1 / 31

Distributed Algorithms for Secure Multipath Routing in Attack-Resistant Networks

Distributed Algorithms for Secure Multipath Routing in Attack-Resistant Networks. Patrick P. C. Lee, Vishal Misra, Dan Rubenstein. 授課教授:林永松教授 學生: D96725006 陳霈語 R95725004 楊琇珊 R95725016 王貝瑜. Outline. Motivation: Why do we use multipath routing to achieve security? Security objectives

kmarlow
Download Presentation

Distributed Algorithms for Secure Multipath Routing in Attack-Resistant Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Distributed Algorithms for Secure Multipath Routingin Attack-Resistant Networks Patrick P. C. Lee, Vishal Misra, Dan Rubenstein 授課教授:林永松教授 學生:D96725006 陳霈語 R95725004 楊琇珊 R95725016 王貝瑜

  2. Outline • Motivation: • Why do we use multipath routing to achieve security? • Security objectives • Distributed algorithms: • Bound-Control algorithm • Lex-Control algorithm • Simulation results

  3. Motivation • Problem of single-path routing: source sink • An attack/failure shuts down the entire session.

  4. Motivation • Protection with multipath routing: source sink • An attack/failure causes less damage.

  5. Goals • Determine the multipath routes that achieve the “best” security: • Minimize the worst-case data loss with/without bandwidth constraints • Minimize “severe” data loss with/without bandwidth constraints based on lexicographic optimization • Implement a distributed solution: • No need to know the global network topology • Allow nodes to locally decide link costs • Suitable for independently administered networks (e.g., RON)

  6. Previous Work • Lexicographic optimization: Minimize a non-increasing link-cost sequence a = (a1, a2, …, an) • Find a*, where a* = (a1*, a2*, …, an*) ≤ a = (a1, a2, …, an) for every link-cost sequence a • Georgiadis et al.’s solution [ToN ’02]: • Recursively solve minimax problems on subgraphs • Limitations: • Centralized solution • Does not consider varied bandwidth constraints

  7. Our Work • Develop two distributed algorithms Bound-Control and Lex-Control: • Support fixed-rate model and maximal-rate model • Fixed rate: a data session sends data at a fixed rate • Maximal rate: a data session sends data at the maximal rate across all network links (i.e., equiv. to min-cut) • Suitable for overlay networks and ad hoc networks • Prove their optimality in response to single-link attacks. • Evaluate the algorithms via simulations in response to single-link and multi-link attacks.

  8. Model Assumptions • Static network topology • Single source-sink pair • Easily generalized to networks with multiple customers/providers • Infrequent link attacks/failures • Optimize solutions for single-link attacks • Evaluate performance for both single-link and multi-link attacks

  9. How to Quantify the Cost of a Single-link Attack? • Attack cost of link l: al = xl * cl • xl – proportion of session data allocated to link l • cl - security constant • Measure the vulnerability of link l to an attack • Possible physical interpretations: • Attack success probability • Proportion of xl lost during an attack • In practice, security constants can be obtained from security monitoring systems or statistical measurements

  10. Example of Setting Security Constants More vulnerable to attacks (e.g., cl = 0.9) • In subsequent discussion of objectives, assume cl = 1 for all links, i.e.,attack cost = data loss. Wireless link sink source Wired link Less vulnerable to attacks (e.g., cl = 0.1)

  11. Objective 1 One possible data allocation. • Minimize the worst-case data loss under the single-link attack 5 5 Fixed data rate 10Mb/s 5 source sink 5 5 5

  12. Objective 1 Another possible data allocation. Fixed data rate 10Mb/s 5 5 5 5 source sink 5 5

  13. Objective 1 Another possible data allocation. • Worst-case data loss cannot be less than 50% 5 5 Fixed data rate 10Mb/s 5 5 source sink 5 5

  14. Bandwidth-limited link (Only 4Mb/s allowed) Objective 2 • Minimize the worst-case data loss subject to bandwidth constraints 6 6 Fixed data rate 10Mb/s 6 source sink 4 4 4

  15. (6, 6, 6, 4, 4, 4, 0, 0, 0, 0)  (6, 4, 3, 3, 3, 3, 2, 2, 2, 2) Lexicographic Optimization 3 6 3 6 3 6 6 3 2 source source sink sink 2 4 4 2 4 Bandwidth-limited link (Only 4Mbs allowed) 2 4 Objective 3 • Minimize the ith worst-case data loss subject to bandwidth constraints, given already minimized attack costs for the worst-case, 2nd worst-case,…, (i-1)th worst-case. Fixed data rate 10Mb/s

