DavisSocialLinks_0722_2010
Download
Report
Transcript DavisSocialLinks_0722_2010
Davis Social Links
Relationship-Oriented Social-Centric
Future Internet Architecture
S. Felix Wu
Computer Science Department
University of California, Davis
[email protected]
http://www.facebook.com/sfelixwu
http://dsl.cs.ucdavis.edu
Outline
• A series of unfortunate events
– Vulnerabilities and Root Causes
• Relationship-Oriented Architecture
– How would this help?
• FAITH
– Facebook Application Identification,
Transformation, and Hypervisor
07/22/2010
Davis Social Links
2
The emails I received typically each morning…
07/22/2010
Davis Social Links
3
You have a few seconds to decide……
07/22/2010
Davis Social Links
4
To me personally, this is a typical
social spam.
I didn’t really know this guy!
07/22/2010
Davis Social Links
5
Root Cause Analysis
• Why did Spam or DDoS occur in the first
place?
• Does these attacks have anything to do
with the “architecture”?
– What feature(s) have been leveraged (to enable
the attack)?
07/22/2010
Davis Social Links
6
Pick your favor Spam Filter(s)
07/22/2010
Davis Social Links
7
The Implication of FP’s
• Spam-filters have to be conservative…
A: eliminate 99.99% spams, 10% hams
B: eliminate 60% spams, 0.00001% hams
• We will have some false negatives in our
own inboxes.
• We will spend our own time to further
filter..
– For me, 1~2 seconds per email
07/22/2010
Davis Social Links
8
Internet
SMTP
33130 Autonomous Systems
311755 Address Prefixes announced
BGP + DNS
http://bgp.potaroo.net/cidr/
07/22/2010
Davis Social Links
9
Unique Routable Identity
“Destination Identity” is the
ONLY thing you need to
communicate with that particular
identity!
07/22/2010
Davis Social Links
10
Unique Routable Identity
SMTP
• Any identity (email address, IP, url) can
communicate with any one else.
– Email, web, bittorrent, warcraft, skype…
“Destination Identity” is the
ONLY thing you need to
communicate with that particular
identity!
07/22/2010
Davis Social Links
11
Properties
• Unique global network-layer identifier
– IPv4/v6 addresses
• Global connectivity
– The primary job of BGP
– 311755 Address Prefixes announced
The capability that
we can send emails
to each other.
• Once the attacker has the URI, they can
do whatever they want?!
Randomized DDoS
07/22/2010
Davis Social Links
12
Internet Architecture
• Our Internet architecture allows a group
of network nodes sending packets (or
messages) toward certain IP (or email)
address prefixes (within a period of time).
07/22/2010
Davis Social Links
13
Internet Architecture
• Our Internet architecture allows a group
of network nodes sending packets (or
messages) toward certain IP (or email)
address prefixes (within a period of time).
• Unavoidable!
• Restrict/control such behavior!
– But, how?
07/22/2010
Davis Social Links
14
What is undesirable?
• We might not have a clear answer.
• But, we want to avoid a manual and per
message process to respond!
07/22/2010
Davis Social Links
15
Future Internet Design
• We know something about what we don’t
like under the current architecture.
• We know very very little about the
requirements of the future!
07/22/2010
Davis Social Links
16
A Very Challenging Argument…
• We know something about what we don’t
like “under” the current architecture?!
• We know very very little about the
requirements of the future!
– What are the possible future applications and
why will the current Internet architecture be
insufficient?
07/22/2010
Davis Social Links
17
During my 85 minutes talk today…
• “Trying” to identify some architectural
concerns of our current Internet:
– Mostly from the security perspective
– Argue why certain features might not be
necessary
• Proposing a different architecture based
on social informatics:
– What will we possibly gain?
– Why shouldn’t we simply realize this new social
layer purely at the application layer (on top of
IP, e.g.)?
07/22/2010
Davis Social Links
18
During my 85 minutes talk today…
• “Trying” to identify some architectural
concerns of our current Internet:
– Mostly from the security perspective
– Argue why certain features might not be
necessary
• Proposing a different architecture based
on social informatics:
– What will we possibly gain?
– Why shouldn’t we simply realize this new social
layer purely at the application layer (on top of
IP, e.g.)?
I am trying to raise questions…
07/22/2010
Davis Social Links
19
Relationship-Oriented
• Internet is about leveraging some form of
relationship to communicate
• And, the result of the communication might
change the nature of the relationship
07/22/2010
Davis Social Links
20
Relationship
07/22/2010
Davis Social Links
21
Relationship?!
