Download Document

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
Document related concepts

Network science wikipedia , lookup

Centrality wikipedia , lookup

Corecursion wikipedia , lookup

Signal-flow graph wikipedia , lookup

Transcript 
Reliable Communication in
Unknown Networks
Lakshmi Subramanian
Joint work with:
Randy Katz, Volker Roth, Scott
Shenker, Ion Stoica
Reliable communication problem
Good node
Adversarial node
Given a graph G, how do two good nodes reliably communicate
in the presence of adversarial nodes attempting to disrupt the
communication
Challenges to reliable communication
• Lack of knowledge of which nodes are
adversarial
• Adversarial nodes can potentially
– Modify messages traversing them
– Generate spurious messages on behalf of good
nodes
– Collude with other adversaries using out-ofband communication
• Absence of a public key infrastructure to
enable originators to sign messages
Lamport’s Result
• If every node is aware of the entire graph G
and G is (2k+1) vertex connected, then two
good nodes can reliably communicate
provided #adversaries <= k
– Source route the message along (2k+1) vertex
disjoint paths and compute consensus
– This result is also a lower bound
• Reliable communication vs Byzantine
consensus
– Reliable communication is a necessary building
block for byzantine agreement
What if the graph is not known?
neighborhood
of a node
What if a node is aware only its neighbors but not the
entire network?
Reliable communication in
unknown networks
• Input: Given a graph G with n nodes where each
node is aware of only its neighbors but not the
entire graph. Every node has a unique, unforgeable identity.
• Problem: Assume that k among the n nodes are
adversarial and the remaining (n-k) nodes are good
nodes which follow a prescribed algorithm. For
what values of k, can we get a distributed
algorithm that allows two good nodes to reliably
communicate?
The problem spectrum
Reliable Communication Problem
Complete Graph
Incomplete Graph
Unsigned Messages
Graph unknown
Signed Messages
Graph known
Example 1: BGP
• Nodes in the graph are AS’s
• Identity= AS number
– AS number is a socially assigned identity
– Assumption: AS number is unique and
unforgable
• What information needs to be reliably
communicated?
– (AS, prefix) mapping
– Valid path-vector route updates
Example 2: Intra-domain routing
• Identity of a node = <router-id>
• Information to be reliably communicated?
– Graph topology
– Link costs
• An adversary should not be able to
– Modify the cost of existing links between good nodes
– Introduce new links to good nodes
• What an adversary can do
– Introduce spurious links to other adversaries
– Introduce fake nodes
Example 3: DNS
• Node identifier = <IP address of DNS
server>
– Assumption: The IP address of a DNS server of
a domain is relatively static
• Information to be reliably communicated?
– Domain ownership information
– Redirection of DNS requests to the
authoritative DNS
• Challenge:
– Is it possible to secure DNS without a publickey infrastructure?
Our result
• In an unknown network comprising n nodes, given
#adversaries <=k and a bound N>=n on the
number of nodes, two good nodes can reliably
communicate if the underlying connectivity graph,
G, is (2k+1) vertex connected.
• Complexity
– Consider a network with bounded capacity where every
link can transmit one message in unit time.
– One-time complexity=O(kNn3)
– Subsequent communication complexity = O(k.diam(G))
Simpler adversarial model
• Independent adversaries
– Do not collude with each other
– Do not directly communicate with each other during
protocol execution
– Motivation: misconfigurations, independent attackers
• Result: In an unknown network comprising n
nodes, given number of independent adversaries
<=k and a bound N>=n on the number of nodes,
two good nodes can reliably communicate if the
underlying connectivity graph, G, is (k+2) vertex
connected.
Practical implications
• BGP
– Reliable communication is achievable within the
Internet core (tier-1 +tier-2 ISPs)
– In power-law random graphs, the damage that few
adversaries can cause is small
– Multi-homing => better reliable communication
– Mis-configurations cause lesser damage than colluding
adversaries
• OSPF
– The network can be carefully engineered to ensure that
few adversaries cannot disrupt link-state routing
– The cost of propagating updates reliably can be made
very low
Practical implications (contd)
• DNS
– By designing the DNS as a hierarchical but
structured peer-peer network, adversarial nodes
can cause very little damage
