell CS ◮ Off-Path DoS From: bob@acme.com; app=vncviewer alice@cornell.edu ◮ Off-Path MitM bob@acme.com Guha and Francis Using Off-path and On-Path Signaling for Internet Security

  13. Data-Path with Keys Response Token ◮ Contents ◮ IP:port policy.cornell.edu policy.cs.cornell.edu OK 128.84.223.110:4111 ◮ Firewall Key Key-saikat: 123ABC Key-cs: 456DEF CS Cornell Key-cornell: 789012 ◮ # bytes Encryption: ssl ◮ Time valid alice@cornell.edu bob@acme.com ◮ Replay Attack Guha and Francis Using Off-path and On-Path Signaling for Internet Security

  14. Authorized Data g On-Path Signaling policy.cornell.edu policy.cs.cornell.edu DATA <xyz> ◮ Out-of-Band (NSIS) Auth-saikat: (123ABC) Auth-cs: (456DEF) CS Cornell Auth-cornell: (789012) ◮ In-Band (framing) alice@cornell.edu bob@acme.com Guha and Francis Using Off-path and On-Path Signaling for Internet Security

  15. Implementation ◮ P-Box: SER SIP Proxy, static policy rules ◮ P-Box Discovery: Static Configuration ◮ Registration: SIP REGISTER (with user authorization) ◮ Rendezvous: SIP INVITE (with SDP) ◮ Response: 200 OK (with SDP, local address, STUN addresses, TURN address and TURN server authorization key) ◮ Data-Path: In-band (framing inside TCP), TURN path must include authorization Callflows at: nutss.net/bof/cf.txt Guha and Francis Using Off-path and On-Path Signaling for Internet Security

Recommend

Preferred Path Routing ( PPR ) Graphs Beyond Signaling Of Paths To Networks CNSM 2018

Preferred Path Routing ( PPR ) Graphs Beyond Signaling Of Paths To Networks CNSM 2018

Preferred Path Routing ( PPR ) Graphs Beyond Signaling Of Paths To Networks CNSM 2018 HIPNET workshop Toerless Eckert, Yingzhen Qu, Uma Chunduri Future Networks Santa Clara, California, USA {firstname.lastname}@huawei.com version

676 views • 20 slides
Martha Brumfield, President and CEO C-Path Mission C-Path The Critical Path Institute is a

Martha Brumfield, President and CEO C-Path Mission C-Path The Critical Path Institute is a

The C-Path Vision: Sharing Data and Expertise to Accelerate the Development of Safe and Effective Therapies for Neonates Martha Brumfield, President and CEO C-Path Mission C-Path The Critical Path Institute is a catalyst in the development of

410 views • 20 slides
CS 457 Lecture 18 Global Internet Fall 2011 Solution: Path Vectors Each routing update

CS 457 Lecture 18 Global Internet Fall 2011 Solution: Path Vectors Each routing update

CS 457 Lecture 18 Global Internet Fall 2011 Solution: Path Vectors Each routing update carries the entire path Loops are detected as follows: when AS gets route check if AS already in path if yes, reject route if no, add

448 views • 29 slides
The End-to-End Effects of Internet Path Selec5on S.

The End-to-End Effects of Internet Path Selec5on S.

The End-to-End Effects of Internet Path Selec5on S. Savage, A. Collins, E. Hoffman, J. Snell, and T. Anderson Presented by: Imranul Hoque

467 views • 19 slides
Different Goals for our NMS Many uses for Internet-scale path measurements: Towards a High

Different Goals for our NMS Many uses for Internet-scale path measurements: Towards a High

Different Goals for our NMS Many uses for Internet-scale path measurements: Towards a High Quality Path- Discover network trends, find paths Building network models oriented Network Measurement Run experiments using models and

209 views • 4 slides
Introduction to Path Analysis Ways to think about path analysis Path coefficients

Introduction to Path Analysis Ways to think about path analysis Path coefficients

Introduction to Path Analysis Ways to think about path analysis Path coefficients A bit about direct and indirect effects What path analysis can and cant do for you Measured vs. manifested the when of

