Embed Size (px)
Citation preview
Accountable IP (AIP)
David Andersen, Hari Balakrishnan, Nick Feamster,Teemu Koponen, Daekyeong Moon, Scott Shenker
Carnegie Mellon University, MIT, Georgia Tech, ICSI & HIIT, University of California, Berkeley
Presented by Sehoon Park2011.5.2 Topic of Internet, SNU
1
XIA #1 AIP
2011년 5월 2일 월요일
AIPAccountable Internet protocol
• SIGCOMM 2008 ACM• Cat.: Network Architecture and Design• General Terms: Design and Security• Keywords
• Internet architecture, accountability, address, security, scalability
2
2011년 5월 2일 월요일
Contents
• Introduction• AIP Design• Uses of Accountability• Routing Scalability• Key Management• Traffic Engineering• Conclusion
3
2011년 5월 2일 월요일
IntroductionWhat is AIP?
• Accountable Internet Protocol• Accountability as a first-order property• AIP uses a hierarchy of self-certifying
address derived from the public key• Solution to source spoofing, DoS, route
hijacking, and route forgery
4
2011년 5월 2일 월요일
IntroductionWhy AIP?
• We Ask: What needed to provide a firmer foundation of IP-layer security?
• We believe that many vulnerabilities are due to the lack of accountability
• Current Internet has no fundamental ability to associate an action with the responsible entity.
5
2011년 5월 2일 월요일
IntroductionWhy AIP?
• We Ask: What needed to provide a firmer foundation of IP-layer security?
• We believe that many vulnerabilities are due to the lack of accountability
• Current Internet has no fundamental ability to associate an action with the responsible entity.
We propose AIP as a replacement of current IP5
2011년 5월 2일 월요일
AIP Design Structure
• AIP Address forms• AD1:AD2:...:ADk:EID
• AD: Accountability Domain • distinct administrative units/networks• Hash of the public key of the domain
• EID: End-point identifier • host with GUID• Hash of the public key of the host
6
2011년 5월 2일 월요일
AIP Design Structure
7
Domain Data
Host Data
HashFunction
HashFunction
AD
EIDpublic key
public key
2011년 5월 2일 월요일
self-certifying
AIP Design Structure
7
Domain Data
Host Data
HashFunction
HashFunction
AD
EIDpublic key
public key
2011년 5월 2일 월요일
AIP DesignSimple example
• AIP Address forms• AD1:AD2:...:ADk:EID
AD1
AD2
AD3
AD1:AD2:EID1AD1:AD2:AD3:EID2
8
1 2
2011년 5월 2일 월요일
AIP DesignSimple example
• AIP Address forms• AD1:AD2:...:ADk:EID
AD1
AD2
AD3
AD1:AD2:EID1AD1:AD2:AD3:EID2
hierarchical
8
1 2
2011년 5월 2일 월요일
AIP DesignHeader / Address
9
Packets contains the destination’s
AD:EID
2011년 5월 2일 월요일
AIP DesignHeader / Address
9
Packets contains the destination’s
AD:EID
2011년 5월 2일 월요일
AIP DesignHeader / Address
9
Packets contains the destination’s
AD:EID
2011년 5월 2일 월요일
AIP DesignHeader / Address
9
Packets contains the destination’s
AD:EID
2011년 5월 2일 월요일
AIP DesignRouting
• Packets contain the destination’s AD:EID• Router use the destination AD to forward
the packet• Upon reaching the destination AD, router
forward the packet using only its EID• AIP also supports notion of autonomous
system since organizations not wish to advertise internal structure
10
2011년 5월 2일 월요일
AIP DesignDNS & Mobility
• DNS includes an AIP-record with AIP address for a hostname in domain
• AIP-record in DNS can be multiple domains as ADi:EID
• Mobility support is based on self-certifying EID (Unique)
• Destination EID remain unchanged while hosts roam from one AD to another
11
2011년 5월 2일 월요일
Uses of AccountabilitySource Accountability
• Detecting & Preventing Source Spoofing • AD & EID are hashes of public key
• These public key used to validate the source address of a packet
• Self-certifying addresses checks the source packets. If verifications fails, dropping a spoofed packets
• AIP extends uRPF(unicast Reverse Path Forwarding)
12
2011년 5월 2일 월요일
