Outline. 15-744: Computer Networking. Narrow Waist of the Internet Key to its Success. NSF Future Internet Architecture



Similar documents
Packet Level Authentication Overview

The Advantages of Using a Trust Domain For Network Strategies

Distributed Systems. 23. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2015

draft-forwarding-label-ccn- 01.txt

Distributed Systems. 25. Content Delivery Networks (CDN) 2014 Paul Krzyzanowski. Rutgers University. Fall 2014

Security in Structured P2P Systems

Active ISP Involvement in Content-Centric Future Internet Eugene Kim

Firewalls and Intrusion Detection

LAN TCP/IP and DHCP Setup

Internet Ideal: Simple Network Model

Bit Chat: A Peer-to-Peer Instant Messenger

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

This Lecture. The Internet and Sockets. The Start If everyone just sends a small packet of data, they can all use the line at the same.

Extending the Internet of Things to IPv6 with Software Defined Networking

How To Stop A Ddos Attack On A Network From Tracing To Source From A Network To A Source Address

RID-DoS: Real-time Inter-network Defense Against Denial of Service Attacks. Kathleen M. Moriarty. MIT Lincoln Laboratory.

Agenda. Distributed System Structures. Why Distributed Systems? Motivation

Lecture 17 - Network Security

Multihoming and Multi-path Routing. CS 7260 Nick Feamster January

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

Internetworking. Problem: There is more than one network (heterogeneity & scale)

Florian Liers, Thomas Volkert, Andreas Mitschele-Thiel

SiteCelerate white paper

Proxy Server, Network Address Translator, Firewall. Proxy Server

SANE: A Protection Architecture For Enterprise Networks

IP Phone Presence Setup

Chapter 9 Firewalls and Intrusion Prevention Systems

Information-Centric Networking: Introduction and Key Issues

Monitoring WAAS Using Cisco Network Analysis Module. Information About NAM CHAPTER

A REPORT ON ANALYSIS OF OSPF ROUTING PROTOCOL NORTH CAROLINA STATE UNIVERSITY

Scalable Internet Services and Load Balancing

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

How To Protect Your Network From A Ddos Attack On A Network With Pip (Ipo) And Pipi (Ipnet) From A Network Attack On An Ip Address Or Ip Address (Ipa) On A Router Or Ipa

Distributed Systems 19. Content Delivery Networks (CDN) Paul Krzyzanowski

Secure Networks for Process Control

IP address format: Dotted decimal notation:

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Protocol Rollback and Network Security

Ceres Messaging and Routing Model

A Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks

How To Understand The History Of The Network And Network (Networking) In A Network (Network) (Netnet) (Network And Network) (Dns) (Wired) (Lannet) And (Network Network)

Chapter 8 Security Pt 2

architecture: what the pieces are and how they fit together names and addresses: what's your name and number?

Internet Infrastructure Measurement: Challenges and Tools

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Chapter 7. Address Translation

Internet Privacy Options

Using IPM to Measure Network Performance

The Impact of DNSSEC. Matthäus Wander. on the Internet Landscape. Duisburg, June 19, 2015

Network Address Translation (NAT) Adapted from Tannenbaum s Computer Network Ch.5.6; computer.howstuffworks.com/nat1.htm; Comer s TCP/IP vol.1 Ch.

Definition. A Historical Example

ITL BULLETIN FOR JANUARY 2011

Wireless Sensor Networks Chapter 3: Network architecture

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Introduction to Network Operating Systems

Kick starting science...

Exploring the Design Space of Distributed and Peer-to-Peer Systems: Comparing the Web, TRIAD, and Chord/CFS

How Network Transparency Affects Application Acceleration Deployment

Firewalls P+S Linux Router & Firewall 2013

Cisco Network Foundation Protection Overview

Authentication Application

Content Distribution Networks (CDN)

Cisco EXAM Implementing Cisco Threat Control Solutions (SITCS) Buy Full Product.

