L. Subramanian, V. Roth, I. Stoica, S. Shenker, R. H. Katz - - PowerPoint PPT Presentation

l subramanian v roth i stoica s shenker r h katz
SMART_READER_LITE
LIVE PREVIEW

L. Subramanian, V. Roth, I. Stoica, S. Shenker, R. H. Katz - - PowerPoint PPT Presentation

May 30, 2023 209 likes •392 views

L. Subramanian, V. Roth, I. Stoica, S. Shenker, R. H. Katz Presented by Ashish Vulimiri Focus on invalid routes Invalid routes in the control plane Invalid routes in the data plane Solution: both control and data plane verification

slide-1
SLIDE 1
  • L. Subramanian, V. Roth, I. Stoica,
  • S. Shenker, R. H. Katz

Presented by Ashish Vulimiri

slide-2
SLIDE 2

Focus on invalid routes

Invalid routes in the control plane Invalid routes in the data plane

Solution: both control and data plane verification

slide-3
SLIDE 3

Requirement: Path Verification Actual Guarantee:

If an AS receives at least one valid path to AS A, receipt of an invalid path to A will trigger an alarm

slide-4
SLIDE 4

Is this a good property to provide?

slide-5
SLIDE 5

Suppose two paths received, A and B Build loop out of these paths Source-route along loop (in both

directions)

Loop Verification

slide-6
SLIDE 6

When D receives path CBA from C

  • Signature received: S = h(B, h(A, h(z)))
  • D computes h(C, S) before sending onwards

Authors suggest two schemes for computing

and using these hashes

Hash Schemes

slide-7
SLIDE 7

Secondary Requirement: Actual Mechanism:

Count how many times AS is in a problem-path

If an AS sends out “too many” invalid paths, it will be identified

slide-8
SLIDE 8

?

slide-9
SLIDE 9

Requirement:

Check if data plane path matches control plane path

Actual Guarantee:

Check if data plane path reaches destination

slide-10
SLIDE 10

Can you do anything better with end-to-end feedback?

slide-11
SLIDE 11

Mechanism: passive probing

  • Why?

Raise alert if too many (N) unsuccessful

TCP connection attempts in time T

T proportional to popularity of destination

  • Popularity measured by MTBA
slide-12
SLIDE 12

False negatives

  • Suggest values for N based on experimental

results

False positives

  • Drop packets on m paths
  • Observe these m and an additional n
  • Expected: retransmissions on m, none on n
  • If not, raise alert
slide-13
SLIDE 13

What they list as potential misbehaviour:

  • End-hosts collude with adversary, generate fake

valid TCP connections

  • Port scanners: false positives

What else could happen?

slide-14
SLIDE 14

Authors do not assume malicious attempts

to game Listen/Whisper

Independent adversaries: if 1000 largest

ASes deploy L/W, then in worst-case

  • 8% of all nodes affected w/o penalties
  • 1% with penalties
slide-15
SLIDE 15

Colluding adversaries

slide-16
SLIDE 16

Path verification in the control plane Reachability analysis in the data plane They remove existing vulnerabilities … and then add their own Still, could be a net improvement

slide-17
SLIDE 17

Questions?