survivable real time network services
play

Survivable Real-Time Network Services David L. Mills University of - PowerPoint PPT Presentation

Nov 15, 2022 •359 likes •566 views

Survivable Real-Time Network Services David L. Mills University of Delaware http://www.eecis.udel.edu/~mills mailto:mills@udel.edu Sir John Tenniel; Alices Adventures in Wonderland, Lewis Carroll 10-Jan-03 1 Distributed, real-time sensor

  1. Survivable Real-Time Network Services David L. Mills University of Delaware http://www.eecis.udel.edu/~mills mailto:mills@udel.edu Sir John Tenniel; Alice’s Adventures in Wonderland, Lewis Carroll 10-Jan-03 1

  2. Distributed, real-time sensor networks Ad-hoc, wireless networking o • Self organizing network infrastructure • Redundant sensors resist loss of data • Diversity paths resist jamming Autonomous system model o • Sensors loosely deployed on battlefield or planetary surface • Sensors can be lost or destroyed or added during the mission Working assumptions o • Lowest level is network connectivity and routing • Next level is security and time management • Higher levels define applications Game plan o • Nearest equivalent sandbox is the Internet • Nearest equivalent sensor network is the Network Time Protocol (NTP) 10-Jan-03 2

  3. Autonomous system model Fire-and-forget software o • Single software distribution can be configured, built and installed automatically on most host architectures and operating systems • Run-time configuration can be automatically determined and maintained in response to changing network topology and server availability Autonomous configuration o • Survey nearby network environment to construct a list of suitable servers • Select best servers from among the list using mitigation algorithms and a statistical metric • Reconfigure the subnet for best accuracy with overhead constraints • Periodically refresh the list in order to adapt to changing topology Autonomous authentication o • For each new server found, fetch and verify its cryptographic credentials • Authenticate each message received using an engineered protocol • Regenerate keys in a timely manner to avoid compromise 10-Jan-03 3

  4. Goals and non-goals Goals o • Robustness to many and varied kinds of failures, including Byzantine faults, destruction, malicious attacks and implementation bugs • Maximum utilization of Internet multicast services and protocols • Depend only on public values and certificates seeded in the network itself • Cryptographic authentication based on established public key infrastructure Non-goals o • Administrative scoping – use it as it is, but provide TTL fences • Access control - this is provided by firewalls and address filtering • Privacy - all protocol values, including time values, are public • Protection against attacks on data values - this is provided by the NTP protocol • Non-repudiation - this can be provided by a layered protocol if necessary 10-Jan-03 4

  5. NTP as sensor network Peer 1 Filter 1 Intersection and Combining Peer 2 Filter 2 Loop Filter Clustering Algorithm Algorithms P/F-Lock Loop Peer 3 Filter 3 VFO NTP Messages Timestamps Anatomy of a sensor o • Multiple peers provide redundancy and diversity • Data filters select best from a window of offset/delay samples • Intersection algorithm discards falsetickers using Byzantine agreement principles • Clustering algorithm picks the best subset of truechimer peers • Combining algorithm, loop filter and variable frequency oscillator (VFO) implement hybrid phase/frequency-lock feedback loop which determines the system time 10-Jan-03 5

  6. NTP autonomous systems Configuration and authentication and synchronization are inseparable o Autonomous configuration (Manycast) o • Centralized configuration management does not scale to large networks • Finding optimal topologies in large subnet graphs under degree and distance constraints is NP-hard • Formal methods may not produce good topologies in acceptable time • Span-limited, expanding-ring search strategies may be a good place to start Autonomous authentication (Autokey) o • Centralized key management does not scale to large networks • Symmetric key cryptosystems require pairwise key agreement and persistent state in clients and servers • Servers cannot maintain persistent state for possibly thousands of clients • Public-key cryptosystems are too slow for good timekeeping • Solution may involve a combination of public and symmetric key cryptosystems 10-Jan-03 6

  7. Autonomous configuration Manycast dynamic server discovery scheme o • Clients discover servers using span-limited, expanding-ring search • To minimize overhead, clients send polls at intervals depending on the number of servers found • To minimize implosion, servers reply only if equal or lower stratum • Clients mobilize potential server associations for later mitigation Automatic quasi-optimal mitigation algorithms o • NTP synchronization distance metric is used as a quality indicator • Distance is dominated by stratum, which is normally controlling • Byzantine agreement algorithm is used to detect and discard falsetickers • Clustering algorithm discards outlyers in repeating rounds until no more than a fixed minimum number of survivors remain 10-Jan-03 7

