Path-quality monitoring in the presence of adversaries

Edge networks connected to the Internet need effective monitoring techniques to inform routing decisions and detect violations of Service Level Agreements (SLAs). However, existing measurement tools, like ping, traceroute, and trajectory sampling, are vulnerable to attacks that can make a path look better than it really is. Here, we design and analyze a lightweight path-quality monitoring protocol that reliably raises an alarm when the packet-loss rate exceed a threshold, even when an adversary tries to bias monitoring results by selectively delaying, dropping, modifying, injecting, or preferentially treating packets. Our protocol is based on sublinear algorithms for sketching the second moment of stream of items and can monitor billions of packets using only 250-600 B of storage and the periodic transmission of a comparably sized IP packet. We also show how this protocol can be used to construct a more sophisticated protocol that allows the sender to localize the link responsible for the dropped packets. We prove that our protocols satisfy a precise definition of security, analyze their performance using numerical experiments, and derive analytic expressions for the tradeoff between statistical accuracy and system overhead. This paper contains a deeper treatment of results from earlier conference papers and several new results.

[1]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[2]  Moti Yung,et al.  Perfectly secure message transmission , 1993, JACM.

[3]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[4]  Michael Walfish,et al.  Verifying and enforcing network paths with icing , 2011, CoNEXT '11.

[5]  Paul Barford,et al.  Accurate and efficient SLA compliance monitoring , 2007, SIGCOMM '07.

[6]  S. Cheung,et al.  An efficient message authentication scheme for link state routing , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[7]  Xin Zhang,et al.  Network fault localization with small TCB , 2011, 2011 19th IEEE International Conference on Network Protocols.

[8]  Paul Barford,et al.  Improving accuracy in end-to-end packet loss measurement , 2005, SIGCOMM '05.

[9]  Phillip Rogaway,et al.  Software-optimized universal hashing and message authentication , 2000 .

[10]  Noga Alon,et al.  The space complexity of approximating the frequency moments , 1996, STOC '96.

[11]  Piotr Indyk,et al.  Approximate nearest neighbors: towards removing the curse of dimensionality , 1998, STOC '98.

[12]  Emile Stephan,et al.  IP Performance Metrics (IPPM) Metrics Registry , 2005, RFC.

[13]  Daniel R. Simon,et al.  Secure traceroute to detect faulty or malicious routing , 2003, CCRV.

[14]  Ramesh Karri,et al.  Power Optimization for Universal Hash Function Data Path Using Divide-and-Concatenate Technique , 2005, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[15]  Piotr Indyk,et al.  Stable distributions, pseudorandom generators, embeddings, and data stream computation , 2006, JACM.

[16]  Jennifer Rexford,et al.  Stealth Probing: Efficient Data-Plane Security for IP Routing , 2006, USENIX Annual Technical Conference, General Track.

[17]  John Viega,et al.  The Security and Performance of the Galois/Counter Mode (GCM) of Operation , 2004, INDOCRYPT.

[18]  Hisashi Kobayashi,et al.  Highly secure and efficient routing , 2004, IEEE INFOCOM 2004.

[19]  Daniel J. Bernstein,et al.  The Poly1305-AES Message-Authentication Code , 2005, FSE.

[20]  Nick G. Duffield,et al.  Trajectory sampling for direct traffic observation , 2001, TNET.

[21]  Stefan Savage,et al.  Detecting and Isolating Malicious Routers , 2006, IEEE Transactions on Dependable and Secure Computing.

[22]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[23]  Jürgen Quittek,et al.  Packet Sampling (PSAMP) Protocol Specifications , 2009, RFC.

[24]  Yan Bai,et al.  High performance pipelined architecture of Ghash , 2010, 2010 3rd IEEE International Conference on Broadband Network and Multimedia Technology (IC-BNMT).

[25]  Rafail Ostrovsky,et al.  Asynchronous Throughput-Optimal Routing in Malicious Networks , 2010, ICALP.

[26]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[27]  Phillip Rogaway,et al.  Formalizing Human Ignorance: Collision-Resistant Hashing without the Keys , 2006, IACR Cryptol. ePrint Arch..

