Interdomain Routing Decisions Mingchen Zhao * Wenchao Zhou * - - PowerPoint PPT Presentation

interdomain routing decisions
SMART_READER_LITE
LIVE PREVIEW

Interdomain Routing Decisions Mingchen Zhao * Wenchao Zhou * - - PowerPoint PPT Presentation

Oct 04, 2023 189 likes •654 views

Private and Verifiable Interdomain Routing Decisions Mingchen Zhao * Wenchao Zhou * Alexander Gurney * Andreas Haeberlen * Micah Sherr + Boon Thau Loo * * University of Pennsylvania + Georgetown University 1 SIGCOMM 2012 (August 16, 2012)

slide-1
SLIDE 1

SIGCOMM 2012 (August 16, 2012)

Private and Verifiable Interdomain Routing Decisions

Mingchen Zhao* Wenchao Zhou* Alexander Gurney* Andreas Haeberlen* Micah Sherr+ Boon Thau Loo*

* University of Pennsylvania + Georgetown University

1

slide-2
SLIDE 2

SIGCOMM 2012 (August 16, 2012)

slide-3
SLIDE 3

SIGCOMM 2012 (August 16, 2012)

slide-4
SLIDE 4

SIGCOMM 2012 (August 16, 2012)

slide-5
SLIDE 5

SIGCOMM 2012 (August 16, 2012)

slide-6
SLIDE 6

SIGCOMM 2012 (August 16, 2012)

slide-7
SLIDE 7

SIGCOMM 2012 (August 16, 2012)

slide-8
SLIDE 8

SIGCOMM 2012 (August 16, 2012)

slide-9
SLIDE 9

SIGCOMM 2012 (August 16, 2012)

slide-10
SLIDE 10

SIGCOMM 2012 (August 16, 2012)

slide-11
SLIDE 11

SIGCOMM 2012 (August 16, 2012)

slide-12
SLIDE 12

SIGCOMM 2012 (August 16, 2012)

slide-13
SLIDE 13

SIGCOMM 2012 (August 16, 2012)

Challenge: Privacy

13

Charlie Doris Eliot Alice Bob

5 hop (3+1) hop

I do not want to reveal all my routes to Alice!

slide-14
SLIDE 14

SIGCOMM 2012 (August 16, 2012)

Security

Can we have our cake and eat it too?

14

Privacy Security

S-BGP, soBGP, psBGP, NetReview, …

slide-15
SLIDE 15

SIGCOMM 2012 (August 16, 2012)

Goals

  • Security: If Bob breaks his promise, Alice

will detect it.

  • Privacy: Verification does not reveal more

information than BGP.

  • Evidence: If Bob breaks his promise, Alice

can prove it.

  • Accuracy: If Bob does not break his

promise, nobody can prove he did.

15

slide-16
SLIDE 16

SIGCOMM 2012 (August 16, 2012)

slide-17
SLIDE 17

SIGCOMM 2012 (August 16, 2012)

slide-18
SLIDE 18

SIGCOMM 2012 (August 16, 2012)

slide-19
SLIDE 19

SIGCOMM 2012 (August 16, 2012)

Outline

  • Motivation
  • Goal: Verify promises about routing decisions
  • Challenge: Privacy
  • The SPIDeR system
  • Evaluation
  • Summary

19

slide-20
SLIDE 20

SIGCOMM 2012 (August 16, 2012)

slide-21
SLIDE 21

SIGCOMM 2012 (August 16, 2012)

slide-22
SLIDE 22

SIGCOMM 2012 (August 16, 2012)

slide-23
SLIDE 23

SIGCOMM 2012 (August 16, 2012)

slide-24
SLIDE 24

SIGCOMM 2012 (August 16, 2012)

slide-25
SLIDE 25

SIGCOMM 2012 (August 16, 2012)

Background: Merkle Hash Tree

  • Merkle Tree

25

b1 b2 b3 b4

Hash Hash Hash Hash Hash Hash Hash

b2

Hash Hash Hash Hash Hash

Proof that the second value is b2 Reveals nothing about b1, b3, b4!

