reliable communication in unknown networks lakshmi subramanian joint work with: randy katz, volker...
Post on 21-Dec-2015
219 views
TRANSCRIPT
Reliable Communication in Unknown Networks
Lakshmi Subramanian
Joint work with:
Randy Katz, Volker Roth, Scott Shenker, Ion Stoica
Reliable communication problem
Good node Adversarial node
Given a graph G, how do two good nodes reliably communicatein the presence of adversarial nodes attempting to disrupt the communication
Challenges to reliable communication
• Lack of knowledge of which nodes are adversarial
• Adversarial nodes can potentially– Modify messages traversing them– Generate spurious messages on behalf of good
nodes– Collude with other adversaries using out-of-
band communication
• Absence of a public key infrastructure to enable originators to sign messages
Lamport’s Result
• If every node is aware of the entire graph G and G is (2k+1) vertex connected, then two good nodes can reliably communicate provided #adversaries <= k – Source route the message along (2k+1) vertex
disjoint paths and compute consensus– This result is also a lower bound
• Reliable communication vs Byzantine consensus– Reliable communication is a necessary building
block for byzantine agreement
What if the graph is not known?
What if a node is aware only its neighbors but not the entire network?
neighborhoodof a node
Reliable communication in unknown networks
• Input: Given a graph G with n nodes where each node is aware of only its neighbors but not the entire graph. Every node has a unique, unforge-able identity.
• Problem: Assume that k among the n nodes are adversarial and the remaining (n-k) nodes are good nodes which follow a prescribed algorithm. For what values of k, can we get a distributed algorithm that allows two good nodes to reliably communicate?
The problem spectrum
Reliable Communication Problem
Complete Graph Incomplete Graph
Unsigned Messages Signed Messages
Graph unknown Graph known
Example 1: BGP
• Nodes in the graph are AS’s
• Identity= AS number– AS number is a socially assigned identity– Assumption: AS number is unique and
unforgable
• What information needs to be reliably communicated?– (AS, prefix) mapping– Valid path-vector route updates
Example 2: Intra-domain routing
• Identity of a node = <router-id>• Information to be reliably communicated?
– Graph topology
– Link costs
• An adversary should not be able to – Modify the cost of existing links between good nodes
– Introduce new links to good nodes
• What an adversary can do– Introduce spurious links to other adversaries
– Introduce fake nodes
Example 3: DNS
• Node identifier = <IP address of DNS server>– Assumption: The IP address of a DNS server of
a domain is relatively static
• Information to be reliably communicated?– Domain ownership information– Redirection of DNS requests to the
authoritative DNS
• Challenge:– Is it possible to secure DNS without a public-
key infrastructure?
Our result
• In an unknown network comprising n nodes, given #adversaries <=k and a bound N>=n on the number of nodes, two good nodes can reliably communicate if the underlying connectivity graph, G, is (2k+1) vertex connected.
• Complexity– Consider a network with bounded capacity where every
link can transmit one message in unit time.
– One-time complexity=O(kNn3)
– Subsequent communication complexity = O(k.diam(G))
Simpler adversarial model
• Independent adversaries– Do not collude with each other
– Do not directly communicate with each other during protocol execution
– Motivation: misconfigurations, independent attackers
• Result: In an unknown network comprising n nodes, given number of independent adversaries <=k and a bound N>=n on the number of nodes, two good nodes can reliably communicate if the underlying connectivity graph, G, is (k+2) vertex connected.
