traversing symmetric nat with predictable port allocation function sin 2014 dušan klinec, vashek...
TRANSCRIPT
Traversing symmetric NAT with predictable port allocation function
SIN 2014
Dušan Klinec, Vashek Matyáš
Faculty of Informatics, Masaryk University
I2
After you try to find us:
I3
I
Centre for Research on Cryptography and Security
4
I
Outline
• UDP Hole punching• Symmetric NAT• Port allocation function• Our algorithms• Evaluation• Results
5
I
Motivation
• Establish a direct connection between two hosts– Both are behind a symmetric NAT.
• No relay servers needed– Better connection parameters (latency, jitter).– Architecture scales better, cheaper.– Security consequences (MiTM).
• Plenty of NATs types already covered in literature– Our motivation: 1/3 of mobile internet provider market
uses symmetric NAT.
6
I7
UDP Hole punching
90
90
.10 .30
A B
80
Step 1rule
Step 2rule
Step 3
I
UDP Hole punching
• Easy if both sides know external mapped port of each other.
• Difficult if mapped port changes.• Difficult if mapped port blocks incoming
communication from “outside”.
8
I9
Symmetric NAT
Peer AI.15
STUN
E.615000
3478
E.60
3478
5000
NAT+FirewallAddr: E.10
32000
Mapping:I.15:1234 = E.10:1234
1234
I10
Port allocation function
16
Peer AI.15
STUN
NAT+FirewallAddr: E.10
10
11
12
13
14
15
16
E.60.10
20
21
22
23
24
26
32000
Taken
I
Apply UDP Hole Punching
• Challenge: Predict a next allocated port.– On both sides, at the same time.– May be problem if NAT is shared among other hosts.– Need to determine state of the NAT the user is using.
• STUN server used for this.• State may change quickly.
• Approach: Multiple retries, maximize success rate.
11
I
Algorithm #1
• Baby-step, giant-step.• Main idea:
– Node A scans ports of the node B with step ∆B.
– Node B scans ports of the node A with step 2∆A.
• Benefit: Only one source port @ device, destination port varies.
12
13
Alice Bob
X
X+1D
X+2D
X+3D
X+4D
X+5D
X+6D
Y
Y+1D
Y+2D
Y+3D
Y+4D
Y+5D
Y+6D
I
Probabilistic distribution on ports
• Probability distribution on the next allocated port of the peer: Poisson distribution.
14
I
Another algorithms
• Expected port value– Computes expected value E[X] of the next port
distribution.– Poisson distribution is assumed.
• Poisson sampling algorithm– Measurement process estimates parameter λ– Algorithm samples Poisson distribution on ports.
15
I
Evaluation
• Algorithm simulation.– Artificial data, Poisson distribution sampling, multiple λ.
• Ability to test algorithms in different network load.– Real data from NetFlow probes from university network.
• Real-world test.• Poisson distribution hypothesis tests.
• Real world algorithm test.– Mobile internet service provider.– Symmetric NAT with incremental port allocation function.
Success rate above 95%
16
I
Results – success rate
A: Baby stepgiant step
B: Fix dest.
C: E[X]
D: Opt. Pois.
E: Poisson
17
I
Results - steps
18
A: Baby stepgiant step
B: Fix dest.
C: E[X]
D: Opt. Pois.
E: Poisson
I
Results - both
19
I
Thank you for your attention!
Questions?
20