Path to the root

Values

Commitment

slide-26
SLIDE 26

SIGCOMM 2012 (August 16, 2012)

slide-27
SLIDE 27

SIGCOMM 2012 (August 16, 2012)

slide-28
SLIDE 28

SIGCOMM 2012 (August 16, 2012)

slide-29
SLIDE 29

SIGCOMM 2012 (August 16, 2012)

slide-30
SLIDE 30

SIGCOMM 2012 (August 16, 2012)

slide-31
SLIDE 31

SIGCOMM 2012 (August 16, 2012)

slide-32
SLIDE 32

SIGCOMM 2012 (August 16, 2012)

slide-33
SLIDE 33

SIGCOMM 2012 (August 16, 2012)

slide-34
SLIDE 34

SIGCOMM 2012 (August 16, 2012)

slide-35
SLIDE 35

SIGCOMM 2012 (August 16, 2012)

slide-36
SLIDE 36

SIGCOMM 2012 (August 16, 2012)

Making SPIDeR practical

  • So far: We can verify promises about a single

prefix and a single decision

  • We have a protocol
  • It meets all four goals
  • We proved the correctness (in a TR)
  • Guarantees hold even if an AS is malicious
  • Practical issues
  • , temporal privacy, loose

synchronization, logging system, withdrawals, incremental deployment Loose synchronization, Logging sys

36

Multiple prefixes

slide-37
SLIDE 37

SIGCOMM 2012 (August 16, 2012)

Multi-Prefix: Additional Challenges

  • 37
slide-38
SLIDE 38

SIGCOMM 2012 (August 16, 2012)

slide-39
SLIDE 39

SIGCOMM 2012 (August 16, 2012)

slide-40
SLIDE 40

SIGCOMM 2012 (August 16, 2012)

Outline

  • Motivation
  • The SPIDeR system
  • Single prefix
  • Practical Challenges
  • Evaluation
  • Functionality check
  • Microbenchmarks
  • Overhead
  • Summary

40

slide-41
SLIDE 41

SIGCOMM 2012 (August 16, 2012)

Evaluation: Microbenchmarks

  • An important metric is how fast we can

make hash trees.

  • How quickly can we capture transient routing

configuration problems?

  • Experiment: generate a tree for a full BGP

routing table on Dell PowerEdge 860.

  • Result: 17.4s (with three cores)
  • Scales almost linearly with the number of cores

41

slide-42
SLIDE 42

SIGCOMM 2012 (August 16, 2012)

Evaluation: Experimental Overhead

  • Small AS topology with Quagga routers
  • Injected a RouteViews trace
  • AS 5’s SPIDeR ran on a single machine

42

Data Collected

slide-43
SLIDE 43

SIGCOMM 2012 (August 16, 2012)

Evaluation: Overhead

  • Computation
  • 2.4 GHz core: 81.3% utilized
  • Commodity workstation is sufficient
  • Bandwidth
  • Signatures etc.: 20.8kbps
  • Verifying 1% of commitments per minute: 3.0Mbps
  • On the order of a single DSL upstream link
  • Storage
  • Keeping 1 year’s worth of logs: 145.7GB
  • Fits on a commodity hard drive

43

slide-44
SLIDE 44

SIGCOMM 2012 (August 16, 2012)

Evaluation: Overhead

  • Computation
  • 2.4 GHz core: 81.3% utilized
  • Commodity workstation is sufficient
  • Bandwidth
  • Signatures etc.: 20.8kbps
  • Verifying 1% of commitments per minute: 3.0Mbps
  • On the order of a single DSL upstream link
  • Storage
  • Keeping 1 year’s worth of logs: 145.7GB
  • Fits on a commodity hard drive

44

  • A small AS could run SPIDeR on a single

machine

slide-45
SLIDE 45

SIGCOMM 2012 (August 16, 2012)

Summary

  • Goal: Verify promises about interdomain

routing decisions

  • Problem: Offer both security and privacy
  • Solution: Collaborative verification
  • Implemented in the SPIDeR system
  • Provable security and privacy guarantees
  • Efficient enough to run on a single

commodity workstation

45

More information: http://snp.cis.upenn.edu/