07/22/2010
Davis Social Links
22
Email Relationship
The capability that we
can send emails to each
other.
07/22/2010
Davis Social Links
23
To me personally, this is a typical
social spam.
I didn’t really know this guy!
07/22/2010
Davis Social Links
24
Oops…
“BTW, a small typo as well!”
07/22/2010
Davis Social Links
25
07/22/2010
Davis Social Links
26
11/27
/2007
11/16
/2007
07/22/2010
11/26 Spammed?
/2007
In my office
Davis Social Links
12/10
/2007
“Memoryless”
For Felix Wu
27
SMTP
07/22/2010
Davis Social Links
28
SMTP
07/22/2010
Davis Social Links
29
We are trying to make the
information of social context and
relationship explicit!
SMTP
Felix
Eric
Dualism
Justin
07/22/2010
Davis Social Links
30
Internet
SMTP
33130 Autonomous Systems
311755 Address Prefixes announced
BGP + DNS
http://bgp.potaroo.net/cidr/
07/22/2010
Davis Social Links
31
Social-Control Routing
SMTP
3
1
07/22/2010
2
Davis Social Links
32
07/22/2010
Davis Social Links
33
SMTP
Existing
Applications
Native DSL
Applications
and Games
Name-ID
resolution
Community
Oriented
Keywords
Wrapper
Social Context
Eric
0.65
Felix
0.73
DSL Kernel
Policy/Reputation-based
Route discovery
Facebook
07/22/2010
Davis Social Links
DSLoFB
34
https://dslcore.slice1054.genislices.emulab.net/soemail/src/login.php
0.65
0.73
X-DSL
07/22/2010
Davis Social Links
35
07/22/2010
Davis Social Links
36
Felix, the receiver, decides…
A
B
Trust(B>A)
Pkt[ab]
07/22/2010
C
Trust(C>B)
Pkt[abc]
Davis Social Links
Pkt[c>d]
D
Trust(D>C)
Pkt[bcd]
37
Trust Structure
We want to stabilize these decentralized values such that
they can be used to effectively choose the “best” route.
07/22/2010
Davis Social Links
38
Routing with Trust
07/22/2010
Davis Social Links
39
Simulation study
of 100K+ nodes…
07/22/2010
Davis Social Links
40
Pairwise 1-way Trust
07/22/2010
Davis Social Links
41
07/22/2010
Davis Social Links
42
Trust/Reputation Systems
• performance and responsiveness to dynamics
(of trust and reputation)
– Assuming no oracle or human reset (and we might
not have ground truth in real-time anyway).
– operations and management
• Bounded/unbounded for life-time expected
attack instances
– Versus bounded for a fix period of time
– Probabilistic versus Deterministic
– Assuming no collusive attacks
07/22/2010
Davis Social Links
43
SMTP
0.65
07/22/2010
Davis Social Links
0.73
44
Relationship Capability and Context
Justin
0.65
Eric
07/22/2010
0.73
Felix
Davis Social Links
45
Question #1
• Why does “the relationship” matter?
Justin
0.65
0.73
Eric
Felix
Content versus Relationship
07/22/2010
Davis Social Links
46
Examples…
• Why does “the relationship” matter?
Justin
0.65
0.73
Eric
Felix
Felix trusts Justin
07/22/2010
Davis Social Links
47
But, what does “0.73” mean?
Justin
0.65
Eric
0.73
Felix
Collusion
Delayed Evaluation
Opinion Dynamics/Fluctuation
Social Isolation
Asymmetric Social Trust
Relationship, it’s complicated!
07/22/2010
Davis Social Links
48
Examples…
• Why does “the relationship” matter?
Justin
0.65
0.73
Eric
Felix
Felix trusts Justin, or
Felix believes that Eric has not contacted too many professors!
07/22/2010
Davis Social Links
49
Communication and Relationship
• Social capitals/resources
???
Communication sometimes is not just between Eric and Felix!
It might also depend on what/which others are communicating!
07/22/2010
Davis Social Links
50
Architecture
• Our Internet architecture allows a group
of network nodes sending packets (or
messages) toward certain IP (or email)
address prefixes.
07/22/2010
Davis Social Links
51
Architecture
• Our Internet architecture allows a group
of network nodes sending packets (or
messages) toward certain IP (or email)
address prefixes if and only if the
relationship chains supporting the
communication are strong enough.
07/22/2010
Davis Social Links
52
Question #2
• Why bother to change the IP layer?
07/22/2010
Davis Social Links
53
Question #2
• Why bother to change the IP layer?
