Practical Intrusion-Tolerant Networks

As the Internet becomes an important part of the infrastructure our society depends on, it is crucial to construct networks that are able to work even when part of the network is compromised. This paper presents the first practical intrusion-tolerant network service, targeting high-value applications such as monitoring and control of global clouds and management of critical infrastructure for the power grid. We use an overlay approach to leverage the existing IP infrastructure while providing the required resiliency and timeliness. Our solution overcomes malicious attacks and compromises in both the underlying network infrastructure and in the overlay itself. We deploy and evaluate the intrusion-tolerant overlay implementation on a global cloud spanning East Asia, North America, and Europe, and make it publicly available.

[1]  Flaviu Cristian,et al.  Atomic Broadcast: From Simple Message Diffusion to Byzantine Agreement , 1995, Inf. Comput..

[2]  Deepinder P. Sidhu,et al.  Finding disjoint paths in networks , 1991, SIGCOMM '91.

[3]  Biswanath Mukherjee,et al.  Detecting disruptive routers: a distributed network monitoring approach , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[4]  Xin Zhang,et al.  SCION: Scalability, Control, and Isolation on Next-Generation Networks , 2011, 2011 IEEE Symposium on Security and Privacy.

[5]  Gregory G. Finn,et al.  Reducing the Vulnerability of Dynamic Computer Networks , 1988 .

[6]  Robbert van Renesse,et al.  Fireflies , 2015, ACM Trans. Comput. Syst..

[7]  Radia J. Perlman,et al.  Routing with Byzantine robustness , 2005 .

[8]  Sandra L. Murphy,et al.  Digital signature protection of the OSPF routing protocol , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[9]  Cristina Nita-Rotaru,et al.  Turret: A Platform for Automated Attack Finding in Unmodified Distributed System Implementations , 2014, 2014 IEEE 34th International Conference on Distributed Computing Systems.

[10]  Virgil D. Gligor,et al.  The Crossfire Attack , 2013, 2013 IEEE Symposium on Security and Privacy.

[11]  Jon Crowcroft,et al.  Integrating security in inter-domain routing protocols , 1993, CCRV.

[12]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[13]  Adrian Perrig,et al.  The Coremelt Attack , 2009, ESORICS.

[14]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[15]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[16]  Rafail Ostrovsky,et al.  Authenticated Adversarial Routing , 2008, Journal of Cryptology.

[17]  J. W. Suuballe,et al.  Disjoint Paths in a Network , 2022 .

[18]  Miguel Castro,et al.  Secure routing for structured peer-to-peer overlay networks , 2002, OSDI '02.

[19]  Cristina Nita-Rotaru,et al.  Increasing Network Resiliency by Optimally Assigning Diverse Variants to Routing Nodes , 2015, IEEE Trans. Dependable Secur. Comput..

[20]  Michael Dahlin,et al.  BAR gossip , 2006, OSDI '06.

[21]  Per Larsen,et al.  Profile-guided automated software diversity , 2013, Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO).

[22]  Eric Rescorla,et al.  Datagram Transport Layer Security , 2006, RFC.

[23]  Reza Curtmola,et al.  ODSBR: An on-demand secure Byzantine resilient routing protocol for wireless ad hoc networks , 2008, TSEC.

[24]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[25]  Radia J. Perlman,et al.  Network layer protocols with Byzantine robustness , 1988 .

[26]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[27]  Cristina Nita-Rotaru,et al.  Increasing Network Resiliency by Optimally Assigning Diverse Variants to Routing Nodes , 2013, IEEE Transactions on Dependable and Secure Computing.

[28]  Shivakant Mishra,et al.  INSENS: Intrusion-Tolerant Routing in Wireless Sensor Networks , 2002 .

[29]  Karl N. Levitt,et al.  Protecting routing infrastructures from denial of service using cooperative intrusion detection , 1998, NSPW '97.

[30]  Joni da Silva Fraga,et al.  A lightweight intrusion-tolerant overlay network , 2006, Ninth IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC'06).

[31]  Zygmunt J. Haas,et al.  Securing the Internet routing infrastructure , 2002, IEEE Commun. Mag..

[32]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[33]  Stefan Savage,et al.  TCP congestion control with a misbehaving receiver , 1999, CCRV.

[34]  Robbert van Renesse,et al.  Fireflies: scalable support for intrusion-tolerant network overlays , 2006, EuroSys.

[35]  Robbert van Renesse,et al.  Self-stabilizing and Byzantine-Tolerant Overlay Network , 2007, OPODIS.

[36]  Miguel Correia,et al.  On the Effects of Finite Memory on Intrusion-Tolerant Systems , 2007 .

[37]  Joni da Silva Fraga,et al.  Overlay Network Topology Reconfiguration in Byzantine Settings , 2007, 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007).

[38]  Yair Amir,et al.  Towards a Practical Survivable Intrusion Tolerant Replication System , 2014, 2014 IEEE 33rd International Symposium on Reliable Distributed Systems.

[39]  Christopher Frost,et al.  Spanner: Google's Globally-Distributed Database , 2012, OSDI.

[40]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[41]  Yair Amir,et al.  Reliable communication in overlay networks , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..