  8. Static and dynamic stratum assignment Manycast subnet topology is automatically determined and maintained o • Nodes are identically configured as both Manycast servers and clients • In addition, primary servers are configured for external references • In operation, primary servers peer with each other, secondary servers peer first with primary, then with secondary servers at the same stratum However, this scheme results in only two strata, so we assign each o node static floor and ceiling strata • Peer distance below the floor is increased by the floor • Peer distance above the ceiling is increased to the maximum • Node stays between floor and ceiling, unless insufficient servers are found • Manycast search strategy stays the same However, the scheme needs to dynamically determine quasi-optimum o floor and ceiling for each node • Ongoing research… 10-Jan-03 8

  9. Autonomous timekeeping Autokey authentication and NTP synchronization protocols work o independently for each peer • Public keys and certificates are obtained and verified relatively infrequently using X.509 certificates and certificate trails • Session keys are derived from public keys using fast algorithms • Each NTP message is individually authenticated using session key and message digest (keyed MD5), but cryptographically bound do public key A proventic trail is a sequence of NTP servers, each time synchronized o and cryptographically verified to the next and ending on one or more trusted primary time servers • NTP and Autokey run in parallel to synchronize time and construct proventic trails • When both time and at least one proventic trail are verified, the peer is admitted to the population used to synchronize the system clock Further research: trust metric based on number of proventic trails o 10-Jan-03 9

  10. Autokey packet format NTP Protocol Header Format (32 bits) LI leap warning indicator LI VN Mode Strat Poll Prec VN version number (4) Root Delay Strat stratum (0-15) Root Dispersion Poll poll interval (log2) Reference Identifier Prec precision (log2) Reference Timestamp (64) NTP Timestamp Format (64 bits) Seconds (32) Fraction (32) Originate Timestamp (64) Value is in seconds and fraction Cryptosum since 0 h 1 January 1900 Receive Timestamp (64) Transmit Timestamp (64) NTP v4 Extension Field Field Type Length Extension Field 1 (optional) Extension Field (padded to 32-bit boundary) Extension Field 2… (optional) Last field padded to 64-bit boundary Key/Algorithm Identifier NTP v3 and v4 Authenticator NTP v4 only (Optional) Message Digest (64 or 128) authentication only Authenticator uses MD5 cryptosum of NTP header plus extension fields (NTPv4) 10-Jan-03 10

  11. Session keys Source Dest Key ID Cookie Hash Address Address NTPv4 Session Key NTPv4 session key includes four 32-bit words; NTPv6 session key o includes ten 32-bit words Session key value is the 16-octet MD5 message digest of the session o key Key IDs have pseudo-random values and are used only once. A special o key ID value of zero is used as a NAK reply In any message including an extension field, the cookie has a public o value (zero) In other cases the cookie is a hash of the addresses and a private o value encrypted by the client public key 10-Jan-03 11

  12. Generating the session key list Source Dest Final Final Cookie Key ID Address Address Index Key ID Session Compute Hash Key ID Compute Signature List Index n Next Signature Key ID Index n + 1 Server rolls a random 32-bit seed as the initial key ID and selects the o cookie. Messages with a zero cookie contain only public values Initial session key is constructed using the given addresses, cookie and o initial key ID. The session key value is stored in the key cache Next session key is constructed using the first four octets of the session o key value as the new key ID. The server continues to generate the full list Final index number and key ID are provided in an extension field with o signature and timestamp 10-Jan-03 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fieldbus : : Fieldbus Industrial Network Industrial Network Real Time Network Real Time

Fieldbus : : Fieldbus Industrial Network Industrial Network Real Time Network Real Time

Fieldbus : : Fieldbus Industrial Network Industrial Network Real Time Network Real Time Network Jean-Pierre Thomesse Institut National Polytechnique de Lorraine Nancy, France ETR 2005 - Fieldbus - Industrial Network - Real Time Network

1.4k views • 71 slides
Real-Time Communication Integrated Services: Integration of variety of services with

Real-Time Communication Integrated Services: Integration of variety of services with

CPSC-663: Real-Time Systems Real-Time Communication Real-Time Communication Integrated Services: Integration of variety of services with different requirements (real-time and non-real-time) Traffic (workload) characterization