• BTW, this is my soft spot so I will try my
best but be honest/humble…
07/22/2010
Davis Social Links
54
Social/Networking
Relationship Graph Abstraction/Dynamics
3
1
07/22/2010
2
Davis Social Links
55
“Routable Identity”
• Application identity =M=> Network identity
• Network identity =R=> Network identity
• Network identity =M=> Application identity
Application Entity
Application Entity
DNS
BGP
Network Entity
07/22/2010
Network Entity
Davis Social Links
56
“App/Route Identity”
• Application identity =M=> Network identity
• Network identity =R=> Network identity
• Network identity =M=> Application identity
• Keywords =(MF-R)=> “Multiple Paths”
• Application identity selection
• Network route selection
07/22/2010
Davis Social Links
57
“Social Control Layer”
Application Entity
Relationship
Path
Selection
Application Entity
Social
Entity
Social
Entity
Control interface
Network Entity
07/22/2010
Network Route Binding
Davis Social Links
Network Entity
58
“Social Control Layer”
Application Entity
Application Entity
Social
Entity
Network
Route
Selection
Social
Entity
Dualism
AL-BGP
Network Entity
07/22/2010
Network Entity
Davis Social Links
59
Hijackable Routable Identify
07/22/2010
Davis Social Links
60
Application Test <> “Layer 3”
07/22/2010
Davis Social Links
61
“App/Route Identity”
• Application identity =M=> Network identity
• Network identity =R=> Network identity
• Network identity =M=> Application identity
• Keywords =(MF-R)=> “Multiple Paths”
• Application identity selection
• Network route selection
The end user will have some control via the social layer!
07/22/2010
Davis Social Links
62
URI versus ADC
• URI (Unique Routable Identity)
– We assume that our destination target is bound
to an URI.
– We assume that both the MAPPING (e.g., DNS)
and ROUTING (e.g., BGP) are correct.
• ADC (Application Dependent Credential)
– The lower layer (like search engine) will give us
a few options to click.
– The application (or the user) will then choose
the one (or ones).
07/22/2010
Davis Social Links
63
Phishing Attacks
• Today, somebody would trick us to believe
that they are the official Well Fargo!
• In DSL, ANYBODY can claim to be WF as
long as they announce the magic keywords.
– So, we are “Phishing by Default”.
07/22/2010
Davis Social Links
64
Why not?
• Relying on IP (& BGP), URL, DNS, and
trusted browser plus uncompromised
Javascripts and captures might not be
terribly secure anyway.
• We need end-to-end mutual authentication
for certain applications, and more
importantly, at the application layer!
– Different applications have different security
requirements!
07/22/2010
Davis Social Links
65
Social-View of Network-Layer DDoS
Remapping, Soft Binding, Trust-based Prioritization
07/22/2010
Davis Social Links
66
Social Network versus Internet
• Conjecture
– It’s much harder to profile on the Internet
than on some abstraction of social networks!
– Example: Dunbar’s number (~150)
• Maintaining Stable Social Relationship
– Example: Mutual friends
• Real SN: less than 38 friends
• Farmville/Mafia War: 150~170 and still growing…
07/22/2010
Davis Social Links
67
How many? within how much time?
• Social capitals/resources
“anomalous” social transactions
Eric
Justin
Felix
???
The response from the dark side….
obtain the expected social profile
leverage a large number of compromised social bots
each produce/consume a very small amount of SR
07/22/2010
Davis Social Links
68
Architecture
• Our Internet architecture allows a group
of network nodes sending packets (or
messages) toward certain IP (or email)
address prefixes if and only if the
relationship chains supporting the
communication are strong enough.
• The relationship chain being utilized will
determine the quality of service.
07/22/2010
Davis Social Links
69
We lost “Global Connectivity”!
• We cannot propagate all the keywords “too
far away” for the concern of scalability.
– Global reachability is sacrificed.
• But, “Less might well be More”
– In between deny and allow by default…
– Communication is mutual!
– As an example, if we want to communicate with
a certain far-reach region as “our mission”, then
we will send a missionary there on OSN!
07/22/2010
Davis Social Links
70
Who is Salma?