589 views • 24 slides
The Wrong Path - Adultery Everyday Wisdom | Proverbs 5:1-23; 6:20-35; 7:1-27 Path #1 - The way

The Wrong Path - Adultery Everyday Wisdom | Proverbs 5:1-23; 6:20-35; 7:1-27 Path #1 - The way

The Wrong Path - Adultery Everyday Wisdom | Proverbs 5:1-23; 6:20-35; 7:1-27 Path #1 - The way Path #2 - The way of of the foolish the wise Picture from rootsrated.com via Ed Ogle/Flickr Pay attention to my commands, Gods Word. Proverbs

527 views • 25 slides
CSE 421 Longest Path in a DAG, LIS, Shortest Path with Negative Weights Shayan Oveis Gharan 1

CSE 421 Longest Path in a DAG, LIS, Shortest Path with Negative Weights Shayan Oveis Gharan 1

CSE 421 Longest Path in a DAG, LIS, Shortest Path with Negative Weights Shayan Oveis Gharan 1 Longest Path in a DAG Longest Path in a DAG Goal: Given a DAG G, find the longest path. Recall: A directed graph G is a DAG if it has no cycle.

571 views • 23 slides
Path Diversity ! Number of paths for a packet to transit between two points &quot; Inside an

Path Diversity ! Number of paths for a packet to transit between two points &quot; Inside an

In Search for Path Diversity in ISP Networks Renata Teixeira, Keith Marzullo, Stefan Savage, Geoffrey M. Voelker UC San Diego Internet Measurement Conference 2003 Path Diversity ! Number of paths for a packet to transit between two points

160 views • 5 slides
More On Paths Supplement to Chapter 4, Graph Theory Path definition What is a path? We

More On Paths Supplement to Chapter 4, Graph Theory Path definition What is a path? We

More On Paths Supplement to Chapter 4, Graph Theory Path definition What is a path? We are in in a graph context MOP2 Path definition 2 What is a path? A path is a sequence of nodes n 1 , n 2 , , n p Each

850 views • 65 slides
PATH F Framew mework LEC EC 1 12-4-19 19 PATH TH Fr Framework I k In Context W t Within

PATH F Framew mework LEC EC 1 12-4-19 19 PATH TH Fr Framework I k In Context W t Within

PATH F Framew mework LEC EC 1 12-4-19 19 PATH TH Fr Framework I k In Context W t Within O Oaklan and Ho Homelessn ssness ss S Sho hould B Be e Rare, B , Brief, &amp; , &amp; Non R n Recur ecurring Affordable Housing Policy

873 views • 31 slides
Timing Analysis Timing Path Groups and Types Timing paths are grouped into path groups

Timing Analysis Timing Path Groups and Types Timing paths are grouped into path groups

Introduction to Digital VLSI Logic Synthesis Timing Analysis Timing Path Groups and Types Timing paths are grouped into path groups according to the clock associated with the endpoint of the path. There is a default path group that

541 views • 18 slides
Challenges and a Path Forward for Realizing Data-Driven Federal Internet Policy A Research

Challenges and a Path Forward for Realizing Data-Driven Federal Internet Policy A Research

Challenges and a Path Forward for Realizing Data-Driven Federal Internet Policy A Research Agenda for Law and Computer Science and Internet Data 8th Workshop on Internet Economics (WIE 2017) JamesMillerEsquire@gmail.com Adjunct Prof. of Law,

531 views • 40 slides
Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The Rendering Equation Monte Carlo Integration A Basic Path Tracer Variance Reduction and Optimisation Techniques Additional Resources Plan From Ray

1.08k views • 54 slides
A * A path finding algorithm. A path finding algorithm. Given a state space, such as a

A * A path finding algorithm. A path finding algorithm. Given a state space, such as a

A * A path finding algorithm. A path finding algorithm. Given a state space, such as a 2-dimensional map, find a path from point A to point B in that space, if such a path exists. If such a path exists, return a path within certain criteria

445 views • 30 slides
Design of capacitated networks with unsplittable shortest path routing Andreas Bley Zuse

