… but i know you are there … of dynamic ip addresses, mobility, and related beasts threatening...

but I know you are there

Of dynamic IP addresses, mobility, and related beasts threatening P-Grid in the real worldManfred Hauswirth

2002, Manfred Hauswirth, EPFL-I&C-IIF, Laboratoire de systmes d'informations rpartis

OverviewNasty networking world threats to P-GridDynamic IP addresses and mobilityFirewallsNetwork Address Translation (NAT)Is it really you? Authenticity and DOS attacksYour knight in shining armor - IPv6 will rescue you!I want my IPv6 or how to live in an imperfect IPv4 worldJe ne sais pas zero-knowledge protocols for authentication of dynamic IP addresses in P-GridDealing with NAT and firewalls in P-Grid


Dynamic IP addresses/mobilityTypically hosts have changing IP addressesDynamic Host Configuration Protocol (lease time)Host mobility (physical mobility)No problem for pull-based P2P systemsNew peer initiates a permanent connection to other peer(s) that route(s) requests to the new peer via this connection (for example, Gnutella).No permanent connection problemBIG problem for pushed-based P2P systemsPeers actively try to connect via a new connection (for example, P-Grid)What if the IP address has changed in the meantime?Location transparency? Migration transparency?


Firewalls

Internet

WebServerInternalFirewallInternal NetworkPerimeter NetworkExternalFirewallExternal firewall shields serversInternal firewall shields internal networkIncoming connections usually are blocked

MailServerP-GridpeerP-Gridpeer


Network Address Translation (NAT)NAT translates private (non-routable IP) addresses into public (routable) onesUnidirectional concept (from Intranets to Internet)Bi-directional possible, but difficult and thus usually not configuredMany protocols are not NAT-friendly: VoIP, RTP, RTCP, IPSec, P-Grid, etc.

Internet

P-Grid peer192.168.3.xSegment ASegment ASegment A192.168.1.x192.168.2.x192.168.3.x128.178.50.93NAT-enabledrouter with public (routable) IP addressPrivate IP addresses (non-routable)P-Gridpeer


Authenticity and DOS attacksScenario:P-Grid is operationalSome peers have dynamic IP addressesProblems:How to find out that old address has become invalid?No response Network problem? Peer got new address?Response Is it still you, John? (authenticity, replay, man-in-the-middle)DOS attacks are very simple:Assume peers report back their new IP addressEvilHacker.org participates in P-Grid and thus finds out IP addressesEvilHacker.org reports all IP addresses it finds pointing to random hosts or itself


Problems to tackle for P-GridIP addresses (hostnames) are everywhereRouting tablesIndexPeer authenticityRate of IP address changes may be crucial (thrashing)NAT must be addressed for applicability of P-Grid for end-users


IPv6 your knight in shining armorNo more need for dynamic addresses or NATIPv6 address space is ~3,4 * 1038 (or 1030 addresses per person on the planet)IPv4 (current) address space is 232IPsec (included in IPv6)solves authentication problemDOS attacks are more difficultMobility is addressedIPv6: home/foreign addressIPv4: mobility extension but not supported on a large scaleProblem: IPv6 has not been deployed yet


Mobile IP (v6 version)home agenthome location of mobile hostmobile hostcorrespondenthost


Dynamic IP addresses in P-Grid (proposal)Each peer is uniquely identified by a Universal Unique Identifier (UUID)UUIDs are mapped onto IP addresses via a directory services, i.e., P-Grid itselfrouting tables/index: UUIDs instead of IP addressesto be studied whether this will work (hen/egg problem)Upon coming online again each P-Grid peer inserts its new IP address into the P-Grid mapping UUIDs onto IP addressesAuthenticity of mappingsPublic key schemes: too heavy and too much administrative effortUse zero-knowledge-based scheme instead


Zero-knowledge protocolsFacilitate identification, key exchange, digital signatures and other cryptographic operationsSmaller computational requirements than public key protocolsFeatures:Verifier cannot learn anything from the protocol (no information is transferred)Prover cannot cheat the verifier (if P does not know the secret) and vice versaVerifier cannot impersonate the prover to a third partyConfidence can be built incrementally (rounds)Cut-and-choose: one wrong answer and you are outParallel and offline processing possible


Zero-knowledge protocol exampleIn reality zero-knowledge protocols are based on hard-to-solve problems:Solving discrete logarithms for large numbersKnowing if a number is a square mod n or not, if you dont know the factors of nFactoring large numbers that are products of large primesProverSecret doorAli Babas caveVerifierP is in a random branch of the cave which V does not knowV enters the cave and tells P to come out at a random branchOnly if P knows the password for the secret door P can come out in the right branch every time and this proofing to know the password without sending/revealing itMore rounds increase confidence


Feige-Fiat-Shamir proof of identityPre-calculation: An arbitrator generates a random modulus n (product of two large primes) and derives a public and private key pair for P:Public key: v is a quadratic residue mod n (i.e., x2 = v mod n has a solution and v-1 mod n exists).Private key: the smallest s for which s = sqrt(1/v) mod n.The identification protocol proceeds then as followsP picks a random number r where r

Feige-Fiat-Shamir properties An impersonator can pick r such that he can reply if V sends a 0 or 1 bit, but she cannot prepare for both cases 50% to be caught in each round. V cannot masquerade as P to another verifier, as the bit V randomly sent to Peggy earlier has only a 50% chance of being the same as the second verifier will ask for.r should not be reused: V could send the other random bit, and collect a set of both responses. Then, if he had enough of these, he could try to impersonate P to an outsider. This protocol can be implemented in a parallel fashion, making the public and private keys be a set of quadratic residues mod n, etc. Then you can do as many rounds in parallel as you have keys in the set, speeding up the protocol (but with larger memory requirements) and needing fewer messages.


Dealing with NAT - 1All traffic between the peers is done via a single UDP portA new peer (or changed address) sends a message holding the address it thinks it has to the address directory (P-Grid)The directory maps the peers UUID to the address sent by the peer and the address found in the UDP packetThe directory sends both addresses to all other (old) peers (which?) and everyone (?) knows everyone elses addressTo open a P2P connection all old peers send a UDP packet to the new peer and the new peer sends a UDP packet to each of the old peers (actually 2 packets - both addresses)This causes everyones NAT to open a bi-directional hole for the UDP traffic to go through.Once the first reply comes back the sender knows which return address to use and can stop sending to both.


Dealing with NAT - 2ProblemsNAT software must not change the number of UDP ports used by the stream of packetsIf a host behind a NAT sends a series of packets from a single UDP port, the packets as relayed by the NAT should also appear to come from a single host and UDP portWhich hosts to contact (both old and new)?Stability criteria for the directory (P-Grid)


Dealing with firewallsDepends on cooperation of administratorsOnly 3 possible solutions:Open P-Grid portSupply a P-Grid proxy which is installed on the firewallSupply some freely accessible P-Grid proxies and firewalled peers query them regularly (poll ) for tasks and results.Tunneling does not work because it is not determined which peer will contact which other peer.


ConclusionTo be applicable for end users IP address issues must be solvedNot only a problem for P-Grid but for any push-based (P2P) system once we have a solution for P-Grid this maybe become even a general solution for all such systemsUse Feige-Fiat-Shamir for authentication based on existing FFS implementation (David Schaar)Include dynamic IP addresses (Roman works on this already)Investigate whether P-Grid would work as a directory for mappings (simulations)Address NATs as describedProxy for firewalled networks


… but i know you are there … of dynamic ip addresses, mobility, and related beasts threatening...

Documents