CS 457 Lecture 19 Global Internet - BGP. Fall 2011

Case Study for Layer 3 Authentication and Encryption

Architectural Principles for Secure Multi-Tenancy

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Integrating Security, Mobility, and Multi-Homing in a HIP way

IP addressing. Interface: Connection between host, router and physical link. IP address: 32-bit identifier for host, router interface

Names & Addresses. Names & Addresses. Names vs. Addresses. Identity. Names vs. Addresses. CS 194: Distributed Systems: Naming

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

Introduction to MPLS-based VPNs

IETF Security Architecture Update

How To Understand The Power Of A Content Delivery Network (Cdn)

MPLS over IP-Tunnels. Mark Townsley Distinguished Engineer. 21 February 2005

Lecture 02b Cloud Computing II

IPv6 First Hop Security Protecting Your IPv6 Access Network

Client Server Registration Protocol

From Network Security To Content Filtering

Internetworking and Internet-1. Global Addresses

Future Internet Architecture Testbed Management System. Master s thesis

Firewalls. Ahmad Almulhem March 10, 2012

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Deploying IPv6, Now. Christian Huitema. Architect Windows Networking & Communications Microsoft Corporation

Internetworking Microsoft TCP/IP on Microsoft Windows NT 4.0

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

SIP and VoIP 1 / 44. SIP and VoIP

Disaster Recovery White Paper

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Multicast vs. P2P for content distribution

Datagram-based network layer: forwarding; routing. Additional function of VCbased network layer: call setup.

The Environment Surrounding DNS. 3.1 The Latest DNS Trends. 3. Technology Trends

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls.

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Architecture Overview

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

How To Understand The Power Of The Internet

Transcription:

Outline 15-744: Computer Networking L-15 Future Internet Architecture 2 Motivation and discussion Some proposals: CCN Nebula Mobility First XIA XIA overview AIP Scion 2 NSF Future Internet Architecture Narrow Waist of the Internet Key to its Success Program focuses on new architectural Internet features - address challenges in fundamental way Want to keep the good features of today s network Four teams were selected in the second phase: Named Data Networking: content centric networking - data is a (the) first class entity Mobility First: mobility as the norm rather than the exception generalizes delay tolerant networking Nebula: Internet centered around cloud computing data centers that are well connected expressive Internet Architecture: focus on trustworthiness, evolvability 3 Has allowed Internet to evolve dramatically But now an obstacle to addressing challenges: No built-in security New usage models a challenge Limited interactions edge-core Applications Internet Protocol Link Technologies XIA exploring three concepts to address issues: Diverse types of end-points Intrinsic security Flexible addressing 1

Today s Internet expressive Internet Architecture Src: Client IP Dest: Server IP Src: Client ID Dest: ID TCP Client IP Server IP Client retrieves document from a specific web server But client mostly cares about correctness of content, timeliness Specific server, file name, etc. are not of interest Transfer is between wrong principals What if the server fails? Optimizing transfer using local caches is hard Need to use application-specific overlay or transparent proxy bad! 5 PDA Client expresses communication intent for content explicitly Network uses content identifier to retrieve content from appropriate location How does client know the content is correct? Intrinsic security! Verify content using self-certifying id: hash(content) = content id How does source know it is talking to the right client? Intrinsic security! Self-certifying host identifiers 6 Three Key Principles An set of principals allows direct identification of the intended communicating entities Not having to force communication at a lower level (hosts in today s Internet) reduces complexity and overhead Set up principals can evolve over time Adapt to changes in usage models Support custom requirements of specific deployments Intrinsic security guarantees security properties as a direct result of the design of the system Do not rely on external configurations, actions, data bases 7 Other XIA Principles Narrow waist for all principals Defines the API between the principals and the network protocol mechanisms Narrow waist for trust management Ensure that the inputs to the intrinsically secure system match the trust assumptions and intensions of the user Narrow waist allows leveraging diverse mechanisms for trust management: CAs, reputation, personal, All other network functions are explicit services Keeps the architecture simple, easy to reason about XIA provides a principal type for services (visible) 8 2

