1 / 32

Accountability Internet Protocol (AIP)

This paper presents the Accountability Internet Protocol (AIP), designed to provide accountability as a first-order property in network architecture. AIP generalizes the Internet's hierarchical addressing structure, introducing Accountability Domains (AD) and End-Point Identifiers (EID) to enhance secure identification and routing. The study highlights the uses of accountability in preventing source spoofing, managing routing scalability, and securing BGP through cryptographic verification. Insights on resource requirements and performance improvements by potentially addressing the complexities of past approaches to accountability are also discussed.

bendek
Télécharger la présentation

Accountability Internet Protocol (AIP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Accountability Internet Protocol (AIP) David G. Andersen (CMU) Hari Balakrishnan (MIT) Nick Feamster (Georgia Tech) Teemu Koponen (ICSI & HIIT) Daekyeong Moon, Scoot Shenker (UCB) In Proc. SIGCOMM, 2008 Speaker: Yun Liaw

  2. Outline • Introduction • AIP Design • Uses of Accountability • Routing Scalability with AIP • Key management • Traffic Engineering and AD Size • Related Work, Conclusion and Comments Speaker : Yun Liaw

  3. Introduction • Accountability:The fundamental ability to associate an action with the responsible entity • The problematic requirements of past approaches: • Complicated mechanisms • External sources of trust (e.g., CA in S-BGP) • Operator vigilance (e.g., Ingress Filtering) • AIP: A next generation network architecture that provides accountability as first-order property Speaker : Yun Liaw

  4. AIP Design Speaker : Yun Liaw

  5. AIP Design • A simple generalization of Internet’s original two-level hierarchical addressing structure – AD:EID • Accountability Domains (AD): • Independently administered networks, each with a unique identifier • Multiple levels in hierarchy of AD is supported • End-Point Identifier (EID): Host-assigned globally unique identifier • Interface bits (if): The last 8 bits of EID, in order to handle the hosts that attaches multiple times to the same AD • General form of AIP – AD1:AD2:...:ADk:EID Speaker : Yun Liaw

  6. AIP Design • Self Certifying: The name of an object is the public key that corresponds to that object • Accountability needs verifiable identity • We use cryptographic signatures for verification • The identifier should be bound to their public key • Security should not rely on manual configuration or trusted authorities • AD: The hash of the public key of the domain • EID: The hash of the public key of that corresponding host Speaker : Yun Liaw

  7. Speaker : Yun Liaw

  8. Forwarding and Routing Speaker : Yun Liaw

  9. Uses of Accountability Speaker : Yun Liaw

  10. Source Accountability: Detecting & Preventing Source Spoofing • uRPF (Unicast Reverse Path Forwarding): An automatic filtering mechanism that accepts packets only if the route to the packet’s source points to the same interface on which the packet arrived Speaker : Yun Liaw

  11. Source Accountability: EID verification Speaker : Yun Liaw

  12. Source Accountability: AD verification - Scalability • Accept cache management: If the number of entries for single AD exceeds the threshold, upgrade to an single-AD wildcard AD:* • Division of filtering responsibility: • Border routers: Verify the source of customer whose return path does not go directly to the customer • Interior routers: Need not perform further actions • Peering routers: Large peers, will likely to trust the peer’s verification based on a bilateral contractual agreement Speaker : Yun Liaw

  13. “Protect those who protect themselves” Source Accountability: AD verification • Limiting Address Minting • EID limiting: Place EIDs/second limit on each port • AD limiting: Limit the number of ADs that a customer could announce Speaker : Yun Liaw

  14. Source Accountability: Shut-off Protocol • Smart-NIC (Smart Network Interface Card) • Check the hash • If hash matches, suppressing the traffic for the duration of TTL Speaker : Yun Liaw

  15. Source Accountability: Securing BGP • AIP simplifies the task of deploying mechanisms, since IP lacks a firm binding between public keys, ASes, and prefixes • Operators configure a BGP peering session, and the session is automatically aware of the public keys by identifying the peer AD • BGP routers sign the routing announcements, and routers that receiving a update should verify before applying it • Each router must be able to find the public key that corresponds to that AD Speaker : Yun Liaw