[28]  Paul Francis,et al.  A study of prefix hijacking and interception in the internet , 2007, SIGCOMM '07.

[29]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[30]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[31]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[32]  J. Sommers,et al.  A Geometric Approach to Improving Active Packet Loss Measurement , 2008, IEEE/ACM Transactions on Networking.

[33]  Ramesh Karri,et al.  Divide-and-concatenate: an architecture level optimization technique for universal hash functions , 2004, Proceedings. 41st Design Automation Conference, 2004..

[34]  Xin Zhang,et al.  ShortMAC: Efficient Data-Plane Fault Localization , 2012, NDSS.

[35]  Stefan Savage,et al.  Fatih: detecting and isolating malicious routers , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[36]  Nick Feamster,et al.  Network Troubleshooting : An In-band Approach , 2007 .

[37]  Vern Paxson,et al.  End-to-end Internet packet dynamics , 1997, SIGCOMM '97.

[38]  Rafail Ostrovsky,et al.  Authenticated Adversarial Routing , 2008, Journal of Cryptology.

[39]  Craig Partridge,et al.  When the CRC and TCP checksum disagree , 2000, SIGCOMM.

[40]  W. B. Johnson,et al.  Extensions of Lipschitz mappings into Hilbert space , 1984 .

[41]  Xin Zhang,et al.  Packet-dropping adversary identification for data plane security , 2008, CoNEXT '08.

[42]  Moses Charikar,et al.  Finding frequent items in data streams , 2002, Theor. Comput. Sci..

[43]  Volker Roth,et al.  Listen and whisper: security mechanisms for BGP , 2004 .

[44]  Bruno Crispo,et al.  Chained Stream Authentication , 2000, Selected Areas in Cryptography.

[45]  Herman Chernoff Chernoff Bound , 2011, International Encyclopedia of Statistical Science.

[46]  Graham Cormode,et al.  An improved data stream summary: the count-min sketch and its applications , 2004, J. Algorithms.

[47]  Dimitris Achlioptas,et al.  Database-friendly random projections , 2001, PODS.

[48]  Rudolf Ahlswede,et al.  Strong converse for identification via quantum channels , 2000, IEEE Trans. Inf. Theory.

[49]  Bill Owens,et al.  Inferring and debugging path MTU discovery failures , 2005, IMC '05.

[50]  Vincent Rijmen,et al.  A New MAC Construction ALRED and a Specific Instance ALPHA-MAC , 2005, FSE.

[51]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[52]  Radia J. Perlman,et al.  Network layer protocols with Byzantine robustness , 1988 .

[53]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[54]  Mikkel Thorup,et al.  Tabulation based 4-universal hashing with applications to second moment estimation , 2004, SODA '04.

[55]  Moni Naor,et al.  Sketching in adversarial environments , 2008, STOC.

[56]  Baruch Awerbuch,et al.  An on-demand secure routing protocol resilient to byzantine failures , 2002, WiSE '02.

[57]  Vitaly Shmatikov,et al.  Truth in advertising: lightweight verification of route integrity , 2007, PODC '07.

[58]  Matthew Roughan,et al.  Fundamental bounds on the accuracy of network performance measurements , 2005, SIGMETRICS '05.

[59]  J. Rexford,et al.  Security vulnerabilities and solutions for packet sampling , 2007, 2007 IEEE Sarnoff Symposium.

[60]  Brian C. Huffman,et al.  Internet Timekeeping Around the Globe , 1997 .

[61]  Katerina J. Argyraki,et al.  Loss and Delay Accountability for the Internet , 2007, 2007 IEEE International Conference on Network Protocols.

[62]  Sharon Goldberg,et al.  Protocols and Lower Bounds for Failure Localization in the Internet , 2008, EUROCRYPT.

[63]  Leslie G. Valiant,et al.  Fast probabilistic algorithms for hamiltonian circuits and matchings , 1977, STOC '77.

[64]  Kevin J. Houle,et al.  Trends in Denial of Service Attack Technology , 2001 .