Upload File

npla: network prefix level authentication ming li,yong cui,matti siekkinen,antti ylä-jääski aalto...

  • Home
  • Documents
  • NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China
14
NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China

Upload: stephan-kilby

Post on 16-Dec-2015

215 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China

NPLA: Network Prefix Level Authentication

Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski

Aalto University, FinlandTsinghua University, China

Page 2: NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China

Structure

MotivationObjectiveArchitecture overviewImplementationOverheadConclusion and future work

GlobeCom'10 Workshop on FutureNet, Miami, Florida, USA

Page 3: NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China

Motivation

IP addresses spoofingLack of accountabilityDoS, vulnerability scanning,...Ruin noval applications in practice

...

GlobeCom'10 Workshop on FutureNet, Miami, Florida, USA

Page 4: NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China

Our GoalProvide packet level authentication on the Internet

Basic ApproachDigital signatures on packets

Objective

GlobeCom'10 Workshop on FutureNet, Miami, Florida, USA

Page 5: NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China

Objective

Accountability is the responsibility for one’s actions

Link actions to their actorsPunish misbehavior

Packet AuthenticationEliminate/mitigate source spoofing based attacks

Target for existing Internet not clean slate solution

GlobeCom'10 Workshop on FutureNet, Miami, Florida, USA

Page 6: NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China

Architecture overview (NPLA)

GlobeCom'10 Workshop on FutureNet, Miami, Florida, USA

Page 7: NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China

Implementation

Inject/verify entities

Interact with legacy entitiesHost, router, NAT, prefix aggregation...

OverheadEffectiveness

What kind of key

Which protocol layer

Signature sizeCrypt. securityKey distribution

Granularity

How to implement if we intend to for partial deployment in today’s Internet

GlobeCom'10 Workshop on FutureNet, Miami, Florida, USA

Page 8: NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China

Requirements->Implementation

Strong identitifier/on route entities could verify the packets -> key type

Asymmetric key

Compatibility -> protocol layer Shim layer between IP and TCP

GlobeCom'10 Workshop on FutureNet, Miami, Florida, USA

Page 9: NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China

Requirements->Implementation...

Key distributionPublic key infrastructure (PKI) Routing protocols (BGP)Offline

Signature size and security ECC public key cryptography algorithm

Security: 163-bit ECC key = 1024-bit RSA key

GlobeCom'10 Workshop on FutureNet, Miami, Florida, USA

Page 10: NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China

Requirements->Implementation...

Security level/key management overhead -> authentication granularity

Host/personal level Network prefix level (intra-domain)

AS level (inter-domain)

Signature injection and verification entities

Prefix border router AS border router

GlobeCom'10 Workshop on FutureNet, Miami, Florida, USA

Page 11: NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China

Requirements->ImplementationPartial/incremental deployment, interact with legacy entities

Legacy host (strip off before arriving)

Router (compatible)NAT (update)Prefix aggregation (known to the administrator)

Incentive deploymentIP fragmentation

GlobeCom'10 Workshop on FutureNet, Miami, Florida, USA

Page 12: NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China

Overhead and performance

The overhead must be affordableComputation overhead (FPGA crypt hardware)

Generate 645K/s and verify 283K/s signatures

Generate 3.8G/s and 1.7G/s traffic

Traffic overhead (%6-10%)Memory overhead

13MB for prefix level authenticationGlobeCom'10 Workshop on FutureNet, Miami, Florida, USA

Page 13: NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China

Overhead and PerformanceDelay

~16us per generation~24us per verification

GlobeCom'10 Workshop on FutureNet, Miami, Florida, USA

Page 14: NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China

Conclusion and Future WorkAuthenticate packets to its claimed network prefix

Implementation challengesHow to make it work in practice?

Future workImplementation in real networks

GlobeCom'10 Workshop on FutureNet, Miami, Florida, USA


T-110.5110 Computer Networks II Quality of Service 20.10.2008 Dr. Matti Siekkinen [email protected] (Primary sources: C. Hota: “Quality of Service in

Growth Markets in the US - IDC Analysis Prepared by Pipsa Ylä-Monoen, Country Manager IDC Oy, Email [email protected]

User Datagram Protocol (UDP) Background Transmission ... · User Datagram Protocol (UDP) Transmission Control Protocol (TCP) Matti Siekkinen ... User Datagram Protocol (UDP) ! Lightweight

Jyrki Ali-Yrkkö – Raimo Lovio – Pekka Ylä-Anttila (Eds.) · 4 Jyrki Ali-Yrkkö & Raimo Lovio & Pekka Ylä-Anttila Obviously, large corporations constitute a very significant

T-110.5111 Computer Networks II Green ICT - Aalto … · T-110.5111 Computer Networks II Green ICT 10.10.2011 Matti Siekkinen External sources: • Y. Xiao: Green communications

1 2 3 4 · Map Key ¬ Visitor Center!@ ... On-plane corridor N ew O nPla C orid Sl ow sp e dc ri ... West Lake Little Henry Lake Long Lake Seven Palm C ot Bay Lake

Siekkinen, Matti; Masala, Enrico; Nurminen, Jukka K ... · 1 Optimized Upload Strategies for Live Scalable Video Transmission from Mobile Devices Matti Siekkinen, Enrico Masala, Senior

A joint Initiative of Ludwig-Maximilians-Universität and Ifo … · 2021. 1. 26. · Jouko Ylä-Liedenpohja Department of Economics FIN-33014 University of Tampere Finland [email protected]

Taxes and Venture Capital Support · comments by Jouka Ylä-Liedenpohja and other participants in the European Finan-cial Association 2002 conference in Berlin. We also benefited