  16. Routing Scalability with AIP Speaker : Yun Liaw

  17. Routing Growth Estimation • Diameter of the Internet / AS path length: shrinking • Routing table size: • BGP update volume: • By 2020, when a BGP session resets, the routers will have to exchange ≥ 1.6 millions prefixes with each peer, ideally in a few seconds Speaker : Yun Liaw

  18. Routing Table Size Speaker : Yun Liaw

  19. Effects of Moving to AIP • FIB (Forwarding Information Base) lookups become flat • The prefix size (32 bits) and ASes (16 bits) will increase to 160 bits (hash of public key) • Router will need to store a copy of each AD’s public key • CPU costs for cryptographic operations (similar to S-BGP) • The Internet diameter may keep unchanged Speaker : Yun Liaw

  20. Resource Requirements • Semiconductor Growth Trends: Moore’s Law • RIB & FIB storage (RAM): Speaker : Yun Liaw

  21. Resource Requirements • Update processing (CPU): Routing table would grow by a factor of between 5 and 9 by 2020, and the Moore’s Law expects that CPU is grow by a factor of 16 • Cryptographic overhead: • By 2020, a commodity CPU should be able to verify 480K and create 13K signatures per second • Verifying one signature for each route announcement from each of 20 peers would requires seconds • In summary, technology trends suggest that routing scalability with respect to memory, CPU and so on are all manageable Speaker : Yun Liaw

  22. Key Management Speaker : Yun Liaw

  23. Key Discovery • The key is obtained automatically once the address is known • Address can be obtained by any kind of lookup service: manually, S-DNS, etc. • Assume that peering ADs can identify each other out-of-band Speaker : Yun Liaw

  24. Key Registries • Maintain a public registry for each AD and the ADs to which each EID is bound • Assumption: • The existence of global registries where principals can registercryptographically signed assertions • The existence of per-domain registries that can be housed by the ISP itself • Advantages: • No need for any central authority. The registry verifies the signature before storing data • The registry can be populated by the entities involved, with no need for human intervention or involvement Speaker : Yun Liaw

  25. Key Registries • Class of Assertions in the registries: • Keys: • Revoked keys: • Peerings: • ADs of EID X: • First hop router of X: Speaker : Yun Liaw

  26. Key Registries • Maintaining the domains registry – by AD • Forcing domain to sign A:X entries before the DNS server and resolvers will accept them as the result of a DNS resolution • Using the registries: • For hosts: Check the global registry for which domain are hosting it, and check the domain-specific registry for first-hop routers are hosting it • For domains: Checks the global registry to see which domains claim to be peering with it Speaker : Yun Liaw

  27. Traffic Engineering and AD Size Speaker : Yun Liaw

  28. Traffic Engineering • Goal: To map an offered load on to a set of available paths • ADs cannot be split into sub-prefixes for finer control over routing • AD Granularity • AD: A group of nodes that meets these two criteria– • They are administered together • They would fail together under common network failures • AD granularity corresponds roughly to the way in which connectivity to the network changes Speaker : Yun Liaw

  29. Traffic Engineering • Splitting ADs for TE • ISPs could creating an AD from each prefix in the wide-area BGP routing tables • One can use interface bits in order to sub-divide an AD • DNS-based load balancing • Server-centric view: How to load balance traffic destined for a particular service across machines in a cluster or across data centers • AIP’s interface bits might simplify the load-balancing by representing a service as a single “host” multiple times Speaker : Yun Liaw

  30. Related Work, Conclusion and Comments Speaker : Yun Liaw

  31. Related Work & Conclusion • Related Work • Self-certifying names (CGA, HIP) • Separating identifiers and locators (GSE/8+8) • Scalability • Source accountability (packet filtering, Passport) • Control-plane accountability (S-BGP, soBGP) • Conclusion • Using a simple hierarchical addressing scheme with self-certifying components to enable accountability, to solve source spoofing, DoS traffic, and S-BGP Speaker : Yun Liaw

  32. Comments • Some assumptions seems not feasible today (e.g., global key registry) • Who should hold the accountability? • The Next-Generation network architecture would always face the problem that how to make people adopt it • Do we really need accountability as the first-order property in Internet? Speaker : Yun Liaw

More Related