Towards attack tolerant networks: Concurrent multipath routing and the butterfly network

It is crucial for large-scale communication networks such as the internet to be resilient against attacks such as censorship and surveillance, which pose a threat to free expression and free association. Self-organized networks such as the internet’s router network typically have heavy-tailed degree distributions, making them highly vulnerable to targeted attacks against central nodes. While cryptographic solutions exist, they fail to address the underlying topological problem, and remain vulnerable to man-in-the-middle attacks and coercion. Coercion-resistant, topological approaches to attack tolerance are needed to address the current vulnerability of communications infrastructure to censorship and surveillance. We present a novel concurrent multipath routing (CMR) algorithm for the wraparound butterfly network topology, as well as a highly attack-tolerant Structured Multipath Fault Tolerance (SMFT) architecture which incorporates the butterfly CMR algorithm. We also identify a previously unexplored relationship between network topology, trust transitivity, and attack-tolerance, and provide a framework for further exploration of this relationship. Our work is the first theoretical demonstration of a point-to-point communication network architecture that can resist coercion and other non-technical attacks, without requiring infinitely transitive trust. To address cases where the network structure cannot be fully controlled, we demonstrate how a snapshot of the internet’s router network can be partially rewired for greater attack-tolerance. More broadly, we hope that this work will serve as a starting point for the evelopment of additional topology-based attack-tolerant communication architectures to guard against the dangers of censorship and surveillance.

[1]  Ramesh Govindan,et al.  Using the small-world model to improve Freenet performance , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[2]  Raph Levien,et al.  Attack-Resistant Trust Metrics , 2009, Computing with Social Trust.

[3]  J. von Neumann,et al.  Probabilistic Logic and the Synthesis of Reliable Organisms from Unreliable Components , 1956 .

[4]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[5]  David Hutchison,et al.  Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines , 2010, Comput. Networks.

[6]  Philip Hunter Pakistan YouTube block exposes fundamental Internet security weakness , 2008 .

[7]  Bruce Schneier,et al.  Ten Risks of PKI , 2004 .

[8]  Nor Badrul Anuar,et al.  Survey of secure multipath routing protocols for WSNs , 2015 .

[9]  David Mazières The Stellar Consensus Protocol : A Federated Model for Internet-level Consensus , 2015 .

[10]  Lawrence B. Mohr,et al.  Explaining organizational behavior , 1982 .

[11]  Sunny King,et al.  PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake , 2012 .

[12]  Massimo Marchiori,et al.  Error and attacktolerance of complex network s , 2004 .

[13]  Peter Y. A. Ryan,et al.  Caveat Coercitor: Coercion-Evidence in Electronic Voting , 2013, 2013 IEEE Symposium on Security and Privacy.

[14]  Issa M. Khalil,et al.  UnMask: Utilizing neighbor monitoring for attack mitigation in multihop wireless sensor networks , 2010, Ad Hoc Networks.

[15]  Dmitry Korzun,et al.  Structured Peer-to-Peer Systems: Fundamentals of Hierarchical Organization, Routing, Scaling, and Security , 2012 .

[16]  V. Thakare,et al.  Comparative Analysis of Multipath Routing Techniques and Design of Secure Energy Aware Routing Algorithm for Wireless Sensor Network , 2013 .

[17]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[18]  Bruce Christianson,et al.  Why Isn't Trust Transitive? , 1996, Security Protocols Workshop.

[19]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[20]  Albert-László Barabási,et al.  Scale-Free Networks: A Decade and Beyond , 2009, Science.

[21]  Jeffrey V. Nickerson,et al.  Thinking with Networks , 2010 .

[22]  Gopi Nath Nayak,et al.  Different flavours of Man-In-The-Middle attack, consequences and feasible solutions , 2010, 2010 3rd International Conference on Computer Science and Information Technology.

[23]  Tiago P. Peixoto,et al.  Trust Transitivity in Social Networks , 2010, PloS one.

[24]  Wenjing Lou,et al.  H-SPREAD: a hybrid multipath scheme for secure and reliable data collection in wireless sensor networks , 2006, IEEE Transactions on Vehicular Technology.

[25]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[26]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[27]  Michael K. Reiter,et al.  Resilient Authentication Using Path Independence , 1998, IEEE Trans. Computers.

[28]  Amos Fiat,et al.  Censorship resistant peer-to-peer content addressable networks , 2002, SODA '02.

[29]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[30]  Kok-Lim Alvin Yau,et al.  Exploiting the Power of Multiplicity: A Holistic Survey of Network-Layer Multipath , 2015, IEEE Communications Surveys & Tutorials.

[31]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[32]  Jon Crowcroft,et al.  A survey and comparison of peer-to-peer overlay network schemes , 2005, IEEE Communications Surveys & Tutorials.

[33]  Tomoyuki Ohta,et al.  Improvement of assurance including security for wireless sensor networks using dispersed data transmission , 2012, J. Comput. Syst. Sci..

[34]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[35]  Christos Faloutsos,et al.  Graphs over time: densification laws, shrinking diameters and possible explanations , 2005, KDD '05.

[36]  Ajay D. Kshemkalyani,et al.  Distributed Computing: Principles, Algorithms, and Systems , 2008 .

[37]  Paul Baran,et al.  On Distributed Communications , 1964 .

[38]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[39]  Zhuoqing Morley Mao,et al.  Internet Censorship in China: Where Does the Filtering Occur? , 2011, PAM.

[40]  Albert,et al.  Emergence of scaling in random networks , 1999, Science.

[41]  Denise C. Walker Mass Notification and Crisis Communications: Planning, Preparedness, and Systems , 2011 .

[42]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[43]  Marco Chiesa,et al.  Analysis of Country-Wide Internet Outages Caused by Censorship , 2014, IEEE/ACM Transactions on Networking.

[44]  Zhongming Zheng,et al.  Secure and Energy-Efficient Disjoint Multipath Routing for WSNs , 2012, IEEE Transactions on Vehicular Technology.

[45]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[46]  Nabil Ali Alrajeh,et al.  Secure Ant-Based Routing Protocol for Wireless Sensor Network , 2013, Int. J. Distributed Sens. Networks.

[47]  Bruce Schneier,et al.  Practical cryptography , 2003 .

[48]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[49]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[50]  Jon M. Kleinberg,et al.  The small-world phenomenon: an algorithmic perspective , 2000, STOC '00.

[51]  Ajay D. Kshemkalyani,et al.  Distributed Computing: Index , 2008 .