1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday 26.09.2005 C. Today I³SI³HIPHI³

1/32

Internet Architecture

Lukas Banach

Tutors: Holger Karl

Christian Dannewitz

Monday 26.09.2005

C. Today I³ SI³ HIP HI³

2/32

Overview

• Communication today• Problems

• I³• New services

• SI³• Denial of Service protection

• HIP• Cryptographic security

• HI³


3/32

Communication Today

• Via IP • Source and destination know one another• Identifier = Locator


4/32

Problems

• Mobility

• Multicast, Anycast etc.

• Protection against Denial of Service Attacks

• End-to-end security / authentication


5/32

Mobility

• Change the address space

Broken „connection“

Paderborn 1 Paderborn 2


6/32

Denial of Service Attack

• Flooding the host with useless traffic• Faulty connection • Loss of services


7/32

Internet Indirection Infrastructure


• Enables new services • Mobility• Multicast, Anycast …

• New overlay network

• Decouples sending from receiving

8/32

I³ - How It Works


sender (S) receiver (R)(id,data) (R,data)

• Receivers express interest in packets• Sources send packets to trigger • I³ servers store triggers / forward packets

(id,R)

9/32

Identifiers

• Identifiers are m bit long• Each identifier is mapped to an unique I³ server• First k bits select server

• Efficient trigger matching

(v,R1)

(x|y,R2)

(x|z,R3)(x|q,data) OR


sender (S)

receiver1 (R1)

receiver2 (R2)

receiver3 (R3)

10/32

Mobility

• Receiver moves from one location to another• Receiver updates its existing triggers• Simultaneous movement of sender & receiver possible• Identifier ≠ Locator

(id,R)sender (S)

receiver (R)

(id,data)

(R,data)

receiver (R‘)(R‘,data)

(id,R‘)


11/32

Public / Private Triggers

• Distinction only at application layer• First contact through public trigger• Private triggers are used for data communication

(id,S)

client (C) server (S)

(id,idPC)

(idPC,C)

(idPS,S)

(idPC,idPS)


12/32

Problems

• Mobility





13/32

Secure I³

• Extended I³

• Protection against DoS attacks

• Communication without revealing IP addresses

• Empowering end-hosts with more control


14/32

Control Against DoS Attacks

• Stop the Attack• Dilute the Attack• Slow Down the Attack• Evade the Attack• Multicast Access Control


15/32

Stop the Attack

• Remove public trigger• Prevent new clients from connecting• Preserving existing connections (private triggers)


Client3 (C3) Server (S)

(x,R)

(y,R)

(z,R)Client2 (C2)

Client1 (C1)Attacker (A)

16/32

Dilute the Attack

• Provide multiple public triggers• Drop a fraction of the total traffic• Still some triggers to connect• Learn which public triggers are alive• Change the subset of active public triggers

Victim (V)

(id1,V)

(id2,V)

(id3,V)

(id4,V)

Attacker (A)


17/32

Slow Down the Attack

• Use a powerful third-party server• Cryptographic puzzle• Each message with a unique puzzle

Server (S)(ida,A)

Client (C)

DoS-Filter (A)

1(idC,C)

2

(idS,S)

3


18/32

Secure I³ - Summary

• Advantages• Prevent IP level flooding• Inability to attack private communication• Alleviate flooding via triggers at the I³ level

• Costs• Overlay server – amount of network traffic


19/32

Problems

• Mobility





20/32

Host Identity Protocol

• New namespace

• New protocol layer

• Between internetworking and transport layer

• Public-key cryptography


21/32

Host Identity Protocol

• Host Identifier• Independent of IP address• Public key• Host Identity Tag (HIT)

• 128-bit representation for Host Identity

• Locator• IP address

• Binding transport associations to Host Identities


22/32

End-to-End Connection

• Using IPsec:

• Internet key exchange (Diffie-Hellman)

• Security association

• Security parameters index - connection identifier


23/32

Mobility

• First scenario – not connected• Mobile node – rendezvous mechanism

• Second scenario – connected• address change doesn`t brake TCP connection

• Third scenario • Move at the same time


24/32

Problems

• Mobility





25/32

Weaknesses

• SI³• Traffic flows through an overlay server• No encryption

• HIP• Rendezvous server is needed• Unable to deal with DoS attacks• Lacks support for multicast / anycast


26/32

Host Identity Indirection Infrastructure (HI³)

• Combination of (S)I³ and HIP

• More efficient SI³

• More secure than SI³

• Better DoS protection than HIP

• Rendezvous service


27/32

HI³ Architecture

• Using HITs as SI³ triggers• I³ server is similar to rendezvous server

• Basic Idea:

• Separation of data / control traffic• Use SI³ to route HIP control packets• Data packets via HIP • IPsec protected end-to-end traffic


28/32

HI³ Architecture

(idPUB,R)

Client (C)Server (S)

Public/private trigger insertion

(idPRI,R)


I1

I1

private trigger

priv

ate

trigg

er

IPsec protected

SI³

HIP

29/32

Seperating Data And Control

• Control traffic:

• Via SI³

• DoS protection

• Mobility


30/32

Seperating Data And Control

• Data traffic:

• IPsec / SPI used to implements DoS protection

• Middle box forwards traffic (destination Address, SPI)

• HIP mobility


31/32

Problems

• Mobility





32/32

The End

Questions ?


Documents

1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday 26.09.2005 C. Today I³SI³HIPHI³