needle in a haystack: mitigating content poisoning in ...2017/09/01 · february 23, 2014 cesar...
TRANSCRIPT
-
NDN Overview Content Poisoning Conclusion
Needle in a Haystack:Mitigating Content Poisoning in Named-Data
Networking
Cesar Ghali, Gene Tsudik, and Ersin Uzun
NDSS Workshop on Security of Emerging Networking Technologies (SENT)February 23, 2014
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 1
-
NDN Overview Content Poisoning Conclusion
Outline
NDN Overview
Content PoisoningProblem DefinitionContent RankingndnSIM Experiments
Conclusion
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 2
-
NDN Overview Content Poisoning Conclusion
NDN Overview
I Current Internet is designedI For point-to-pointI Not content distribution
I Research efforts: Develop new Internet architecture
I Named-Data Networking (NDN):I Funded by NSF as part of FIA programI 10 US institutionsI Security and privacy by design
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 3
-
NDN Overview Content Poisoning Conclusion
NDN Overview
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 4
-
NDN Overview Content Poisoning Conclusion
NDN Overview
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 5
-
NDN Overview Content Poisoning Conclusion
NDN Overview
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 6
-
NDN Overview Content Poisoning Conclusion
NDN Overview
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 7
-
NDN Overview Content Poisoning Conclusion
NDN Overview
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 8
-
NDN Overview Content Poisoning Conclusion
NDN Overview
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 9
-
NDN Overview Content Poisoning Conclusion
NDN Overview
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 10
-
NDN Overview Content Poisoning Conclusion
NDN Overview
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 11
-
NDN Overview Content Poisoning Conclusion
NDN Overview
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 12
-
NDN Overview Content Poisoning Conclusion
NDN Overview
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 13
-
NDN Overview Content Poisoning Conclusion
NDN Overview
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 14
-
NDN Overview Content Poisoning Conclusion
Outline
NDN Overview
Content PoisoningProblem DefinitionContent RankingndnSIM Experiments
Conclusion
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 15
-
NDN Overview Content Poisoning Conclusion
Problem Definition
Problem Definition
I NDN has built in security featuresI Producer signs contentI Consumer verifies signature
I Verifying signatures in routers is expensive
I Fake content can be injected into router cachesI Consumers verify signatureI No mechanism to cause removal of fake content from router
caches
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 16
-
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
I Routers verifying signatures prevents poisoningI ExpensiveI Requires fetching, parsing and verifying public keysI Know trust context
I Light-weight content ranking approachI Observe consumer behavior when receiving fake content
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 17
-
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 18
-
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 19
-
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 20
-
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 21
-
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 22
-
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Interest
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 23
-
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 24
-
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Interest\{ }
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 25
-
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Interest\{ }
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 26
-
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 27
-
NDN Overview Content Poisoning Conclusion
Content Ranking
Counter-measures
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 28
-
NDN Overview Content Poisoning Conclusion
Content Ranking
Content Ranking
I Assign a rank to each in-router cached content
I Ranges in [0, 1]
I Starts with 1, and decreases with time
I Depends on:I Number of exclusionsI Freshness of exclusionI Number of excluding interfaces
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 29
-
NDN Overview Content Poisoning Conclusion
Content Ranking
Content Ranking
I Assign a rank to each in-router cached content
I Ranges in [0, 1]
I Starts with 1, and decreases with time
I Depends on:I Number of exclusionsI Freshness of exclusionI Number of excluding interfaces
rank = e−t
f (# of exclusions, α0) · freshness · interfaces ratio
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 30
-
NDN Overview Content Poisoning Conclusion
ndnSIM Experiments
ndnSIM Experiments
I We used ndnSIM to simulate content ranking algorithm
I Experimental setup:I Adversary model:
I Pre-populate router cacheI Malicious consumers
I Different rates of pre-populated fake contentI Different rates of malicious consumersI Benign consumers stop after receiving valid content
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 31
-
NDN Overview Content Poisoning Conclusion
ndnSIM Experiments
ndnSIM Experiments – Topologies
DFN AT&T
ConsumerEdge RouterCore Router
