Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
NDN Overview Content Poisoning Conclusion
Needle in a Haystack:Mitigating Content Poisoning in Named-Data
Networking
Cesar Ghali, Gene Tsudik, and Ersin Uzun
NDSS Workshop on Security of Emerging Networking Technologies (SENT)February 23, 2014
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 1
NDN Overview Content Poisoning Conclusion
Outline
NDN Overview
Content PoisoningProblem DefinitionContent RankingndnSIM Experiments
Conclusion
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 2
NDN Overview Content Poisoning Conclusion
NDN Overview
I Current Internet is designedI For point-to-pointI Not content distribution
I Research efforts: Develop new Internet architecture
I Named-Data Networking (NDN):I Funded by NSF as part of FIA programI 10 US institutionsI Security and privacy by design
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 3
NDN Overview Content Poisoning Conclusion
NDN Overview
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 4
NDN Overview Content Poisoning Conclusion
NDN Overview
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 5
NDN Overview Content Poisoning Conclusion
NDN Overview
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 6
NDN Overview Content Poisoning Conclusion
NDN Overview
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 7
NDN Overview Content Poisoning Conclusion
NDN Overview
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 8
NDN Overview Content Poisoning Conclusion
NDN Overview
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 9
NDN Overview Content Poisoning Conclusion
NDN Overview
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 10
NDN Overview Content Poisoning Conclusion
NDN Overview
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 11
NDN Overview Content Poisoning Conclusion
NDN Overview
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 12
NDN Overview Content Poisoning Conclusion
NDN Overview
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 13
NDN Overview Content Poisoning Conclusion
NDN Overview
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 14
NDN Overview Content Poisoning Conclusion
Outline
NDN Overview
Content PoisoningProblem DefinitionContent RankingndnSIM Experiments
Conclusion
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 15
NDN Overview Content Poisoning Conclusion
Problem Definition
Problem Definition
I NDN has built in security featuresI Producer signs contentI Consumer verifies signature
I Verifying signatures in routers is expensive
I Fake content can be injected into router cachesI Consumers verify signatureI No mechanism to cause removal of fake content from router
caches
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 16
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
I Routers verifying signatures prevents poisoningI ExpensiveI Requires fetching, parsing and verifying public keysI Know trust context
I Light-weight content ranking approachI Observe consumer behavior when receiving fake content
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 17
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 18
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 19
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 20
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 21
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 22
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 23
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 24
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Interest\{ }
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 25
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Interest\{ }
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 26
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 27
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 28
NDN Overview Content Poisoning Conclusion
Content Ranking
Content Ranking
I Assign a rank to each in-router cached content
I Ranges in [0, 1]
I Starts with 1, and decreases with time
I Depends on:I Number of exclusionsI Freshness of exclusionI Number of excluding interfaces
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 29
NDN Overview Content Poisoning Conclusion
Content Ranking
Content Ranking
I Assign a rank to each in-router cached content
I Ranges in [0, 1]
I Starts with 1, and decreases with time
I Depends on:I Number of exclusionsI Freshness of exclusionI Number of excluding interfaces
rank = e−t
f (# of exclusions, α0) · freshness · interfaces ratio
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 30
NDN Overview Content Poisoning Conclusion
ndnSIM Experiments
ndnSIM Experiments
I We used ndnSIM to simulate content ranking algorithm
I Experimental setup:I Adversary model:
I Pre-populate router cacheI Malicious consumers
I Different rates of pre-populated fake contentI Different rates of malicious consumersI Benign consumers stop after receiving valid content
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 31
NDN Overview Content Poisoning Conclusion
ndnSIM Experiments
ndnSIM Experiments – Topologies
DFN AT&T
ConsumerEdge RouterCore Router
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 32
NDN Overview Content Poisoning Conclusion