ANCESTRY MILITARY OR VETERAN STATUS AGE ......pregnancy disability it is to the same position and for CFRA or NPLA it is to the same or a comparable position- at the end of the leave,

T-110.5110 Computer Networks II Quality of Service 19.10.2009 Prof. Sasu Tarkoma Based on slides by Dr. Matti Siekkinen (Primary sources: C. Hota: “Quality

Green ICT 2011 · T-110.4100 Computer Networks Green ICT 18.10.2011 Matti Siekkinen External sources: • Y. Xiao: Green communications. T-110.5116 lecture. Aalto. 2010

Ylä-Lapin riekkokannan arviointi - kanakoira-avusteinen laskenta - Antti Paasivaara, Luke

10 Sure Fire Ways to Get Sued by Your Employees …...Employee Eligibility Comparison FMLA CFRA PDL New Parent Leave Act (NPLA) – 1/1/18 (3) 50+ EEs within 75 miles of worksite -

Evaluation of ERT nPLA compounds · • Talc in the ERT F1 formulation increases the modulus. • PDLA increases the modulus of semi-crystalline specimen vs. amorphous specimen.

1 Accurate Online Full Charge Capacity Modeling of ...1 Accurate Online Full Charge Capacity Modeling of Smartphone Batteries Mohammad A. Hoque, Matti Siekkinen, Jonghoe Koo, and Sasu

18 November 2015 1 Root Cause Analysis of TCP Throughput: Methodology, Techniques, and Applications Matti Siekkinen Ph.D. Defense October 30, 2006 Institut

Green Energy Jan-Harm Steenkamp Mari Ylä-Uotila Sabrina Rehner Pauline Malguth Frank Teeuwssen Evgeniya Solodchenko

T ro nd h eim luft av , Væ s Re strik jo npla - avinor.no · 3 1 0 1 4 0 42 1 3 2 5 24 7 3 8 7 4 7 1 H ø g r y a 19 4 52 4 P av e n Ol e m s å se n 4 7 0 1 6 4 L a n g l i s be

T-110.5116 Computer Networks II · T-110.5116 Computer Networks II Data center networks 28.11.2011 Matti Siekkinen (Sources: S. Kandula et al.: “The Nature of Datacenter: measurements

NPLA: Network Prefix Level Authentication

Performance Limitations of ADSL Users: A Case Study Matti Siekkinen, University of Oslo Denis Collange, France Tlcom RD Guillaume Urvoy-Keller, Ernst

POMPE AD INGRANAGGI 3 FORI-13 DIN 105003 CON ...NPLA-16 16,035 NPLA-20 20,123 NPLA-25 25,154 NPLA-32 32,042 180 200 220 2000 2800 NPLA-40 39,933 150 170 190 1800 2500 P1=Pressione

Software Visualization for Teaching Network …Software Visualization for Teaching Network Protocols Master’s Thesis Espoo, June 2 2010 Supervisor: Professor Antti Ylä-Jääski,

Roy YLÄ-ONNENVUORImedia.voog.com/0000/0042/3006/files/23022014_hobby.pdf7 14 12 14 11 11 12 11 9 7 9 In Lap 6 4 12 10 7 10 6 5 8 7 6 7 Best Speed 47,990 45,443 45,359 45,347 45,183

EFFECT OF E-FEEDBACK ON KNOWLEDGE ABOUT RADIOTHERAPY OF BREAST CANCER PATIENTS 2015 WorldCongressBreastCancer Mervi Siekkinen, RTT, PhD 1 University of

1Introduction - COnnecting REpositories · 2017. 6. 27. · Jouko Ylä-Liedenpohja Department of Economics and Accounting 33014 University of Tampere Finland [email protected]

T-110.4100 Computer Networks Green ICT - cse.hut.fi · 23.9.2010 T-110.4100 Computer Networks Green ICT 08.05.2012 Matti Siekkinen External sources: • Y. Xiao: Green communications

Amazon Web Servicesdocuments-prod-kaleva-fi.s3.amazonaws.com/default/...Suoran ympyräkartion sisällä on suora ympyrälieriö, jonka pohja on kartion pohjalla ja ylä- reuna sivuaa

1 ylä y Raitiolinjat Spårvägslinjer Tram routes - hsl.fi · tu us trum Radan-tie. ellosilta on Meilahdentie Mejlansvägen Munkkiniemen puistotie Munksnäs allén Tiilimäki Tegelbacken

T-110.5116 Computer Networks II€¦ · T-110.5116 Computer Networks II Quality of Service 21.11.2011 Matti Siekkinen (Main source: J. Kurose, K. Ross: “Computer Networking: A Top

NPLA DIN 3-BOLT - · PDF fileNPLA-20 105-003-00219 105-003-00200 154 102 ... NBR, FKM, FPM, Nylon Kinematic viscosity ... NPH-82 105-011-10824 105-011-10833 G1 1/4

Islam, Hasan Mahmood Aminul; Lagutin, Dmitrij; Ylä-Jääski, Antti; … · 2019-04-05 · sensors Article Transparent CoAP Services to IoT Endpoints through ICN Operator Networks

aD¡ >E-mail : [email protected] .com 26@a Effi±ffi.. 7-380-0838 TEL:026-234-l I I 1,000 a ()Ê6E TEC: 03-5940-6650 F/ : 090-7843-1818 12-1358 364177 YLä-25 13-0033 TEL:03-381 2-1271

Who Creates Value in Global Supply Chains - OECD. · PDF fileWho Captures Value in Global Supply Chains? Case Nokia N95 * Jyrki Ali-Yrkkö, Petri Rouvinen, Timo Seppälä & Pekka Ylä-Anttila