source accountabilityVerifying source
Verification packet
13
2011년 5월 2일 월요일
source accountabilityVerifying source
Verification packet
13
2011년 5월 2일 월요일
Uses of AccountabilityShut-off Protocol
• A victim sends ‘Shut-off packet’(SOP) to a host sending unwanted traffic (zombie)
• Smart-NIC records the hashes of recently sent packets and accepts SOPs
• SOP contains the hash of a recent packet V to Z, TTL, all signed by Z
14
2011년 5월 2일 월요일
Uses of AccountabilitySecuring BGP
• AIP uses mechanisms similar to S-BGP• No need for external trusted registries• AIP using mechanism
• Operators configure a BGP peering session
• BGP routers sign their routing announcements
• Each router must be able to find the public key that corresponds to an AD
15
2011년 5월 2일 월요일
Routing ScalabilityGrowth Effect to AIP
• Need to consider the hardware spec for
• AIP’s RIB/FIB has 160 bits from 32 bits of IP with a corresponding increase in the next hop and each AD component
16
2011년 5월 2일 월요일
Routing ScalabilityGrowth vs HW
17
2011년 5월 2일 월요일
Routing ScalabilityEffect Moving to AIP
• RIB and FIB size increase• RIB storage more needed (DRAM)• FIB storage (DRAM, SRAM, or CAM)
• CPU costs for cryptographic operations• Updating/Cryptographic processing
overhead (CPU)• AIP increases the diameter of network
18
2011년 5월 2일 월요일
Routing ScalabilityGrowth Effect to AIP
• AIP needs to manage,• Routing scalability with respect to
• Memory consumption (Storage)
• CPU overhead (Updating / Cryptography)
• Network bandwidth (Packet size increased)
19
2011년 5월 2일 월요일
Key Management3 important matters
• With Key-based cryptography, AIP faces three general problem• Key discovery
• Host key is simply its address
• Key compromise• Protecting against, detecting and dealing
with compromise
• Cryptographic algorithm compromise20
2011년 5월 2일 월요일
Key ManagementProtect against / dealing with
• Host & Domain follow established policies• Advanced HW may assist to keep safe• If host key compromised, adopt a new key
and publish it to DNS• If domain key compromised, revoke it
through the interdomain routing protocol • A very real danger of crypto system is one
of false confidence 21
2011년 5월 2일 월요일
Key ManagementProtect against / dealing with
• Host & Domain follow established policies• Advanced HW may assist to keep safe• If host key compromised, adopt a new key
and publish it to DNS• If domain key compromised, revoke it
through the interdomain routing protocol • A very real danger of crypto system is one
of false confidence Detecting is the most important!!
21
2011년 5월 2일 월요일
Key ManagementCompromise detection
• Answer is to maintain a public registry of the each peers AD, and ADs for EID
• Host X periodically checks a global registry for which domains are hosting
• Domain A checks the global registry to which domains claim to be peering with
• If they see an entry it doesn’t recognize, it may be a compromise
22
2011년 5월 2일 월요일
Traffic Engineering• The goal is to map an offered load on to a set
of available paths• AD together in common
• Administrated/Failed together• Good match for TE techniques as campus/
customers/non-geographical groups
• Load balancing by AIP address interface bit• Sub-divide an AD, interface bit can make
different subnet based 255 possible path23
2011년 5월 2일 월요일
Conclusion
• Accountability is a first-order goal• Hierarchical addressing with self-certifying
=> Solution to source spoofing, DoS, securing BGP
• The flat addresses => Concerns about route scalability & Traffic Engineering
• Questions of Key management & compromise• Yet, these are not a show-stopper for AIP to be
widely adopted 24
2011년 5월 2일 월요일
AIP ACCOUNTABLE IP
• Got any questions?
• Thanks
25
2011년 5월 2일 월요일