XIA: expressive Internet Architecture Each communication operation expresses the intent of the operation Also: explicit trust management, APIs among actors XIA is a single inter-network in which all principals are connected Not a collection of architectures implemented through, e.g., virtualization or overlays Not based on a preferred principal (host or content), that has to support all communication 9 Multiple Principal Types Associated with different forwarding semantics Support heterogeneity in usage and deployment models Set of principal types can evolve over time Host XIDs support host-based communication who? Service XIDs allow the network to route to possibly replicated services what does it do? LAN services access, WAN replication, XIDs allow network to retrieve content from anywhere what is it? Opportunistic caches, CDNs, Autonomous domains allow scoping, hierarchy 10 Multiple Principal Types -centric Optimizations Choice involves tradeoffs: Control Trust Efficiency Privacy Service Host HID Service Host HID HTML Cached Service 11 Service HID 12 3

What Do We Mean by Evolvability? Narrow waist of the Internet has allowed the network to evolve significantly But need to evolve the waist as well! Can make the waist smarter IP: Evolvability of: Applications Link technologies XIA adds evolvability at the waist: Applications Evolving set of principals Link technologies 13 13 Supporting Evolvability Introduction of a new principal type will be incremental no flag day! Not all routers and ISPs will have support from day one Creates chicken and egg problem - what comes first: network support or use in applications Solution is to provide an intent and fallback address Intent address allows innetwork optimizations based on user intent Fallback address is guaranteed to be reachable. AD:HID AD:HID. Payload Dest Src 14 Addressing Requirements Our Solution: DAG-Based Addressing Fallback: intent that may not be globally understood must include a backwards compatible address Incremental introduction of new XID types Scoping: support reachability for non-globally routable XID types or XIDs Needed for scalability Generalize scoping based on network identifiers But we do not want to give up leveraging intent Iterative refinement: give each XID in the hierarchy option of using intent 15 Uses direct acyclic graph (DAG) Nodes: typed IDs (XID; expressive identifier) Outgoing edges: possible routing choices Simple example: Sending a packet to HID S Dummy source: special node indicating packet sender HID S Intent: final destination of packet with no outgoing edges 16 4

Support for Fallbacks with DAG DAGs Support Scoping and Iterative Refinement A node can have multiple outgoing edges Fallback edge HID S Primary edges A Client side Server-side domain hierarchy S Outgoing edges have priority among them Forwarding to HID S is attempted if forwarding to A is not possible Realization of fallbacks AD 0 HID S 17 18 Intrinsic Security in XIA Example: Secure Mobile Service Access XIA uses self-certifying identifiers that guarantee security properties for communication operation Host ID is a hash of its public key accountability (AIP) ID is a hash of the content correctness Does not rely on external configurations Intrinsic security is specific to the principal type Example: retrieve content using XID: content is correct Service XID: the right service provided content Host XID: content was delivered from right host 19 X AD BoF BOF S2 Server S: HID S BoF AD BoF : BoF Client C: HID C C AD C Server S2: HID S2 BoF Register bof.com -> AD BOF : BOF XIA Internet AD C2 Client C: HID C C AD BoF :HID S : BoF AD C :HID C : C AD BoF :HID S2 : BoF AD C :HID C : C AD BoF :HID S2 : BoF AD C2 :HID C : C Resolv bof.com AD BOF : BOF Name Resolution Service 20 5

XIA Dataplane Concepts Also in the Paper Directly support diverse network usage models Evolution of principal types Customization Multiple Communicating Principal Types Principal-specific security properties How to build an XIA forwarding engine XIA forwarding performance and comparison with IP Flexible Addressing Deal with routing failures DAG security Intrinsic Security Built in security forms basis for system level security Discussion on scalability of content caching 22 Outline Motivation and discussion Some proposals: CCN Nebula Mobility First XIA XIA overview AIP Scion AIP Motivation Many security challenges are a result of not being able to unambiguously determine who is responsible for a specific action Source spoofing, denial-of-service attacks, untraceable spam,.. Add accountability to the Internet architecture Key idea is to use self-certifying addresses for both hosts and domains Avoid dependence on external configurations E.g. global trust authority 23 24 6

