Detecting Network Intrusions via Sampling : A Game Theoretic

Download Report

Transcript Detecting Network Intrusions via Sampling : A Game Theoretic

Presented By: Michael Pincott and Matt Vidal
July 29, 2003
Outline
•
•
•
•
•
Introduction
Internet2 Backbone (Abilene)
Internet2 Goals
Internet2 Applications
Internet2 Projects
– Shibboleth
– QBone
• Related Hyperlinks
• Questions
2
Introduction
• Internet2 development started in 1996
– Backed by nearly 200 large universities
– Consortium partners include Qwest, Cisco, Nortel, Juniper, IU
• First stage involved the implementation of two backbones
– vBNS (very high speed Backbone Network Service, OC-12)
– Abilene (OC-48)
• The current Abilene upgrade in progress is bringing
backbone capacity of OC-192c (10 Gbps) to Internet2
• WPI has its own connection to the Internet2 backbone
– Goddard GigaPoP (OC-3, scalable to OC-192)
3
Internet2 Backbone (Abilene)
• Abilene provides connectivity between regional GigaPoPs
and Internet2 Cloud
• GigaPoPs provide regional aggregation and educational
access points
• Abilene offers an interface between other high
performance national and international research and
educational networks
• Connectivity target is 100 Mbps between Abilene
connected desktops
4
Internet2 Backbone (Abilene) (2)
• Network Architecture
–
–
–
–
Abilene core capacity is OC-192 (10 Gbps)
13,000 miles of fiber optic cable in the backbone network
Operates nearly 180,000 times faster than 56 kbps modem
Approximately 1,600 Terabytes of data per month are passed over
the network
– 11 core nodes with router and supporting equipment
– Each router node supports IPv6 and multicast
– Network Operations Center (NOC) is located on the campus of
Indiana University at Indianapolis
5
Internet2 Backbone (Upgrade)
Abilene Core Network Upgrade to OC-192 (Current Level)
6
Internet2 Backbone (IPv6)
IPv6 Deployment in Abilene Backbone Network
7
Internet2 Goals
•
In general, the three main goals of the Internet2 next
generation network are:
1.
2.
To provide an advanced backbone to support the demands of the
advanced research applications being developed by Internet2
members
To provide a separate network to enable the testing of advanced
network capabilities prior to their introduction into the
application development network
•
3.
Quality of Service (QoS) standards, Multicasting, IPv6, Advanced
Security and Authentication Protocols
To provide a separate network capability to conduct network
research in order to advance both the Abilene network and the
general state of the art
8
Internet2 Goals (2)
• Internet2 is a proving ground for next generation
technology (including native IPv6)
• Ideal for tomorrow’s intensive applications requiring:
high bandwidth, low latency, true multicast
–
–
–
–
Telemedicine
Legitimate Long Distance Learning
Virtual Laboratories
International Research Collaboration
• Interaction with Federal Next Generation Internet (NGI)
Initiative
• Operating system and application tuning will be required
– FTP slower across Internet2, tuned for highly congested network
9
Internet2 Applications
•
Focus on higher education
–
Best applications should be available everywhere:
•
•
Killer Application? <> Four Killer Attributes!
1.
2.
3.
4.
•
Classroom, Library, Laboratory, Dorm
Interactive Collaboration Environment (Distance Indifference)
Common Access to Remote Resources (Labs, Telescopes, Etc.)
Backplane Network (Shared Computation and Data Services)
Virtual Reality Environments (Real-Time, 3-D Animation)
True “Killer App” is digital video
–
–
–
Better-than-TV quality video conferencing
On-demand content
Remote control of equipment or instruments
10
Internet2 Projects - Shibboleth
•
What is the Shibboleth Project?
–
Seeks to solve problems in user validation
•
•
•
•
Immune to IP spoofing
Resistant to username/password theft
Simplifies system administrator’s workload
Shibboleth is a Federated Administration Method
–
The network there the user originated provides user attributes and
information to the target site.
11
Internet2 Projects - Shibboleth
• Problem:
– Two universities wish to share access
• Grant access from all IPs (susceptible to IP
spoofing)
• Receiving system to keep lists of users/passwords