ndnSIM Experiments
ndnSIM Experiments - DFN
I Different pre-population rate & benign consumers
0 10 20 30 40 50 60 70Time [seconds]
0
20
40
60
80
100
Perc
epta
nge
of B
enig
n Co
nsum
ers
Rece
ivin
g Va
lid C
onte
nt
b-NDN, FCP = 80%m-NDN, FCP = 80%b-NDN, FCP = 90%m-NDN, FCP = 90%b-NDN, FCP = 99%m-NDN, FCP = 99%b-NDN, FCP = 99.9%m-NDN, FCP = 99.9%
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 33
NDN Overview Content Poisoning Conclusion
ndnSIM Experiments
ndnSIM Experiments - DFN
I 99.9% pre-population rate & benign and malicious consumers
0 10 20 30 40 50 60 70Time [seconds]
0
20
40
60
80
100
Perc
epta
nge
of B
enig
n Co
nsum
ers
Rece
ivin
g Va
lid C
onte
nt
b-NDN, MCP = 0%m-NDN, MCP = 0%b-NDN, MCP = 1%m-NDN, MCP = 1%b-NDN, MCP = 3%m-NDN, MCP = 3%b-NDN, MCP = 5%m-NDN, MCP = 5%b-NDN, MCP = 10%m-NDN, MCP = 10%
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 34
NDN Overview Content Poisoning Conclusion
ndnSIM Experiments
ndnSIM Experiments - AT&T
0 5 10 15 20 25 30 35 40Time [seconds]
0
20
40
60
80
100
Perc
epta
nge
of B
enig
n Co
nsum
ers
Rece
ivin
g Va
lid C
onte
nt
b-NDN, FCP = 80%m-NDN, FCP = 80%b-NDN, FCP = 90%m-NDN, FCP = 90%b-NDN, FCP = 99%m-NDN, FCP = 99%b-NDN, FCP = 99.9%m-NDN, FCP = 99.9%
0 10 20 30 40 50 60Time [seconds]
0
20
40
60
80
100
Perc
epta
nge
of B
enig
n Co
nsum
ers
Rece
ivin
g Va
lid C
onte
nt
b-NDN, MCP = 0%m-NDN, MCP = 0%b-NDN, MCP = 1%m-NDN, MCP = 1%b-NDN, MCP = 3%m-NDN, MCP = 3%b-NDN, MCP = 5%m-NDN, MCP = 5%b-NDN, MCP = 10%m-NDN, MCP = 10%
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 35
NDN Overview Content Poisoning Conclusion
Outline
NDN Overview
Content PoisoningProblem DefinitionContent RankingndnSIM Experiments
Conclusion
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 36
NDN Overview Content Poisoning Conclusion
Conclusion
I Content poisoning is a threat in current NDN design
I Our approach: content ranking is based on observingexclusion patterns
I Encouraging results up to 10% malicious consumers
I Future: ranking algorithm in active adversary model
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 37
NDN Overview Content Poisoning Conclusion
Thank you!
Questions?
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 38
NDN Overview Content Poisoning Conclusion
Adversary Model
I Fake content object:I invalid signature,I valid signature generated with the wrong key,I or, malformed Signature or KeyLocator field
I Valid content object – verifiable signature generated withcorrect key
I Adversary – NDN entity that can inject fake content
I Content poisoning – injects fake content
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 39
NDN Overview Content Poisoning Conclusion
Content Ranking
A. Number of Exclusions:I The more exclusions the less the weightI Define
I n|H(C) – content objectI Rn|H(C) = En|H(C)/Qn – exclusion rateI rto – rank of n|H(C) when expiresI αto – makes rank equal to rto when content expires
I Assign higher rank to content excluded less
α = αto −(Rn|H(C) × αto
)
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 40
NDN Overview Content Poisoning Conclusion
Content Ranking
B. Time Distribution of Exclusions:I Give more weight to newer exclusionsI Define
I in|H(C) – exclusion influence
in|H(C)(te) = 1− e−teβ
I te – time elapsed since last exclusionI β – determines influence degradation patternI tmw – time elapsed before minimally weighting n|H(C)
I Can calculate β by setting:I te = tmwI in|H(C) = 1
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 41
NDN Overview Content Poisoning Conclusion
Content Ranking
C. Excluding Interfaces Ratio:I Penalize content excluded on multiple interfacesI Define
I fn – # of router interfacesI fe ∈ [0, fn] – # of interfaces on which exclusion is received for
n|H(C)I fs ∈ [1, fn] – # of interfaces on which n|H(C) has been servedI en|H(C) ∈ [0, 1] – excluding interfaces ratio
en|H(C) =
{fs−fefs
if fs ≥ fe1 otherwise
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 42
NDN Overview Content Poisoning Conclusion
Content Ranking
I Based on previous definitions
rank = e−t
f (# of exclusions, α0) · freshness · interfaces ratio
I When content object has never been excludedI interfaces ratio = 1,I freshness = 1,I and, # of exclusions = 0
rank = e−t
f (α0)
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 43
NDN Overview Content Poisoning Conclusion
Content Ranking
I Based on previous definitions
rn|H(C)(t) = e
−ten|H(C)×in|H(C)(te )×[αto−(Rn|H(C)×αto)]
I When n|H(C ) has never been excludedI en|H(C) = 1,I in|H(C)(te) = 1,I and, Rn|H(C) = 0
rn|H(C)(t) = e−tαto
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 44
NDN Overview Content Poisoning Conclusion
ndnSIM Experiments
1. Tree Topology:
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 45
NDN Overview Content Poisoning Conclusion
ndnSIM Experiments
1. Tree Topology:
0 5 10 15 20 25 30Time [seconds]
0
20
40
60
80
100
Perc
epta
nge
of B
enig
n Co
nsum
ers
Rece
ivin
g Va
lid C
onte
nt
b-NDN, MCP = 0%m-NDN, MCP = 0%b-NDN, MCP = 2%m-NDN, MCP = 2%b-NDN, MCP = 4%m-NDN, MCP = 4%b-NDN, MCP = 6%m-NDN, MCP = 6%b-NDN, MCP = 10%m-NDN, MCP = 10%
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 46
NDN OverviewContent PoisoningProblem DefinitionContent RankingndnSIM Experiments
Conclusion