RID Implementation Report Toshifumi Kai (kai@trc.mew.co.jp), Akito - - PowerPoint PPT Presentation

rid implementation report
SMART_READER_LITE
LIVE PREVIEW

RID Implementation Report Toshifumi Kai (kai@trc.mew.co.jp), Akito - - PowerPoint PPT Presentation

May 15, 2023 156 likes •301 views

RID Implementation Report Toshifumi Kai (kai@trc.mew.co.jp), Akito Nagashima (akito_nagashima@mewe1.mewnet.or.jp), Hiroshige Nakatani (nakatani@trc.mew.co.jp), Naohiro Fukuda (fukuda@trc.mew.co.jp), Shimizu Hiroshi (shimizu@trc.mew.co.jp)

slide-1
SLIDE 1

RID Implementation Report

Toshifumi Kai (kai@trc.mew.co.jp), Akito Nagashima (akito_nagashima@mewe1.mewnet.or.jp), Hiroshige Nakatani (nakatani@trc.mew.co.jp), Naohiro Fukuda (fukuda@trc.mew.co.jp), Shimizu Hiroshi (shimizu@trc.mew.co.jp) Matsushita Electric Works, Ltd. Teruaki Takahashi (c300070@ns.kogakuin.ac.jp), Akira Hashiguchi (akira@cooweb.com), Takayuki Suzuki (t-suzuki@pf6.so-net.ne.jp) Katsuji Tsukamoto (tsukamoto@tsukaken.jp) Kogakuin University

slide-2
SLIDE 2

Plan for Test by Mew

2004 Sep 27th – Oct 1st Phase 1 (Finished) … RID system only MEW’s XML format is not same as RID format, No Encryption and Authentication 2004 Nov 1th – Dec 30th Phase 2 (Planned and on Going) …RID with Traceback MEW’s XML format is not same as RID format, No Encryption and Authentication 2005 Jan 1th – Phase 3 (Not Planned Yet) …RID with Traceback Full Implemented system

slide-3
SLIDE 3

MEW’s Implementation Status

  • Renaming Source Found to message result for not

found case (-> history area)

‘Message Type 3 with NULL Attacker’s IP’ equal ‘Not Found’

  • Notification field for traceback system added for Source

Found Message (-> free form text area)

It would be necessary for the following cases, if the initiator assigns false negative (FN) traceback and it requires FP, responder assigns false positive (FP), then the traced result may be no meaning for initiator. For example, between different traceback systems (hash traceback and icmp traceback). Also, in the case of caused system down of traceback system, it should be reported by the notification.

  • MEW’s XML format is not equal for RID’s XML format

Implementation is not completed yet and modified for test purpose now.

  • Encryption and authentication is not implemented yet.

Implementation of SSL/XML encryption and authentication using CA remained

  • Transport protocol is implemented with soap/http/tcp
slide-4
SLIDE 4

Simple Test

  • We setup a very simple test case: star topology

and straight chained topology with 7 PCs.

  • 7 PCs as NMSes and without routers and

traceback system between them

  • We measured the response time until the source

found (result) message will send to initiator

  • NMS and the CPU time when the NMS handle

the XML interpretation and SOAP

  • communication. When it were straight topology,

and if AS numbers were 7.

slide-5
SLIDE 5

Test Results

  • Straight Chained Topology:

Response time for traceback was 1.6 sec, and Response time for handling SOAP/XML was 0.46 sec for 7 ASes.

  • Star Topology:

Response time for traceback was 0.6 sec, and Response time for handling SOAP/XML was 0.23 sec for 6 ASes.

  • It will take about 0.1-0.22 sec per AS for handling

traceback, 0.038-0.065 sec per AS for handling SOAP/XML, And total response time will be about 0.138-0.285 sec per AS. Note: We assume and feed the tracing time (delay) of inside AS defined as fixed value.

First and Middle AS; 0.2sec Attacker’s AS (Final AS); 0.4sec

(We plan to test with the real tracing time in next month)

slide-6
SLIDE 6

Reference

slide-7
SLIDE 7

Spec for NMS

NMS(RID)

(Inter-AS traceback Software)

  • Transport Protocol:

– TCP + HTTP + Open SOAP

  • Inter-AS Traceback Protocol:

– RID-mew (modified RID + XML)

  • CPU:

– Pentium43.0GHz

  • Memory:

– 512MBytes

  • Network:

– Fast Ether (100Base-T)

slide-8
SLIDE 8

Chained AS Topology

V A Victim Attacker AS1 AS2 AS3 AS4 AS Num Topology V A

AS1 V A

AS1 AS2 AS3 AS4 AS5 AS6 AS7 V A

slide-9
SLIDE 9

Timeline for Chained Trace

Start-Tracing Trace Finished AS1 AS2 AS3 Int-AS trace Int-AS trace Int-AS trace Request message Request message Request message Result message t1 t2 *AS num = 4 AS4 Int-AS trace t3

T=t1+t2+t3+t4 =RID Processing Time ( SOAP Protocol +XML Translation)

Time to Trace t4

slide-10
SLIDE 10

Chained Results

[sec] 0.466741 1.6 7 0.401333 1.4 6 0.315661 1.2 5 0.252760 1.0 4 0.189532 0.8 3 0.096066 0.6 2 0.053916 0.4 1 RID Processing Time( SOAP Protocol + XML Translation) Tracing Time for Total int-AS AS num

*We assume that the tracing time of inside AS defined as fixed value ( first and middle AS;0.2sec, Attacker’s AS; 0.4sec)

. 5 1 1 . 5 2 2 . 5 1 2 3 4 5 6 7 A S N u m b e r s T r a c i n g T i m e [ s e c ]

RID Processing Time( SOAP Protocol + XML Translation) Total Time for tracing Internal AS

slide-11
SLIDE 11

Star AS Topology

AS1

V A

AS4 AS3 AS2

A Num of Neighbor AS

1 3 6

A

AS1 AS2

A V

AS1 AS4 AS3

A

AS2 AS3 AS3 AS2

A A A V A Topology A A: Attacker V: Victim

slide-12
SLIDE 12

Timeline for Star Topology

AS1 AS2 AS3 AS4 Int-AS trace Int-AS trace Int-AS trace Int-AS trace Trace Finished Request message Result message Start Tracing Time for Tracing ※num of neighbor AS was 3

slide-13
SLIDE 13

Star Results

. 2 3 7 4 5 9 . 6 6 . 2 1 9 4 2 9 . 6 5 . 1 8 3 9 . 6 4 . 1 7 7 4 6 9 . 6 3 . 1 5 7 6 9 2 . 6 2 . 9 6 6 6 . 6 1

RID Processing Time ( SOAP Protocol + XML Translation) Tracing Time for each Int- AS Num of neighbor AS . 5 1 1 . 5 1 2 3 4 5 6 n u m

  • f

C h i l d A S T r a c i n g T i m e [ s e c ]

RID Processing Time( SOAP Protocol + XML Translation) Time for each tracing Internal AS

*We assume that the tracing time of inside AS defined as fixed value ( first and middle AS;0.2sec, Attacker’s AS; 0.4sec)