(Intensive work on a large and dynamic group)
• Use public key infrastructure (again, intensive on
sysadmin – user lists, registration of keys, smart
card distribution)
– Overall lack of accountability
12
Internet2 Projects - Shibboleth
•
1.
2.
Shibboleth Solution:
User surfs to resource. Connects
to a SHIRE (Shibboleth Attribute
Requester)
– SHIRE acquires a “handle”
– Handles do not provide
insight into user’s personal
information
SHIRE, through a WAYF (Where
Are You From) server uses
encrypted data from user’s
original connection packet
connects back to the user’s home
network.
13
Internet2 Projects - Shibboleth
3.
4.
5.
WAYF forwards request from SHIRE
to the Handle Service
HS verifies user is valid and forwards
handle information back to SHIRE
(then forwarded to SHAR)
SHAR (Shibboleth Attribute
Requester) communicates with user’s
Attribute Authority.
–
–
6.
SHAR may request more information
depending on level of access
AA only responds with as much
information as the user has pre-set.
If the information provided by the
AA is enough, access to the service is
allowed.
14
Internet2 Projects - Shibboleth
•
Only the user’s home network is responsible for keeping
records
•
User decides how much personal information to expose.
•
WAYF servers can be a target for attacks. The WAYF
servers can be local or remote and extensive mirroring is
suggested.
15
Internet2 Projects - QBone
•
Internet is based on best effort packet delivery.
– IP packets arrive at their destination using the best
method they can find.
– Latency through the Internet is indeterminate.
•
Internet2 seeks to add Quality of Service (QoS)
with two service levels.
– Premium Service
– Scavenger Service
16
Internet2 Projects – QBone Premium Service (QPS)
•
Will offers close to virtual leased
line service
•
Works by ways of an expedite
forward message in the header of
the IP packet.
•
EF Commitments is total
bandwidth reserved for QPS
•
EF Reservation load is what each
QPS client receives
•
EF Load is the load of each QPS
data stream.
17
Internet2 Projects - QBone Premium Service (QPS)
• QPS Parameters
– peakRate
– MTU (Maximum
Transmission Unit)
– Source
– Destination
– Route
– startTime
– endTime
– Jitter Bound
MTU (Bytes)
Jitter Bound (ms)
64
0.42
512
3.36
1500
9.84
18
Internet2 Projects – QBone Scavenger Service
•
•
•
Scavenger Service’s goal is to use the spare
bandwidth of Internet2 and not interrupt more
important data.
Scavenger’s bandwidth = total Internet2
bandwidth – (QPS + best effort service)
Why would you use Scavenger?
–
–
–
–
Distributed software (SETI@Home, Distributed.Net)
Data backups
Website Mirroring
ISPs can sell scavenger bandwidth at a lower price
19
Internet2 Projects – QBone Scavenger Service
•
How is a packet labeled for Scavenger Service?
– Best Effort traffic uses the binary string 000000 in the
differentiated service code point in the IP packet.
Scavenger packets are labeled with a 001000.
– Router use different queues and queuing techniques
on packets with 001000.
•
•
Currently, system administrators voluntarily
mark packets for use with the Scavenger Service.
In the future, software may determine the priority
of the packets and pick the service effort
required.
20
Internet2 Projects – QBone Today
•
QPS is “suspended indefinitely” due to
intractable deployment problems.
–
–
–
–
–
•
Lack of router support
Lack of intensive policing on all ingress ports
Massive channel demand
Operating cost
Complexity
Focus is being placed on “non-elevated” forms of
QoS that require no policing, reservation, and
admission control.
21
Internet2 Projects – QBone Today
• Scavenger Service
works!
• Currently ~0.4% of all
Internet2 traffic is
Scavenger Service.
• Usage is due to the
graciousness of system
administrators. They
are treading lightly
despite the amazing
bandwidth of Internet2
22
Related Hyperlinks
• Abilene Weather Map (link utilization & traffic analysis)
– http://loadrunner.uits.iu.edu/weathermaps/abilene/
• Abilene Nodes (as of 7/24/03)
– http://www.abilene.iu.edu/doc/logical.html
• Traffic Graphs for WPI’s Internet2 usage
– WPI’s Traffic between its connecting Abilene core node (NYC)
• Complete Abilene Map
– http://www.internet2.edu/resources/AbileneMap.pdf
23
Questions?
24