Transcript darpa-agn

Network Support for
Accountability
Nick Feamster
Georgia Tech
Collaborative Response with David Andersen (CMU), Hari
Balakrishnan (MIT), Scott Shenker (UC Berkeley/ICSI)
Georgia Tech Response with Wenke Lee and Mustaque Ahamad
Two Responses (“Double Duty”)
• “Towards an Accountable Internet Architecture”,
Andersen, Balakrishnan, Feamster, Shenker
• “In-Band, Bottom-Up Support for Availability and
Accountability”, Feamster, Lee, Ahamad
2
Internet Accountability
What is it?
• Mechanisms to identify, isolate, punish “bad behavior”
• Distinct from accounting (cf. original Clark design goals)
Why might the network need to support it?
• Attacks on the routing system
• Control over traffic
• Tracking and mitigating malice
– Spam
– Botnets
– Phishing
3
Facets of Internet Accountability
• Source: defense against address forgery
• Data-plane: identify faulty network elements
• Control-plane: identify forged routing messages
• Recourse to avoid faulty or malicious elements
– Scalable network support for path diversity
– Better mechanisms to curtail unwanted traffic
4
AIP: Accountable IP
Hash of autonomous domain’s
public key
AD
Globally valid endpoint identifier
(cf. IPv6 CGA, HIP, etc.)
EID
• Refactoring of Internet addresses: AD:EID
– AD: The autonomous domain of the host
– EID: A globally unique endpoint identifier
• Addresses are self-certifying
• Why change addressing?
– Forms the cornerstone of routing, forwarding, identity
– Current address structure makes existing mechanisms clumsy
– New structure retains simplicity at the network layer and above
5
Source Accountability
• Problem: Sources can forge IP addresses
– Can complete three-way handshakes (LAN spoofing)
• Why it matters: Complicates filtering, blacklisting.
– Spam campaigns regularly have 70% “fresh” IP addresses
• Solution: Self-certification + Challenge/Response
6
Control-Plane Accountability
• Problem: Routing messages can be forged
• Why it matters:
– Misconfiguration: AS 7007, ConEdison route leak
– Malice: Spammers stealing address space
• Solution: S-BGP-style attestations + self-cert
– Interdomain routing and forwarding is on Ads
– The AD is the public key and the address
– Eliminates the need for a mapping between IP
address space and organizations
7
Data-Plane Accountability
• Problem: Network elements drop packets, fail, and
otherwise give rise to poor performance
• One Solution: In-Band Path Diagnosis
New Shim Header
IP Header
Transport header
Method Overview
• Routers keep track of number
of packets seen per flow
• Each router stamps each
packet with current flow
counter value
• If current counter value does
not equal router’s expected
packet count for that flow,
router marks packet
8
“Cornerstone” Projects
• In-Progress
– Control-Plane: Implementation of control plane
accountability (XORP)
– Data-Plane: Implementation of in-band diagnosis
(XORP/Quagga on VINI)
• Imminent
– Coping: Multiple ongoing efforts
• Architectural mechanisms for supporting path choice
• Scalable route diversity protocol that uses network
virtualization (analysis, implementation on VINI)
9