1 / 19

SCION: S calability, C ontrol and I solation O n Next-Generation N etworks

SCION: S calability, C ontrol and I solation O n Next-Generation N etworks. Xin Zhang, Hsu-Chun Hsiao, Geoff Hasker, Haowen Chan, Adrian Perrig, David Andersen. The Internet is still un reliable and in secure!. Feb 2008: Pakistani ISP hijacks YouTube prefix. S-BGP origin attest.

tasya
Télécharger la présentation

SCION: S calability, C ontrol and I solation O n Next-Generation N etworks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SCION:Scalability, Control and Isolation On Next-Generation Networks Xin Zhang, Hsu-Chun Hsiao, Geoff Hasker, Haowen Chan, Adrian Perrig, David Andersen

  2. The Internet is still unreliable and insecure! Feb 2008: Pakistani ISP hijacks YouTube prefix S-BGP origin attest. Apr 2010: A Chinese ISP inserts fake routes affecting thousands of US networks. Application S-BGP route attest. Transport Nov 2010: 10% of Internet traffic 'hijacked' to Chinese servers due to DNS Tampering. Multi-path Network DNSSec Data link • Fixes to date – ad hoc, patches • Inconvenient truths • S-BGP: delayed convergence • Global PKI: single root of trust Physical

  3. Limitations of the Current Internet • Too little or too much path control by end points • Destination has too little control over inbound paths • Source has too much control to aggregate DDoS traffic A Prefer the red path … B M C D’s prefix here! D

  4. Limitations of the Current Internet • Too little or too much path control by end points • Destination has too little control over inbound paths • Source has too much control to aggregate DDoS traffic • Lack of routing isolation • A failure/attack can have global effects • Global visibility of paths is not scalable • Lack of route freshness • Current (S-)BGP enables replaying of obsolete paths

  5. Related Work • Routing security • S-BGP, soBGP, psBGP, SPV, PGBGP • Routing control • Multipath (MIRO, Deflection, Path splicing, Pathlet), NIRA • Scalable and policy-based routing • HLP, HAIR, RBF • Secure DNS • DNSSec • Source accountability and router accountability • AIP, Statistical FL, PAAI

  6. Wish List (1): Isolation • Localization of attacks … … • Mutually distrusting domains, no single root of trust Independent routing region … … … … … … … M Attacks(e.g., bad routes)

  7. Wish List (2): Balanced Control • Source, destination, transit ISPs all have path control • Support rich policies and DDoS defenses … … … … I2 L3 … … A B C Hide the peering link from CMU PSC D CMU 7

  8. Wish List (3): Explicit Trust • Know who needs to be trusted • Enforceable accountability … … … … … … X Y Z Internet Level 3 I2 PSC Who will forward Packets on the path? Go through X and Z, but not Y CMU

  9. SCION Architecture Overview path srv S: blue paths D: red paths • Trust domain (TD)s • Isolation and scalability TD TD Core • Path construction • scalability • Path resolution • Control • Explicit trust PCB PCB PCB PCB AD: admin domain • Route joining (shortcuts) • Efficiency, flexibility Destination Source

  10. Logical Decomposition • Split the network into a set of trust domains (TD) TD: isolation of route computation TD cores: interconnected Tier-1 ADs (ISPs) core core Down-paths Up-paths Destination Source

  11. Path Construction Beacons (PCBs) : signature : interface : Opaque field : expiration time = SIG( || || ) TD Core = ||MAC( ) A PCB PCB PCB PCB = || MAC( || ) = SIG( || || || ) B = || MAC( || ) = SIG( || || || ) C Embed into pkts

  12. SCION Security Benefits

  13. Performance Benefits • Scalability • Routing updates are scoped within the local TD • Flexibility • Transit ISPs can embed local routing policies in opaque fields • Simplicity and efficiency • No inter-domain forwarding table

  14. Evaluation Methodology • Use of CAIDA topology information • Assume 5 TDs (AfriNIC, ARIN, APNIC, LACNIC, RIPE) • We compare to S-BGP/BGP

  15. Performance Evaluation • Additional path length (AD hops) compared to BGP • without shortcuts: 21% longer • with shortcuts: • 1 down/up- path: 6.7% • 2 down/up- path: 3.5% • 5 down/up- path: 2.5%

  16. Policy Expressiveness Evaluation • Fraction of BGP paths available under SCION, reflecting SCION’s expressiveness of BGP policies

  17. Security Evaluation • Resilience against routing and data-plane attacks • Malicious ADs announce bogus links between each other • S-BGP • SCION

  18. Conclusions • Basic architecture design for a next-generation network that emphasizes isolation, control and explicit trust • Highly efficient, scalable, available architecture • Enables numerous additional security mechanisms, e.g., network capabilities Application Transport Network Data link Physical

  19. Questions? Xin Zhang <xzhang1@cmu.edu>

More Related