703 views • 20 slides
Survivability Modern telecommunication network are built survivable Network maintain

Survivability Modern telecommunication network are built survivable Network maintain

Lic.(Tech.) Marko Luoma (1/25) Lic.(Tech.) Marko Luoma (2/25) Survivability Modern telecommunication network are built survivable Network maintain service continuity (SLA: availability) in the presence of faults within the network

217 views • 7 slides
Modelling of the London Bus Network The Data London Open Transport API Real-time bus

Modelling of the London Bus Network The Data London Open Transport API Real-time bus

Alex Gubbay Real Time Graph Modelling of the London Bus Network The Data London Open Transport API Real-time bus arrivals at every stop 130,000 data points a minute Also provided: Real-time traffic incidents Real-time

173 views • 5 slides
Implementing Real-Time Transport Services over an Ossified Network Stephen McQuistin and Colin

Implementing Real-Time Transport Services over an Ossified Network Stephen McQuistin and Colin

Implementing Real-Time Transport Services over an Ossified Network Stephen McQuistin and Colin Perkins University of Glasgow Marwan Fayed University of Stirling Talk Overview Multimedia Applications and the Transport Layer Ossification

561 views • 25 slides
Survivable Network Design Dr. Jnos Tapolcai tapolcai@tmit.bme.hu 1 The final goal 2 We

Survivable Network Design Dr. Jnos Tapolcai tapolcai@tmit.bme.hu 1 The final goal 2 We

Survivable Network Design Dr. Jnos Tapolcai tapolcai@tmit.bme.hu 1 The final goal 2 We prefer not to see: Telecommunicaiton Networks Video PSTN Internet Business Metro Backbone High Speed Backbone Service providers Mobile

910 views • 68 slides
Strong Formulations for the Survivable Network Design with Hop Constraints Problem A. Ridha

Strong Formulations for the Survivable Network Design with Hop Constraints Problem A. Ridha

Strong Formulations for the Survivable Network Design with Hop Constraints Problem A. Ridha Mahjoub 1 , Luidi Simonetti 2 , Eduardo Uchoa 2 1 Universit e Paris-Dauphine mahjoub@lamsade.dauphine.fr 2 Universidade Federal Fluminense

934 views • 49 slides
RAP Tight integration with the physical world Location aware Communication patterns:

RAP Tight integration with the physical world Location aware Communication patterns:

Real-time Systems Speed/RAP/CODA Speed/RAP/CODA Many wireless sensor network applications require real-time support Surveillance and tracking Border patrol Fire fighting Real-time systems: Hard real-time: guarantee

476 views • 9 slides
Connecting to a Real Time GNSS Connecting to a Real Time GNSS Network with TopSURV Network with

Connecting to a Real Time GNSS Connecting to a Real Time GNSS Network with TopSURV Network with

Connecting to a Real Time GNSS Connecting to a Real Time GNSS Network with TopSURV Network with TopSURV July 2009 Connecting to a Real Time GNSS Network with TopSURV Training Agenda Training Agenda Two methods for Internet connection

986 views • 31 slides
Real time and comunications 1 Examples of use and data capture Network time Basic

Real time and comunications 1 Examples of use and data capture Network time Basic

Real time and comunications 1 Examples of use and data capture Network time Basic protocol for real-time traffic Protocol for the management of data flow Secure version of the protocol 2 What is real-time (time of

629 views • 33 slides
Real-Time Mixes for ISDN Requirements of real-time communication Becomes important when

Real-Time Mixes for ISDN Requirements of real-time communication Becomes important when

Real-Time Mixes for ISDN Requirements of real-time communication Becomes important when using services like telephony where a continuous data stream via channels has to be transmitted In order to configure an anonymous channel, the

694 views • 38 slides
Applications - Real-time vs. near real-time Markus Peuhkuri 2004-08-18 Lecture Topics What

Applications - Real-time vs. near real-time Markus Peuhkuri 2004-08-18 Lecture Topics What

Applications - Real-time vs. near real-time Markus Peuhkuri 2004-08-18 Lecture Topics What network requirements Components for network Requirements by application Requirements for elastic flows (or look-alike)

210 views • 9 slides
Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real

Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #15 Updated 2009-03-03 Dependable Distributed Dependable Distributed Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real Aircraft/automotive

501 views • 9 slides
Automating Cloud Deployment for Deep Learning Inference of Real-time Online Services Yang Li