  16. Solving Objective 1: Preflow-Push • Map minimax problem to max-flow problem • Preflow-push algorithm [Goldberg & Tarjan, 89]: • Nodes find the maximum flow from source to sink in a distributed fashion. • Basic idea of solving Objective 1 [Ahuja, 86]: • Each node sets capacity constraints of its outgoing links: cap(l) = 1/cl • Nodes solve max-flow problem under capacity constraints in a distributed fashion. • Each node allocates data for its outgoing links:(link flow) / (max flow).

  17. Solving Objective 2: Bound-Control • Bandwidth constraint: fraction boundbl • bl = (bandwidth of link l) / (session data rate) • Capacity constraint: cap(l) = min(1/cl, bl*f) • f = flow reaching the sink • Upper bound in max-flow problem • Basic idea of solving Objective 2: • Repeat • Distributed execution of Preflow-Push • Each node adjusts capacity constraints for its outgoing links • Until capacity constraints satisfied

  18. Lexicographic iteration Solving Objective 3: Lex-Control • Basic idea – solve lexicographic optimization: • Repeat • Distributed execution of Bound-Control • Each node identifies critical linksamong its outgoing links • Until all critical links spotted • Critical Links • Links whose data allocation has to be fixed to preserve the optimal attack cost • The network will then constitute a set of critical links, defined as the links whose attack costs cannot be further decreased without increasing . • In practice, Lex-Control provides the necessary resilience in 3 or 4 lexicographic iterations.

  19. Recap of Algorithms Lex-Control algorithm Bound-Control algorithm Preflow-Push algorithm Hierarchical solution to the three security objectives

  20. Experimental Setup • Consider three random networks generated by BRITE: • 200 nodes, 600 links • 200 nodes, 800 links • 200 nodes, 1000 links • Randomly assign security constants (0 to 1) and bandwidths (1 to 5 Mb/s) for all links • Metrics: • Attack cost • represents the actual proportion of data loss for the data session • Number of executions of Preflow-push • Routing overhead • The total number of routing packets transmitted during the simulation.

  21. Experiment 1 – Bound-Control • Minimized worst-case attack cost vs. different session throughputs

  22. Experiment 1 – Bound-Control • Number of executions of the Preflow-Push algorithm

  23. Experiment 1 – Bound-Control • Routing overhead

  24. Experiment 1 – Bound-Control • Single shortest path approach • Bound-Control (for maximal-rate model) • Bound-Control reduces the worst-case attack cost by 50-70%.

  25. Experiment 2 – Lex-Control • Number of links with severe attack cost vs. number of lexicographic iterations. • Attack cost is severe if it’s at least 25% of the worst-case attack cost. • E.g., for the attack-cost sequence (1, 0.5, 0.25, 0.1, 0.1), number of links with severe attack cost is 3.

  26. Experiment 3 Lex-Control algorithm subject to different scales of uniform link attacks.

  27. Experiment 4 • Lex-Control algorithm subject to the proportional and worst-case multi-link attacks

  28. Summary of Experiments • Bound-Control vs. Single-Path Routing: • Reduce the worst-case attack cost by 50-70% • Lex-Control vs. Bound-Control • Reduce # of links with severe attack costs by ~50% • Reduce aggregate attack cost in multi-link attacks: • by ~40% in the uniform 50-link attack • by ~23% in the proportional 5-link attack • by ~12% in the worst-case 5-link attack • 3 or 4 lexicographic iterations are enough

  29. Attack-resistant network • a specialized network that protects end hosts by surrounding them with a defensive architecture • Example • SOS (Secure Overlay Services) • Two crucial but contradicting criteria • (1) resiliency: the network should offer alternate paths in the face of node failures • (2) security: the network should confine the damage caused by compromised nodes. • To evaluate their trade-off via simulation

  30. Example of an attack-resistant network

  31. Conclusions • In this talk: • Proposed two distributed algorithms Bound-Control and Lex-Control that optimize respective security objectives. • Illustrated performance of Bound-Control and Lex-Control via simulation analysis. • More details in the paper: • Simulation results for multi-link attacks

More Related