Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Privacy-Preserving Cross-Domain Network Reachability Quantification

advertisement 
Privacy-Preserving Cross-Domain
Network Reachability Quantification
Fei Chen
Computer Science and Engineering
Michigan State University
Joint work with
Bezawada Bruhadeshwar and Alex X. Liu
Background
 Network reachability can be defined as
 What packets can pass through a given network path
 Network reachability quantification is very important for
 Understanding end-to-end network behavior
 Detecting the violation of security policies
Business
Network 1
Home
Network 1
Internet
Business
Network 2
Home
Network 2
2
Motivation (1/2)
 Many solutions have been proposed to quantify the network
reachability
 The main assumption of these solutions
 All the reachability information from these network devices is known
 Collecting such information could be very difficult
 Due to the privacy and security concerns
Subnet1
User1
S1
ISP
FW 1
Firewall
FW 2
R1
Router
Subnet2
FW 3
FW 4
S2
User2
Switches
3
Motivation (2/2)
Subnet1
User1
S1
ISP
FW 1
Firewall
FW 2
R1
Router
Subnet2
FW 3
FW 4
S2
User2
Switches
 Can we achieve the two following goals at the same time?
 Quantify the network reachability for a given path, and
 Preserve privacy of reachability information belong to different parties
4
Problem Statement
 Assumption
 For each party, the reachability information is converted to an ACL
• Static reachability information
 Employ the network reachability approach [Khakpour et al., 2010]
 Let M(A) denote the set of packets that are accepted by ACL A
 We aim to design a privacy preserving protocol which
 Enables User1 to compute M(A1) ∩ M(A2) ∩ M(A3)
 No party can reveal the ACLs of other parties
5
Threat Model
We consider semi-honest model
 Each party must follow our protocol correctly
• Input its ACL to our protocol without cheating
• Follow the process of our protocol
 Each party may try to learn the ACL rules of other parties
• Analyze the intermediate messages when running the protocol
6
Related work
 Probing
 Current practice of verifying reachability
 Expensive to quantify network reachability
• Because it needs to generate and send significant amount of packets.
 Inaccurate
• E.g., it cannot probe the open ports with no server listening on them.
 Network reachability quantificaiton
 Estimate bounds of network reachability
[Xie et al. 2005, Ingols et al. 2006, Matousek et al. 2008]
 Quantify the network reachability
[Al-Shaer et al. 2009, Sung et al. 2009, Khakpour et al. 2010]
 Major assumption is not practical
• All reachability information is known
 No prior work studies privacy preserving reachability quantification
7
Basic building blocks (1/2)
 Prefix membership verification
P1
P2
[3, 7]
5
Prefix format
S([3,7])={011, 1**}
Prefix numericalization
N(S([3,7]))={0111, 1100}
Prefix family
T(5)={101, 10*,1**,***}
Prefix numericalization
N(T(5))={1011,1010, 1100,1000}
If N(S([3,7]))∩N(T(5)) ≠ , then 5[3, 7]
8
Basic building blocks (2/2)
 Range intersection
 Suppose the domain of this field is [0, 7]
P1
P2
[3, 7]
[2, 5]
Generate ranges
[0, 2] , [3, 7]
Prefix format and numericalize
N(S([0,2])) , N(S([3,7]))
Retrieve boundaries
2, 5
Prefix family and numericalize
N(T(2)), N(T(5))
Because (1) N(S([0,2]))∩N(T(2)) ≠ , then 2[0, 2]
(2) N(S([3,7]))∩N(T(5)) ≠ , then 5[3, 7]
From 2[0, 2] and 5[3, 7], we have
[3, 7] ∩ [2, 5] = [3, 5]
9
Privacy preserving range intersection
 Employ commutative encryption
 For a number x, ((x)K1)K2 = ((x)K2)K1
 For ease of presentation, let (x) K12 denote ((x)K1)K2
P1 (K1)
P2 (K2)
[3, 7]
[2, 5]
N(S([0,2])) , N(S([3,7]))
N(T(2)), N(T(5))
(1) Encrypt by P1
(2) Encrypt by P2
