SCION: S calability, C ontrol and I solation O n Next-Generation N etworks
description
Transcript of SCION: S calability, C ontrol and I solation O n Next-Generation N etworks
![Page 1: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/1.jpg)
1
SCION:Scalability, Control and Isolation On
Next-Generation Networks
Xin Zhang, Hsu-Chun Hsiao, Geoff Hasker, Haowen Chan, Adrian Perrig, David Andersen
![Page 2: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/2.jpg)
ApplicationApplication
TransportTransport
Data linkData link
NetworkNetwork
PhysicalPhysical
The Internet is still unreliable and insecure!
2
Feb 2008: Pakistani ISP hijacks YouTube prefix
Apr 2010: A Chinese ISP inserts fake routes affecting thousands of US networks.
Nov 2010: 10% of Internet traffic 'hijacked' to Chinese servers due to DNS Tampering.
S-BGP origin attest.
S-BGP origin attest.
S-BGP route attest.DNSSec Multi-path
Fixes to date – ad hoc, patchesInconvenient truths
S-BGP: delayed convergence Global PKI: single root of trust
![Page 3: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/3.jpg)
Limitations of the Current Internet Too little or too much path control by end points
D
C
A
B M
D’s prefix here!D’s prefix here!
3
Prefer the red path …Prefer the red path …
Destination has too little control over inbound paths Source has too much control to aggregate DDoS traffic
![Page 4: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/4.jpg)
Limitations of the Current Internet Too little or too much path control by end points
4
Destination has too little control over inbound paths Source has too much control to aggregate DDoS traffic
Lack of routing isolationA failure/attack can have global effectsGlobal visibility of paths is not scalable
Lack of route freshnessCurrent (S-)BGP enables replaying of obsolete paths
![Page 5: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/5.jpg)
Related Work Routing security
S-BGP, soBGP, psBGP, SPV, PGBGP Routing control
Multipath (MIRO, Deflection, Path splicing, Pathlet), NIRA Scalable and policy-based routing
HLP, HAIR, RBF Secure DNS
DNSSec Source accountability and router accountability
AIP, Statistical FL, PAAI
5
![Page 6: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/6.jpg)
Wish List (1): Isolation
6
… … … …
M
Attacks(e.g., bad routes)
… …
…
Localization of attacks Mutually distrusting domains, no single root of trust
… …
Independent routing region
![Page 7: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/7.jpg)
Wish List (2): Balanced Control
77
… … … …
CMU
PSC
I2L3
… …
D
CA B
Hide the peering link from CMU
Hide the peering link from CMU
Source, destination, transit ISPs all have path control Support rich policies and DDoS defenses
![Page 8: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/8.jpg)
Wish List (3): Explicit Trust
8
CMU
PSC
Level 3 I2
Know who needs to be trusted
X Y Z
Who will forwardPackets on the path?
Who will forwardPackets on the path?Go through X and Z,
but not YGo through X and Z,
but not Y
Enforceable accountability … … … … … …
Internet
![Page 9: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/9.jpg)
SCION Architecture Overview
9
Source Destination
PCB
Trust domain (TD)s Isolation and scalability
Path construction scalability
Path resolution Control Explicit trust
Route joining (shortcuts) Efficiency, flexibility
S: blue pathsD: red paths
path srvTD
TD Core
AD: admin domain
![Page 10: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/10.jpg)
Logical Decomposition Split the network into a set of trust domains (TD)
10
TD: isolation of route computation
TD cores: interconnected Tier-1 ADs (ISPs)
SourceDestination
corecore
Up-pathsDown-paths
![Page 11: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/11.jpg)
Path Construction Beacons (PCBs)
11
TD Core
A
B
CEmbed into pkts
: interface : Opaque field : expiration time : signature
= SIG( || || )
= ||MAC( )
= SIG( || || || )
= || MAC( || )
= || MAC( || )
= SIG( || || || )
![Page 12: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/12.jpg)
SCION Security Benefits
12
S-BGP etc SCION
Isolation
Scalability, freshness
Path replay attack
Collusion attack
Single root of trust
Trusted Computing Base Whole InternetTD Core and on-
path ADs
Path Control
SourceEnd-to-end
controlOnly up-path
Destination No control Inbound paths
DDoS Open attacks Enable defenses
![Page 13: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/13.jpg)
Performance Benefits Scalability
Routing updates are scoped within the local TD
FlexibilityTransit ISPs can embed local routing policies in opaque fields
Simplicity and efficiencyNo inter-domain forwarding table
13
![Page 14: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/14.jpg)
Evaluation Methodology
Use of CAIDA topology information
Assume 5 TDs (AfriNIC, ARIN, APNIC, LACNIC, RIPE)
We compare to S-BGP/BGP
14
![Page 15: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/15.jpg)
Performance Evaluation Additional path length (AD hops) compared to BGP
without shortcuts: 21% longer
with shortcuts: 1 down/up- path: 6.7% 2 down/up- path: 3.5% 5 down/up- path: 2.5%
15
![Page 16: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/16.jpg)
Policy Expressiveness Evaluation Fraction of BGP paths available under SCION, reflecting
SCION’s expressiveness of BGP policies
16
![Page 17: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/17.jpg)
Security Evaluation Resilience against routing and data-plane attacks
Malicious ADs announce bogus links between each other
17
SCION
S-BGP
![Page 18: SCION: S calability, C ontrol and I solation O n Next-Generation N etworks](https://reader035.fdocuments.net/reader035/viewer/2022062802/568145b0550346895db2adfe/html5/thumbnails/18.jpg)
ConclusionsBasic architecture design for a next-generation network that emphasizes isolation, control and explicit trust
Highly efficient, scalable, available architecture
Enables numerous additional security mechanisms, e.g., network capabilities
18