1 / 10

Decoy Router Placement

Decoy Router Placement. Jacopo Cesareo, Michael Schapira, and Jennifer Rexford Princeton University. Decoy Router Placement. Decoy router along the path to decoy destination … directs traffic to the covert destination. decoy destination. decoy router. client. covert destination.

kamana
Télécharger la présentation

Decoy Router Placement

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Decoy Router Placement Jacopo Cesareo, Michael Schapira, and Jennifer Rexford Princeton University

  2. Decoy Router Placement • Decoy router along the path to decoy destination • … directs traffic to the covert destination decoy destination decoy router client covert destination

  3. Placement Problem • Given clients, destinations, and paths • Clients: {ci} • Decoy destinations: {dj} • Paths: {Pij} from client ci to decoy destination dj • Select K decoy routers • Decoy routers: {rk} from a set of candidates R • To maximize • # client/decoy pairs that traverse a decoy router, or • # clients traversing a decoy router for some decoy dest P11 c1 d1 c2 d2 c3 P32

  4. Greedy Placement Algorithm • Computational limits • NP hard to find the optimal solution • Best approximation has ~2/3 bound • Heuristic based on “popularity” • # of (ci, dj) pairs traversing the router, or • # of ci traversing the router to reach some decoy dest • Greedy algorithm achieves the ~2/3 bound! • Select the most popular candidate • Remove all parties it “covers” • Recompute the popularities • Repeat until K routers are chosen P11 c1 d1 c2 d2 c3 P32

  5. Initial Experiment • Autonomous System (AS) level model • RouteViews measurements of interdomain routing • CAIDA inferences of AS-level relationships • Simulation of AS-level routing decisions • Example experiment • Clients: all ASes located in Australia • Decoy destinations: ASes for Amazon and eBay • Candidate decoy routers: all ASes outside Australia • Results for two scenarios • # of client/decoy pairs that traverse a decoy router, or • # of clients that traverse a decoy router for some decoy

  6. Good Placement  Good Coverage

  7. Conclusions and Future Work • Good coverage with relatively few decoy routers • Effective placement algorithm with good bound • Clients concentrated through a few regional ISPs • A few large ISPs provide most wide-area connectivity • Future work • Wider range of clients and decoy destinations • Direct measurements of AS paths and router-level paths • Selection of decoy destinations given the decoy routers • Reactions of adversaries to circumvent decoy routers

  8. Backup Slides

  9. Decoy Router ASes • For clients in Australia • Decoy routers for clients • Cogent, AOL, NTT, ReachNetworks, Verizon • 174, 1668, 2914, 4637, 701 • Decoy routers for client/decoy-destination pairs • Singapore Telecom, ReachNetworks, Tata Communications, Cogent, Level3, Telecom New Zealand, NTT, KDDI, NetAccess • For clients in China • Decoy routers for clients • Cogent, SwissCom, NetAccess, … • Decoy routers for client/decoy-destination pairs • Cogent, Qwest, SwissCom, AOL, NetAccess, KDDI, Verizon, Deutsche Telekom, …

  10. Placement Algorithm: China

More Related