Practical implications• BGP
– Reliable communication is achievable within the Internet core (tier-1 +tier-2 ISPs)
– In power-law random graphs, the damage that few adversaries can cause is small
– Multi-homing => better reliable communication– Mis-configurations cause lesser damage than colluding
adversaries
• OSPF– The network can be carefully engineered to ensure that
few adversaries cannot disrupt link-state routing– The cost of propagating updates reliably can be made
very low
Practical implications (contd)
• DNS– By designing the DNS as a hierarchical but
structured peer-peer network, adversarial nodes can cause very little damage
– DNS requests can be reliably serviced in the presence of adversaries
• Decentralized public key distribution– In specific graphs, one can achieve
decentralized public key distribution in the presence of a bounded number of adversaries
Other implications
• Network design– Need a minimum 3-connected graph to
completely protect against a single adversary
• Failures are accommodated as adversarial nodes
• Not applicable for– Unstructured peer-peer networks, nodes with
variable identities, extremely dynamic networks
Algorithm building blocks
• Path vector signatures
• Flow concept
• Path suppression
• Loop testing – for independent adversaries
Path vector signatures• Path vector message =(m,S,P)
– message m, source S, path P
• Path vector signature sgn(m,S,P) satisfies– Verifiability: Given (m,S,P) and sgn(m,S,P), any node
can verify that message traversed P provided it originated from S
– Update: sgn(m,S,P) can be updated to sgn(m,S,P’) for any path P’= P +{v}
– Inability to modify: Any adversary attempting to modify m or remove entries in P cannot compute signature
– Distinguishability: The signature of a fake path vector message (m,S,P) is always distinguishable from a genuine message (m,S,P)
El-Gamal path vector signatures
A D
CB
YXClaimedPublic-key=PMessage=x
<h1= h(x, (A,B)), P> <h3= h(h2, (B,C,D)),P>
• Consistency checking of routes (C,B,A) and (Y,X,A):• Does the signature match the public key?• Do the public keys match?
<h2= h(h1, (A,B,C)),P>
<k1= h(x, (A,X)), Q>
<k2= h(k1, (A,X,Y)),Q>
<k3= h(k2, (X,Y,D)),Q>
Property of path-vector signature
• A single adversary attempting to modify the message or generate a fake message with a genuine signature has to generate a new public key for the source
• Two colluding adversaries can– tunnel an adversary and introduce a fake path
between them without changing the message
Modified path-vector signatures
<(h(ABC),p(A)),(h(BC),p(B))>
<(h(ABCD),p(A)), (h(BCD), p(B)), (h(CD),p(C))>
A DCB
<h(AB), p(A)>
Append a string of hash signatures, one for each node along a path along with the “claimed” public-key of each node
Property of modified scheme
• Two colluding adversaries generating a fake path with additional identities have to fake the public-keys of these identities
• Keyed-identity of a node = (identity, claimed public key)
• Distinguishability of messages:– A genuine path-vector message traversing good
nodes will always be distinguishable from a fake path-vector message generated by adversaries
Flow concept
• Let G be a (2k+1) connected with at most k adversarial nodes
• Consider two good nodes X and Y with public keys p(X) and p(Y)– Flow ((X,p(X), (Y,p(Y)) >=k+1
• Consider a good node X and a fake node F created by adversaries– Flow((X,p(X)), (F,p(F)) <=k
Basic Algorithm
• Step 1: Every node X with a message m(X), transmits m(X) to its neighbors along with its path-vector signature
• Step 2: Every intermediary node appends the path attribute and the signature and propagates the message to other neighbors
• Step 3: Every receiver chooses identity-disjoint paths for each source and updates the flow
• Step 4: If flow(node)>k, then that message is declared genuine
Path suppression
• Number of paths in a graph is exponential
• Path suppression:– A node only forwards a path-vector message if
the path contains a new edge or a new source.– For a given keyed identity (X,p(X)), the
number of messages forwarded is bounded.
Loop testing: Independent adversaries
X
Z
Independent adversaries will fail the loop test: • If G is (k+2) connected, every edge will be present in at least one good loop
Conclusions• Reliable communication in unknown networks if
the graph G is (2k+1) connected with at most k adversaries– (k+2) connectivity sufficient for independent adversaries– byzantine consensus in unknown networks
• Practical applications– BGP, OSPF, DNS
• Related problem: Reliable communication in sparse unknown networks– How much damage can a single adversary cause in 1-
connected and 2-connected networks?– What is the best defense mechanism in sparse networks?