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 32
-
NDN Overview Content Poisoning Conclusion
ndnSIM Experiments
ndnSIM Experiments - DFN
I Different pre-population rate & benign consumers
0 10 20 30 40 50 60 70Time [seconds]
0
20
40
60
80
100
Perc
epta
nge
of B
enig
n Co
nsum
ers
Rece
ivin
g Va
lid C
onte
nt
b-NDN, FCP = 80%m-NDN, FCP = 80%b-NDN, FCP = 90%m-NDN, FCP = 90%b-NDN, FCP = 99%m-NDN, FCP = 99%b-NDN, FCP = 99.9%m-NDN, FCP = 99.9%
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 33
-
NDN Overview Content Poisoning Conclusion
ndnSIM Experiments
ndnSIM Experiments - DFN
I 99.9% pre-population rate & benign and malicious consumers
0 10 20 30 40 50 60 70Time [seconds]
0
20
40
60
80
100
Perc
epta
nge
of B
enig
n Co
nsum
ers
Rece
ivin
g Va
lid C
onte
nt
b-NDN, MCP = 0%m-NDN, MCP = 0%b-NDN, MCP = 1%m-NDN, MCP = 1%b-NDN, MCP = 3%m-NDN, MCP = 3%b-NDN, MCP = 5%m-NDN, MCP = 5%b-NDN, MCP = 10%m-NDN, MCP = 10%
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 34
-
NDN Overview Content Poisoning Conclusion
ndnSIM Experiments
ndnSIM Experiments - AT&T
0 5 10 15 20 25 30 35 40Time [seconds]
0
20
40
60
80
100
Perc
epta
nge
of B
enig
n Co
nsum
ers
Rece
ivin
g Va
lid C
onte
nt
b-NDN, FCP = 80%m-NDN, FCP = 80%b-NDN, FCP = 90%m-NDN, FCP = 90%b-NDN, FCP = 99%m-NDN, FCP = 99%b-NDN, FCP = 99.9%m-NDN, FCP = 99.9%
0 10 20 30 40 50 60Time [seconds]
0
20
40
60
80
100
Perc
epta
nge
of B
enig
n Co
nsum
ers
Rece
ivin
g Va
lid C
onte
nt
b-NDN, MCP = 0%m-NDN, MCP = 0%b-NDN, MCP = 1%m-NDN, MCP = 1%b-NDN, MCP = 3%m-NDN, MCP = 3%b-NDN, MCP = 5%m-NDN, MCP = 5%b-NDN, MCP = 10%m-NDN, MCP = 10%
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 35
-
NDN Overview Content Poisoning Conclusion
Outline
NDN Overview
Content PoisoningProblem DefinitionContent RankingndnSIM Experiments
Conclusion
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 36
-
NDN Overview Content Poisoning Conclusion
Conclusion
I Content poisoning is a threat in current NDN design
I Our approach: content ranking is based on observingexclusion patterns
I Encouraging results up to 10% malicious consumers
I Future: ranking algorithm in active adversary model
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 37
-
NDN Overview Content Poisoning Conclusion
Thank you!
Questions?
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 38
-
NDN Overview Content Poisoning Conclusion
Adversary Model
I Fake content object:I invalid signature,I valid signature generated with the wrong key,I or, malformed Signature or KeyLocator field
I Valid content object – verifiable signature generated withcorrect key
I Adversary – NDN entity that can inject fake content
I Content poisoning – injects fake content
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 39
-
NDN Overview Content Poisoning Conclusion
Content Ranking
A. Number of Exclusions:I The more exclusions the less the weightI Define
I n|H(C) – content objectI Rn|H(C) = En|H(C)/Qn – exclusion rateI rto – rank of n|H(C) when expiresI αto – makes rank equal to rto when content expires
I Assign higher rank to content excluded less
α = αto −(Rn|H(C) × αto
)
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 40
-
NDN Overview Content Poisoning Conclusion
Content Ranking
B. Time Distribution of Exclusions:I Give more weight to newer exclusionsI Define
I in|H(C) – exclusion influence
in|H(C)(te) = 1− e−teβ
I te – time elapsed since last exclusionI β – determines influence degradation patternI tmw – time elapsed before minimally weighting n|H(C)
I Can calculate β by setting:I te = tmwI in|H(C) = 1
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 41
-
NDN Overview Content Poisoning Conclusion
Content Ranking
C. Excluding Interfaces Ratio:I Penalize content excluded on multiple interfacesI Define
I fn – # of router interfacesI fe ∈ [0, fn] – # of interfaces on which exclusion is received for
n|H(C)I fs ∈ [1, fn] – # of interfaces on which n|H(C) has been servedI en|H(C) ∈ [0, 1] – excluding interfaces ratio
en|H(C) =
{fs−fefs
if fs ≥ fe1 otherwise
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 42
-
NDN Overview Content Poisoning Conclusion
Content Ranking
I Based on previous definitions
rank = e−t
f (# of exclusions, α0) · freshness · interfaces ratio
I When content object has never been excludedI interfaces ratio = 1,I freshness = 1,I and, # of exclusions = 0
rank = e−t
f (α0)
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 43
-
NDN Overview Content Poisoning Conclusion
Content Ranking
I Based on previous definitions
rn|H(C)(t) = e
−ten|H(C)×in|H(C)(te )×[αto−(Rn|H(C)×αto)]
I When n|H(C ) has never been excludedI en|H(C) = 1,I in|H(C)(te) = 1,I and, Rn|H(C) = 0
rn|H(C)(t) = e−tαto
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 44
-
NDN Overview Content Poisoning Conclusion
ndnSIM Experiments
1. Tree Topology:
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 45
-
NDN Overview Content Poisoning Conclusion
ndnSIM Experiments
1. Tree Topology:
0 5 10 15 20 25 30Time [seconds]
0
20
40
60
80
100
Perc
epta
nge
of B
enig
n Co
nsum
ers
Rece
ivin
g Va
lid C
onte
nt
b-NDN, MCP = 0%m-NDN, MCP = 0%b-NDN, MCP = 2%m-NDN, MCP = 2%b-NDN, MCP = 4%m-NDN, MCP = 4%b-NDN, MCP = 6%m-NDN, MCP = 6%b-NDN, MCP = 10%m-NDN, MCP = 10%
Cesar Ghali, Gene Tsudik, and Ersin Uzun SENT 2014
Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking 46
NDN OverviewContent PoisoningProblem DefinitionContent RankingndnSIM Experiments
Conclusion