– DNS requests can be reliably serviced in the
presence of adversaries
• Decentralized public key distribution
– In specific graphs, one can achieve
decentralized public key distribution in the
presence of a bounded number of adversaries
Other implications
• Network design
– Need a minimum 3-connected graph to
completely protect against a single adversary
• Failures are accommodated as adversarial
nodes
• Not applicable for
– Unstructured peer-peer networks, nodes with
variable identities, extremely dynamic networks
Algorithm building blocks
•
•
•
•
Path vector signatures
Flow concept
Path suppression
Loop testing – for independent adversaries
Path vector signatures
• Path vector message =(m,S,P)
– message m, source S, path P
• Path vector signature sgn(m,S,P) satisfies
– Verifiability: Given (m,S,P) and sgn(m,S,P), any node
can verify that message traversed P provided it
originated from S
– Update: sgn(m,S,P) can be updated to sgn(m,S,P’) for
any path P’= P +{v}
– Inability to modify: Any adversary attempting to modify
m or remove entries in P cannot compute signature
– Distinguishability: The signature of a fake path vector
message (m,S,P) is always distinguishable from a
genuine message (m,S,P)
El-Gamal path vector signatures
<h2= h(h1, (A,B,C)),P>
<h1= h(x, (A,B)), P>
A
Claimed
Public-key=P
Message=x
B
C
D
<k1= h(x, (A,X)), Q>
X
<h3= h(h2, (B,C,D)),P>
Y
<k3= h(k2, (X,Y,D)),Q>
<k2= h(k1, (A,X,Y)),Q>
• Consistency checking of routes (C,B,A) and (Y,X,A):
• Does the signature match the public key?
• Do the public keys match?
Property of path-vector signature
• A single adversary attempting to modify the
message or generate a fake message with a
genuine signature has to generate a new
public key for the source
• Two colluding adversaries can
– tunnel an adversary and introduce a fake path
between them without changing the message
Modified path-vector signatures
<(h(ABC),p(A)),(h(BC),p(B))>
A
B
<h(AB), p(A)>
C
D
<(h(ABCD),p(A)),
(h(BCD), p(B)),
(h(CD),p(C))>
Append a string of hash signatures, one for each node along
a path along with the “claimed” public-key of each node
Property of modified scheme
• Two colluding adversaries generating a fake
path with additional identities have to fake
the public-keys of these identities
• Keyed-identity of a node = (identity,
claimed public key)
• Distinguishability of messages:
– A genuine path-vector message traversing good
nodes will always be distinguishable from a
fake path-vector message generated by
adversaries
Flow concept
• Let G be a (2k+1) connected with at most k
adversarial nodes
• Consider two good nodes X and Y with
public keys p(X) and p(Y)
– Flow ((X,p(X), (Y,p(Y)) >=k+1
• Consider a good node X and a fake node F
created by adversaries
– Flow((X,p(X)), (F,p(F)) <=k
Basic Algorithm
• Step 1: Every node X with a message m(X),
transmits m(X) to its neighbors along with its
path-vector signature
• Step 2: Every intermediary node appends the path
attribute and the signature and propagates the
message to other neighbors
• Step 3: Every receiver chooses identity-disjoint
paths for each source and updates the flow
• Step 4: If flow(node)>k, then that message is
declared genuine
Path suppression
• Number of paths in a graph is exponential
• Path suppression:
– A node only forwards a path-vector message if
the path contains a new edge or a new source.
– For a given keyed identity (X,p(X)), the
number of messages forwarded is bounded.
Loop testing: Independent
adversaries
X
Z
Independent adversaries will fail the loop test:
• If G is (k+2) connected, every edge will be
present in at least one good loop
Conclusions
• Reliable communication in unknown networks if
the graph G is (2k+1) connected with at most k
adversaries
– (k+2) connectivity sufficient for independent
adversaries
– byzantine consensus in unknown networks
• Practical applications
– BGP, OSPF, DNS
• Related problem: Reliable communication in
sparse unknown networks
– How much damage can a single adversary cause in 1connected and 2-connected networks?
– What is the best defense mechanism in sparse
networks?
Related documents
Computer Network
Computer Network
Survey: Distributed Operating Systems Introduction 1 Network
Survey: Distributed Operating Systems Introduction 1 Network
Website user experience
Website user experience
Linked data structures and algorithms
Linked data structures and algorithms
Course Lecture 6
Course Lecture 6
Energy Aware Networks
Energy Aware Networks
Networks
Networks
Internet Structure
Internet Structure
Document
Document
Some Examples of Networks in Cytoscape
Some Examples of Networks in Cytoscape
here
here