Do we need a new Internet? Part 1: Basic Issues Adrian Perrig - - PowerPoint PPT Presentation

do we need a new internet part 1 basic issues
SMART_READER_LITE
LIVE PREVIEW

Do we need a new Internet? Part 1: Basic Issues Adrian Perrig - - PowerPoint PPT Presentation

Dec 14, 2023 568 likes •789 views

Do we need a new Internet? Part 1: Basic Issues Adrian Perrig Network Security Group, ETH Zrich Imagine a building or structure that represents the Internet The Internet The Internet is perceived to be like the pyramids: monumental

slide-1
SLIDE 1

Do we need a new Internet? Part 1: Basic Issues

Adrian Perrig Network Security Group, ETH Zürich

slide-2
SLIDE 2

Imagine a building or structure that represents the Internet

slide-3
SLIDE 3

The Internet is perceived to be like the pyramids: monumental structure that has stood the test of time and cannot be changed

3

… an ancient structure …

The Internet …

… that appears stable and seems unchangeable

slide-4
SLIDE 4

More like today’s Internet …

4

Secure E2E Comm Control Transparency Availability

slide-5
SLIDE 5

Problem 1: Availability

5

Secure E2E Comm Control Transparency Availability

slide-6
SLIDE 6

Poor Availability

▪ Well-connected entity: 99.9% availability (86 s/day unavailability)
 [Katz-Bassett et al., Sigcomm 2012] ▪ Plug-into-the wall telephones: 99.999% availability (0.86 s/day unavailability)! ▪ Numerous short-lived outages due to Border Gateway Protocol (BGP) route changes and route convergence delays ▪ Outages due to misconfigurations ▪ Outages due to attacks ▪ E.g., prefix hijacking, DDoS

6

slide-7
SLIDE 7

Problem 2: Control

7

Secure E2E Comm Control Transparency

slide-8
SLIDE 8

Who controls Internet Paths?

▪ Current Internet offers limited control of paths ▪ Paths can be hijacked and redirected

8

slide-9
SLIDE 9

▪ Current Internet offers limited control of paths

  • Border Gateway Protocol (BGP) floods announcements for destinations
  • No inbound traffic control

Limited Path Control in BGP

9

slide-10
SLIDE 10

Who should control Paths?

▪ Clearly, ISPs need some amount of path control to enact their policies ▪ How much path control should end domains and end points (sender and receiver) have?

  • Control is a tricky issue … how to empower end points without

providing too much control?

10

No Endpoint Control Complete Endpoint Control Limited Endpoint Control

slide-11
SLIDE 11

Problems due to Lack of Path Control

▪ Limited traffic load balancing for sender and receiver ▪ No multi-path communication ▪ No optimization of networking paths for sender and receiver ▪ Poor availability ▪ Outages cannot be circumvented ▪ Connection can suddenly break ▪ Traffic redirection attacks become possible

11

slide-12
SLIDE 12

Problem 3: Transparency

12

Secure E2E Comm Transparency

slide-13
SLIDE 13

Transparency

▪ Path transparency

  • Today, sender cannot obtain guarantee that packet will travel

along intended path

  • Impossible to gain assurance of packet path

▪ Because router forwarding state can be different from routing messages received

▪ Trust transparency

  • Today, we cannot enumerate trust roots we rely upon

13

slide-14
SLIDE 14

Problem 4: Secure E2E Communication

14

Secure E2E Comm

slide-15
SLIDE 15

Fake Certificates lead to Attack

▪ Adversary misuses fake certificate to impersonate one party to the other (man-in-the-middle attack)

15

Alice Bob Mallory

slide-16
SLIDE 16

Problems with SSL / TLS Certificates

▪ Famous case: false Microsoft ActiveX certificate issued by Verisign in January 2001 ▪ VeriSign Hacked, Successfully and Repeatedly, in 2010

  • VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission filing in October

2011

▪ March 2011: Attack on Commodo reseller, several fraudulent certificates were issued: mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org, login.live.com

  • Suggested that attack originated from Iranian IP address
  • http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

▪ August 29, 2011: news broke that DigiNotar, a Dutch CA, improperly issued a certificate for all Google domains to an external party

  • Claim: 250 certificates for an unknown number of domains were released
  • Iranian government spied on Iranian citizens' communications with Google email during the month of

August 2011

▪ Stuxnet used compromised certificates from 2 Taiwanese CAs

16

slide-17
SLIDE 17

Non-Scalability of Trust

▪ As the Internet has grown to encompass a large part of the global population, trust relationships have become heterogeneous: no single entity trusted by everyone

  • Complicates construction of entity authentication

infrastructures ▪ Current Internet authentication infrastructures have weak security properties

  • Single points of failure
  • Security of the weakest link

17

slide-18
SLIDE 18

Summary: Which Problems Should we Address?

▪ High availability: enable end-to-end connectivity despite network disruptions ▪ Path control: ISP, sender, and receiver, jointly control end-to-end paths ▪ Transparency

  • Path transparency: sender should be aware of packet’s path
  • Trust transparency: known roots of trust that need to be relied upon

▪ Resilience to compromised trust roots: limit global scope of certification authorities

18

slide-19
SLIDE 19

For More Information …

▪ … please see our web page:
 www.scion-architecture.net ▪ Chapter 1 of our book “SCION: A secure Internet Architecture” ▪ Available from Springer this Summer 2017 ▪ PDF available on our web site ▪ Part 2 of this presentation: “Motivations for Change”

19