Design of capacitated networks with unsplittable shortest path routing Andreas Bley Zuse

Design of capacitated networks with unsplittable shortest path routing Andreas Bley Zuse Institute Berlin (ZIB) Overview Practical background: Internet = shortest path routing Properties of unsplittable shortest path systems Integer

460 views • 17 slides
Example Shortest Path Problems 8 6 2 1 1 3 3 1 16 7 5 Directed weighted graph. 6

Example Shortest Path Problems 8 6 2 1 1 3 3 1 16 7 5 Directed weighted graph. 6

Example Shortest Path Problems 8 6 2 1 1 3 3 1 16 7 5 Directed weighted graph. 6 4 10 4 Path length is sum of weights of edges on path. 2 4 7 7 5 3 The vertex at which the path begins is the source vertex. 14

237 views • 4 slides
On Path Generation, Path Following On Path Generation, Path Following and Time Coordination for

On Path Generation, Path Following On Path Generation, Path Following and Time Coordination for

On Path Generation, Path Following On Path Generation, Path Following and Time Coordination for and Time Coordination for Small UAVs UAVs Small I. Kaminer I. Kaminer Department of Mechanical and Astronautical Astronautical Engineering,

924 views • 44 slides
Parameterized Maximum Path Coloring Michael Lampis September 9, 2011 1 / 17 Path Coloring

Parameterized Maximum Path Coloring Michael Lampis September 9, 2011 1 / 17 Path Coloring

Parameterized Maximum Path Coloring Michael Lampis September 9, 2011 1 / 17 Path Coloring Definition Path Coloring Path Coloring Example Known results Input : A graph G and a multi-set of paths on that graph Edge slicing

704 views • 47 slides
SCION: A Secure Multipath Interdomain Routing Architecture Adrian Perrig Network Security Group,

SCION: A Secure Multipath Interdomain Routing Architecture Adrian Perrig Network Security Group,

SCION: A Secure Multipath Interdomain Routing Architecture Adrian Perrig Network Security Group, ETH Zrich SCION: Next-generation Internet Architecture Path-aware networking: sender knows packets path Enables geo-fencing

497 views • 33 slides
OneProbe: Measuring network path quality with TCP data-packet pairs Rocky K. C. Chang Internet

OneProbe: Measuring network path quality with TCP data-packet pairs Rocky K. C. Chang Internet

OneProbe: Measuring network path quality with TCP data-packet pairs Rocky K. C. Chang Internet Infrastructure and Security Group The Hong Kong Polytechnic University 11 February 2011 ISMA 2011 AIMS-3 AIMS-III, 2011 1 Our group Active

395 views • 39 slides
AGENCY 1 Silkroad, Path to Development Silkroad, Path to Development Area of

AGENCY 1 Silkroad, Path to Development Silkroad, Path to Development Area of

Silkroad, Path to Development SILKROAD DEVELOPMENT AGENCY 1 Silkroad, Path to Development Silkroad, Path to Development Area of Responsibility TRC1 Region Gaziantep Adyaman Kilis 2 Silkroad, Path to

538 views • 17 slides
Tracing the Path to YouTube - Introduction A Quantification of Path Lengths and Latencies towards

Tracing the Path to YouTube - Introduction A Quantification of Path Lengths and Latencies towards

Tracing the Path to YouTube - Introduction A Quantification of Path Lengths and Latencies towards Content Caches Motivation Research Questions Methodology Accepted for publication in IEEE Communications Magazine Analysis (Pre-print:

550 views • 31 slides
Jumpstarting BGP Security Yossi Gilad Joint work with: Avichai Cohen, Amir Herzberg, and Michael

Jumpstarting BGP Security Yossi Gilad Joint work with: Avichai Cohen, Amir Herzberg, and Michael

Jumpstarting BGP Security Yossi Gilad Joint work with: Avichai Cohen, Amir Herzberg, and Michael Schapira Prefix hijacking prefers shorter route Victim 168.122/16 168.122/16 Path: X-111 AS X Path: 666 AS 666 168.122/16 AS Path: 111

884 views • 24 slides

More recommend