07/22/2010
Davis Social Links
71
My message to Salma
07/22/2010
Davis Social Links
72
My message to Salma
07/22/2010
Davis Social Links
73
The Social Path(s)
07/22/2010
Davis Social Links
74
“Per-Keyword Propagation Policy”
• For each keyword, we will associate it with
a propagation policy: [T, N, A]
– T: Trust Value Threshold
– N: Hop counts left to propagate (-1 each step)
– A: Community Attributes
• Examples:
– [>0.66, 4, “Davis”] K via L1
– [>=0, , ] K via L2
Social DNS
07/22/2010
Davis Social Links
75
Keyword & its
propagation policy
Hop Count
Trust
Community Attribute
07/22/2010
Davis Social Links
76
Community
B
D
A
C
• A connected graph of social nodes sharing
a set of community attributes
07/22/2010
Davis Social Links
77
reaching Western Africa…
07/22/2010
Davis Social Links
78
Connecting to Western Africa
Sending a missionary there Socially!
07/22/2010
Davis Social Links
79
Social Network Transformation
• Each application might need different OSN
topologies.
Justin
0.65
Eric
07/22/2010
0.73
Felix
Davis Social Links
80
Farmville and Facebook
FB friends: 790+
FV neighbors: 30+
Justin
Eric
neighbor
Felix
friend
07/22/2010
Davis Social Links
81
Farmville and Facebook
FB friends: 790+
FV neighbors: 30+
Justin
Eric
neighbor
Felix
Is this necessary?
friend
07/22/2010
Davis Social Links
82
Fighter’s Club
• A couple millions users
• A Coalition game ~ like Warcraft
• Team members who are Facebook friends
receive higher fighting powers
• ~1400 new friendships established daily
• ~10% of users with >95% friendships
purely based on this game.
07/22/2010
Davis Social Links
83
http
“more realistic”
social network
Roughly your
friends (or
friend2s)
online
social network
Quality of the Friendship may
have been out of control…
Anybody with an IP address
07/22/2010
Davis Social Links
84
Social Network Transformation
• What is the best/effective VPSN for this
application X?
– Virtual Private Social Network
Eric
friend
Justin
Eric
Eric
07/22/2010
friend
Justin
FV friend
Justin
Davis Social Links
Felix
neighbor
FB friend
Felix
Felix
85
In the middle…
• Bit Torrent Peer selection
– Currently no “Social” Relationship involved
• Farmville Neighbors
– Must leverage Facebook friendship
0%
07/22/2010
100%
Davis Social Links
86
Good or bad news??
• Stability in Social/Relationship Networks
– properties that we can leverage, enforce,
analyze? (application dependent)
Social Bot
Master
07/22/2010
Eric
Justin
John
Amy
Mary
Nancy
Davis Social Links
Felix
Sam
Tim
87
Layers of Social Networks
Social Bot
Master
07/22/2010
Eric
Justin
John
Amy
Mary
Nancy
Davis Social Links
Felix
Sam
Tim
88
Layers of Social Networks
Eric
Amy
John
Mary
Social Bot
Master
07/22/2010
Justin
Nancy
Felix
VPSN
Eric
Justin
John
Amy
Mary
Nancy
Davis Social Links
Sam
Tim
Felix
Sam
Tim
89
Social Informatics
Service Providers
Trustworthiness/Privacy
Anonymity/Censorship
Usability
Application
and/or
User
Let’s have fun… but not
JUST have fun, hopefully!
Protocol
Entity(L3~7)
07/22/2010
Making Relationships Explicit
Davis Social Links
API
(+ Social API)
Protocol
Entity(L3~7)
90
FAITH
FAITH
“Should I have faith in you?”
FAITH (Facebook Application Identifier Translator & Hypervisor)
like NAT (Network Address Translation)
07/22/2010
Davis Social Links
91
FAITH+DSL+GENI
FAITH
DSL
3
1
07/22/2010
2
Davis Social Links
92
DSL is an old idea!
And, I certainly don’t have the answer yet…
A
B
We, as human, have been using similar social
communication principles. Maybe it is a good
opportunity to re-think about our cyber
communication system.
Re-consider the current Internet architecture
1.
Global Connectivity vs. Mutual Interest
2.
Unique Routable Identifier vs. Application
Dependent Credential
A
07/22/2010
F
F
Davis Social Links
F
B
93
Remarks
• Social-Centric Networking
– Packet/Flow + “Relationship”
– Trust Management
– Social Network in Progression/Development
• “Softer/Fuzzy” Resolution via Keywords
– Name, Content, Identification
– Semantic Analysis
• Social Network Control to Bridge the Gap
07/22/2010
Davis Social Links
94
Little demo later if any one is interested…
07/22/2010
Davis Social Links
95
Acknowledgements
• NSF/FIND, GENI, ARO/MURI, ARL/NSCTA, Intel
07/22/2010
Davis Social Links
96