Dynamic Network Emulation

Security Analysis for Application Layer Protocols

2

There are many network simulation and network analysis tools designed to look at issues in Layer 2

and Layer 3 protocols

The Problem

… but as the use of overlay networks grow, large amounts of network activity occurs at the

application layer.

3

Overlay network security can significantly depend upon network topology and routing

The Problem

In onion-routing style anonymity networks, an

adversary who can observe both sides of the anonymous

path can break anonymity

An adversary can position themselves to observe Skype

calls routed through super nodes.

…but we don’t have a good way to analyze the feasibility and effectiveness of these attacks

4

Good ISP

Okay ISP

Bad ISP

In onion-routing style anonymity networks, an adversary who can observe both sides of the anonymous path can break anonymity

The Problem: Extended

5

The Problem: Extended

In onion-routing style anonymity networks, an adversary who can observe both sides of the anonymous path can break anonymity

What if the adversary can force a change in routing

between two hosts?

What if they can do it for N host-

pairs?

Do some routing protocols

exacerbate this issue?

6

• Ideally, the same way we do with other things

• Unfortunately these are real applications, running in the real world, and we want to know how that world affects them

How can we answer these questions?

Hypothesize Test Explain

7

• We can observe real-world data, but we have:... limited vantage points... little ability to test hypotheses... no way to change the environment

How can we answer these questions?

What we need is a application layer network modeling environment

8

• Network Testbeds: – Clusters of isolated machines that can be

reserved and configured into network topologies

• Network Simulators:– Tools that simulate network applications at

varying levels of fidelity

• Network Emulators:– Tools that create a fake network on which real-

world applications can be run without modification

Modeling Environments Exist

Each of these has downsides

9

• Network testbeds can suffer from contention and scalability

• Network simulators use an abstraction for the application; security often depends on corner cases

• Network emulators often prevent network manipulation once configured and operating

Modeling Environments Exist

…but it’s not all bad

10

• Network emulators have significant benefits– They run actual application binaries– They require drastically less hardware

• Unfortunately many existing emulators use static routing and do not allow live network manipulation

Modeling Environments Exist

11

PROJECT PROPOSAL

12

Proposal: GUFiNE“GU Flexible Network Emulation”

Application instances connected in arbitrary network topologies

Host Emulator

Contained within an emulation host

Host EmulatorOr a collection of emulation hosts

13

Emulation Host

Proposal: GUFiNE

Linux

Application Level

Net Emulator Routing EngineNetwork Stack

Net Emulator Control Interface

Network Emulator

NetworkApplications

Path information is stored in the

routing engine and used for traffic

shaping and routing

Packets are delayed and re-injected (without ever

leaving the host).

Path characteristics (delay, bandwidth) and routing can be updated on the fly

14

• GUFiNE transparently creates a network topology for applications running on the host– Applications simply bind to an IP address

alias

• The control plane allows routing and network link characteristics to be modified on the fly

Proposal: GUFiNE

15

• Allows exploring questions in changing network conditions. – What advantage does an adversary receive if they can

shift the routing between two hosts when trying to break anonymity in an onion routing network?

– What if they can do it for N host-pairs?

• Can explore these questions with real application binaries

Proposal: GUFine

16

Goal:• Single host dynamic

emulator module• Control toolchain

Costs:• 6 months• $29,500

Goal:• Multi-host distributed

emulation• Distributed control toolchain

Costs:• 6 Months• $50,000

Proposal Requirements

Part 2Part 1

Research proposal; costs are estimated; success is not guaranteed

17

QUESTIONS