Addressing and Routing Self-Certifying Identifiers ADe ADe:EID9 ADx ADy Addresses are hierarchical, similar to today s Internet But each level has a flat address, i.e. no R ADa ADb Until packet reaches destination AD, intermediate routers use only destination AD to forward packet Effectively uses a pointer in a stack of domain identifiers Upon reaching destination AD, forward based on EID ADa:ADb:EID1 Identifier of object is public key of object Convenient to use hash of key (e.g. fixed size) Need way of securely mapping user readable name into the identifier AD is hash of public key of domain EID is hash of public key of host Provides a means of verifying the correctness of the source identifiers in a packet Effectively by sending a challenge to the source that it must sign with its private key 25 26 Example: AD verification Verification Packet Receive packet source AD:X Forward packet Drop packet Send V to source In accept cache? Trust neighboring AD? Pass urpf? Router sends a packet V to Source containing: Source and destination identifier Hash of the packet P Interface of the router A secret signed by R Source signs V with its private key and send it back to R But only if it recognizes the hash R verifies that it was signed correctly using the public key from the source field If they match, R add S to its cache 27 28 7

AIP Discussion AIP adds complexity to routers Crypto support, caches, larger forwarding tables,.. but accountability helps address number of security challenges Reduces complexity and cost in rest of networks Research question Fast look up in large tables of flat identifiers Managing keys (revocation, minting, ) Evolving of the crypto Outline Motivation and discussion Some proposals: CCN Nebula Mobility First XIA XIA overview AIP Scion 29 30 SCION Architectural Goals Wish List (1): Isolation Scalability, Control, and Isolation on Next-generation networks (SCION) High availability, even for networks with malicious parties Explicit trust for network operations Minimal TCB: limit number of entities that need to be trusted for any operation Strong isolation from untrusted parties Operate with mutually distrusting entities No single root of trust Enable route control for ISPs, receivers, senders Simplicity, efficiency, flexibility, and scalability Localization of attacks Scalable and reliable routing updates Operate with mutually distrusting entities without a global single root of trust A B D C Attacks (e.g., bad routes) M L3 PSC CMU I2 31 32 8

Wish List (2): Balanced Control Wish List (3): Explicit Trust Source: select paths to send packets Destination: select paths to receive packets Transit ISPs: select paths to support Support rich policies and DDoS defenses A B D C Please reach me via A or B Hide the peering link from CMU Use Level 3 by default L3 I2 PSC CMU 33 Know who needs to be trusted Select whom to trust Confidence in selected paths Enforceable accountability Level 3 Who Go through will forward X and Z, Packets but not Y on the path? X Y Z Internet I2 PSC CMU 34 SCION Architectural Goals SCION Architecture Overview High availability, even for networks with malicious parties Explicit trust for network operations Minimal TCB: limit number of entities that need to be trusted for any operation Strong isolation from untrusted parties Operate with mutually distrusting entities No single root of trust Enable route control for ISPs, receivers, senders Simplicity, efficiency, flexibility, and scalability Trust domain (TD)s Isolation and scalability Path construction Path construction beacons (PCBs) Path resolution Control Explicit trust Route joining (shortcuts) Efficiency, flexibility PCB PCB PCB Source TD TD Core path srv S: blue paths D: red paths Destination 35 36 9

Hierarchical Decomposition Path Construction Split the network into a set of trust domains (TD) : interface : Opaque field : expiration time : signature TD: isolation of route computation core TD cores: interconnected large ISPs core = MAC( ) = SIG( ) = MAC( ) TD Core PCB PCB A Down paths Up paths = SIG( ) AD: atomic failure unit Destination Source 37 = MAC( ) = SIG( ) Embed into pkts PCB PCB B C 38 SCION Security Benefits Isolation Scalability, freshness Path replay attack Collusion attack Single root of trust Trusted Computing Base Path Control S-BGP etc Whole Internet SCION TD Core and on-path ADs Source End-to-end control Only up-path Destination No control Inbound paths DDoS Open attacks Enable defenses Choice Points in XIA Customers have choices: Choice of XID type, i.e. how is communication operation performed; different tradeoffs DAGs add flexibility: fallback, services, Scion offers some control over path selection Flexible trust management Distributed XID assignment (no single point of control) Service providers have choices as well Use of XID types to optimize new services Scion allows new path optimization options Use DAGs for binding, scoping, mobility, 39 40 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information