Automating Cloud Deployment for Deep Learning Inference of Real-time Online Services Yang Li

Automating Cloud Deployment for Deep Learning Inference of Real-time Online Services Yang Li Zhenhua Han Quanlu Zhang Zhenhua Li Haisheng Tan DNN-driven Real-time Services Speech Recognition Image Classification Neural Machine Translation

500 views • 16 slides
RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS

RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS

RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS Real-time extensions to general-purpose OS Chenyang Lu 2 RTOS: Features for Efficiency Small Minimal set of functionality Fast context switch

504 views • 16 slides
Intelligent real-time reactive network management Intelligent Network Management Framework Final

Intelligent real-time reactive network management Intelligent Network Management Framework Final

Intelligent real-time reactive network management Intelligent Network Management Framework Final project studies Guillaume Andreys April/August 2004 Introduction Motivation Presentation Introduction A lot of tools to collect network

444 views • 18 slides
NAC@ACK Michael Thumann & Dror-John Roecher NAC @ACK by Michael Thumann & Dror-John

NAC@ACK Michael Thumann & Dror-John Roecher NAC @ACK by Michael Thumann & Dror-John

NAC@ACK Michael Thumann & Dror-John Roecher NAC @ACK by Michael Thumann & Dror-John Roecher March 30th 2007 1 Agenda Part 1 Introduction (very short) Some marketing buzz on Cisco NAC Part 2 NAC Technology All

1k views • 63 slides
Regulatory & Competitive Policies for Investment in the Current Global Low Price Regime M ARCH

Regulatory & Competitive Policies for Investment in the Current Global Low Price Regime M ARCH

Regulatory & Competitive Policies for Investment in the Current Global Low Price Regime M ARCH 3 2016 Content 1. Overview 2. Oil as definition of Nigerian state 3. Effects of price dips 4. Opportunities 5. Challenges 6. Policy

1.31k views • 27 slides
MODE OF PRESENTATION 1. The following editions of Manusahit have been taken as the standard

MODE OF PRESENTATION 1. The following editions of Manusahit have been taken as the standard

MODE OF PRESENTATION 1. The following editions of Manusahit have been taken as the standard editions for the purpose of this research work. i. Manusm , Sanskrit text with the Commentary of Kullka, Shastri Acharya Jagdishlal ed.,

65 views • 3 slides
Custom Writing Service - Special Prices Custom report writing and presentation Literature review

Custom Writing Service - Special Prices Custom report writing and presentation Literature review

Custom Writing Service - Special Prices Custom report writing and presentation Literature review on democracy help on research paper about marketing management project report on computer networking , health research paper about marketing research

81 views • 4 slides
government administrations Madrid 24 November 2016 Lionel Fulton Labour Research Department

government administrations Madrid 24 November 2016 Lionel Fulton Labour Research Department

External violence and abuse in central government administrations Madrid 24 November 2016 Lionel Fulton Labour Research Department Contents The extent of external violence and abuse The impact of violence and abuse The legal

489 views • 33 slides
Combining Agile and Strengths How to Capitalize on the Strengths Movement

Combining Agile and Strengths How to Capitalize on the Strengths Movement

Combining Agile and Strengths How to Capitalize on the Strengths Movement Monday, August 15, 2011 What is the strengths movement? Monday, August 15, 2011 What is the strengths movement? Monday, August 15, 2011

208 views • 16 slides
Presentation Title Name, Title Maricopa County Elections Department | 602-506-1511 |

Presentation Title Name, Title Maricopa County Elections Department | 602-506-1511 |

MARICOPA COUNTY P r e s i d e n t i a l P r e f e r e n c e E l e c t i o n CANVASS REPORT Elections Department MARCH 17, 2020 Presentation Title Name, Title Maricopa County Elections Department | 602-506-1511 | Maricopa.Vote Board of

237 views • 7 slides
Enhancing UCLA Athletic Event Sustainability Through Development of Comprehensive Green Templates

Enhancing UCLA Athletic Event Sustainability Through Development of Comprehensive Green Templates

Enhancing UCLA Athletic Event Sustainability Through Development of Comprehensive Green Templates Stakeholders: Kayla Shirey, Derek Doolittle Team leaders: Jacob Gerigk, Zachary Alter Team members: Kate Minden, Sarina Levin, Jonah Eisen, Amber

376 views • 12 slides

More recommend