N(S([0,2]))K12 , N(S([3,7])) K12
(1) Encrypt by P2
(2) Encrypt by P1
N(T(2)) K21 , N(T(5)) K21
If P1 does the comparison, it can conclude that
[3,7] ∩ [2, 5] = [3, the original number of N(T(5)) K21]
10
Range intersection of multiple parties
P1 (K1)
P2 (K2)
P3 (K3)
[4, 7]
[3, 7]
[2, 5]
N(S([0,3]))
N(S([4,7]))
N(S([0,2]))
N(S([3,7]))
N(T(2))
N(T(5))
(1) Encrypt by P1
(2) Encrypt by P2
(3) Encrypt by P3
N(S([0,3]))K123
N(S([4,7])) K123
(1) Encrypt by P2
(2) Encrypt by P3
N(S([0,2]))K23
N(S([3,7])) K23
N(T(2)) K32
N(T(5)) K32
Comparison
3, N(T(5)) K32
Comparison
(1) Encrypt by P3
(2) Encrypt by P2
Prepare for further
comparison
N(T(3)) K231
N(T(5)) K321
4, N(T(5)) K321
11
Decryption of the comparison result
N(T(5)) K321
Decrypt by P3
Decrypt by P2
Decrypt by P1
N(T(5)) K21
N(T(5)) K1
N(T(5))
Decode
4
5
[4, 5] = [4, 7] ∩ [3, 7] ∩ [2, 5]
12
ACL preprocessing
 ACL consists of multi-dimensional overlapping rules
 Convert it to non-overlapping rules with accept decision
r1 : F1  [0, 4]  F2  [7,15]  d
r2 : F1  [5, 7]  F2  [5,15]  d
r3 : F1  [5, 7]  F2  [0, 8]  a
r4 : F1  [0,15]  F2  [0,15]  d
FDD construction
F1
[0, 4]
[5, 7]
F2
[0,15]
d
[8, 15]
F2
F2
[0,4]
a
[5,15]
[0,15]
d
d
Extract non-overlapping rules
with the accept decision
nr1 : F1  [0, 4]  F2  [7,15]  a
nr2 : F1  [5, 7]  F2  [0,4]  a
13
Experiment Setup
We conducted experiments on both real and
synthetic ACLs
 Each ACL examine five fields,
• Source and destination IPs, source and destination ports, protocol type
 The number of rules ranges from dozens to thousands
For effectiveness, we verified the correctness
For efficiency, we evaluate the computation and
communication costs of the core operations
 Processing each ACL
 Comparing every two ACLs
14
Experimental Results (1/3)
 For real ACLs with the average number of rules 806




Both offline and online Computation costs are less than 2 seconds
Communication cost is less than 60 KB
Comparison cost is less than 1 second
Our approach is efficient for the conversion and comparison of two real ACLs
Processing real ACLs
15
Experimental Results (2/3)
 For synthetic ACLs with number of rules from 200 to 2000
 One-time offline computation cost is less than 400 seconds
 The online computation cost is less than 5 seconds
 Communication cost is less than 450 KB
Processing synthetic ACLs
16
Experimental Results (3/3)
 For synthetic ACLs with number of rules from 200 to 2000
 The comparison time of two synthetic firewalls is less than 4 seconds
Comparing synthetic ACLs
17
Conclusion
Investigate privacy preserving quantification of
network reachability for the first time
Propose an efficient and secure protocol to quantify
the network reachability accurately
Conduct experiments on both real and synthetic
ACLs to demonstrate the effectiveness and
efficiently of our protocol
18
Future work
Dynamic routing information
 Dynamic routing table
Topological variations
 Links go down
 New links get added
Malicious model
 Some party cheats its ACL
19
Questions
Thank you!
20
Related documents
ACLS Cover Page - Florida Heart CPR
ACLS Cover Page - Florida Heart CPR
Security Audits of Multi-tier Virtual Infrastructures in Public
Security Audits of Multi-tier Virtual Infrastructures in Public
Conference Torrents 28 janvier 2013 - 10h
Conference Torrents 28 janvier 2013 - 10h
QUIZ CMPE-553 15.04.2013 (90 min, 2 points)
QUIZ CMPE-553 15.04.2013 (90 min, 2 points)
ACLS PREP COURSE - emc
ACLS PREP COURSE - emc
Exercise Objective:
Exercise Objective:
2016 ACLS Class Schedule - Clark Memorial Hospital
2016 ACLS Class Schedule - Clark Memorial Hospital
Probabilistic State Space Search
Probabilistic State Space Search
Download
advertisement