More Web Proxy on the site http://driver.im/

research-article

Path-quality monitoring in the presence of adversaries

Authors:

Sharon Goldberg,

Jennifer RexfordAuthors Info & Claims

SIGMETRICS '08: Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems

Pages 193 - 204

https://doi.org/10.1145/1375457.1375480

Published: 02 June 2008 Publication History

Abstract

Edge networks connected to the Internet need effective monitoring techniques to drive routing decisions and detect violations of Service Level Agreements (SLAs). However, existing measurement tools, like ping, traceroute, and trajectory sampling, are vulnerable to attacks that can make a path look better than it really is. In this paper, we design and analyze path-quality monitoring protocols that reliably raise an alarm when the packet-loss rate and delay exceed a threshold, even when an adversary tries to bias monitoring results by selectively delaying, dropping, modifying, injecting, or preferentially treating packets.

Despite the strong threat model we consider in this paper, our protocols are efficient enough to run at line rate on high-speed routers. We present a secure sketching protocol for identifying when packet loss and delay degrade beyond a threshold. This protocol is extremely lightweight, requiring only 250-600 bytes of storage and periodic transmission of a comparably sized IP packet to monitor billions of packets. We also present secure sampling protocols that provide faster feedback and accurate round-trip delay estimates, at the expense of somewhat higher storage and communication costs. We prove that all our protocols satisfy a precise definition of secure path-quality monitoring and derive analytic expressions for the trade-off between statistical accuracy and system overhead. We also compare how our protocols perform in the client-server setting, when paths are asymmetric, and when packet marking is not permitted.

References

[1]

Bad ISPs that cause trouble for BitTorrent clients. http://www.azureuswiki.com/index.php/Bad_ISPs.

[2]

Keynote launches new SLA services, June 2001. http://investor.keynote.com/phoenix.zhtml?c=78522&p=irol-newsArticle_Print&ID=183745.

[3]

D. Achlioptas. Database-friendly random projections. In PODS, pages 274--281, 2001.

Digital Library

[4]

N. Alon, Y. Matias, and M. Szegedy. The space complexity of approximating the frequency moments. In STOC, pages 20--29, 1996.

Digital Library

[5]

I. Avramopoulos and J. Rexford. Stealth probing: Data-plane security for IP routing. USENIX, 2006.

Digital Library

[6]

H. Ballani, P. Francis, and X. Zhang. A study of prefix hijacking and interception in the Internet. In ACM SIGCOMM, 2007.

Digital Library

[7]

B. Barak, S. Goldberg, and D. Xiao. Protocols and lower bounds for failure localization in the Internet. In IACR EUROCRYPT, 2008.

Digital Library

[8]

J. L. Carter and M. N. Wegman. Universal classes of hash functions. JCSS, 18(2):143--154, 1979.

[9]

M. Charikar, K. Chen, and M. Farach-Colton. Finding frequent items in data streams. Theoretical Computer Science, 312(1):3--15, 2004.

Digital Library

[10]

T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.1. RFC 4346 (Proposed Standard), 2006.

[11]

D. Dolev, C. Dwork, O. Waarts, and M. Yung. Perfectly secure message transmission. J. of the ACM, 40(1), 1993.

Digital Library

[12]

N. G. Duffield and M. Grossglauser. Trajectory sampling for direct traffic observation. IEEE/ACM Trans. Networking, 9(3), 2001.

Digital Library

[13]

S. Goldberg and J. Rexford. Security vulnerabilities and solutions for packet sampling. IEEE Sarnoff Symposium, 2007.

[14]

S. Goldberg, D. Xiao, E. Tromer, B. Barak, and J. Rexford. Path-quality monitoring in the presence of adversaries. Technical report, Princeton University Department of Computer Science, 2008.

[15]

K. J. Houle and G. M. Weaver. Trends in denial of service attack technology. Technical report, CERT Coordination Center, 2001.

[16]

IETF. Packet sampling working group. http://www.ietf.org/html.charters/psamp-charter.html.

[17]

IETF. Working Group on IP Performance Metrics. http://www.ietf.org/html.charters/ippm-charter.html.

[18]

R. Impagliazzo and M. Luby. One-way functions are essential for complexity based cryptography. FOCS, 1989.

Digital Library

[19]

P. Indyk and R. Motwani. Approximate nearest neighbors: Towards removing the curse of dimensionality. In STOC, pages 604--613, 1998.

Digital Library

[20]

W. Johnson and J. Lindenstrauss. Extensions of Lipshitz mapping into Hilbert space. Contemporary Mathematics, 26:189--206, 1984.

[21]

M. Luckie, K. Cho, and B. Owens. Inferring and debugging path MTU discovery failures. In Internet Measurement Conference, 2005.

Digital Library

[22]

D. Mills, A. Thyagarajan, and B. Huffman. Internet timekeeping around the globe. Proc. PTTI, pages 365--371, 1997.

[23]

I. Mironov, M. Naor, and G. Segev. Sketching in adversarial environments. In STOC, 2008.

Digital Library

[24]

A. T. Mizrak, Y.-C. Cheng, K. Marzullo, and S. Savage. Detecting and isolating malicious routers. IEEE Transactions on Dependable and Secure Computing, 3(3):230--244, 2006.

Digital Library

[25]

A. Nucci. Skype detection: Traffic classification in the dark, 2006. http://www.narus.com/_pdf/news/Converge-Skype%20Detection.pdf.

[26]

A. Perrig, R. Canetti, D. Song, and J. D. Tygar. Efficient authentication and signing of multicast streams over lossy channels. In IEEE Security and Privacy Symposium, 2000.

Digital Library

[27]

J. Sommers, P. Barford, N. Duffield, and A. Ron. Improving accuracy in end-to-end packet loss measurement. In ACM SIGCOMM, 2005.

Digital Library

[28]

J. Sommers, P. Barford, N. Duffield, and A. Ron. Accurate and efficient SLA compliance monitoring. In ACM SIGCOMM, 2007.

Digital Library

[29]

J. Stone and C. Partridge. When the CRC and TCP checksum disagree. In ACM SIGCOMM, 2000.

Digital Library

[30]

L. Subramanian, V. Roth, I. Stoica, S. Shenker, and R. H. Katz. Listen and Whisper: Security mechanisms for BGP. In NSDI, 2004.

Digital Library

[31]

M. Thorup and Y. Zhang. Tabulation based 4-universal hashing with applications to second moment estimation. In SODA, pages 615--624, 2004.

Digital Library

[32]

J. Xu. Tutorial on network data streaming. In ACM SIGMETRICS, 2008.

Cited By

Birge-Lee HApostolaki MRexford J(2022)It takes two to tangoProceedings of the 21st ACM Workshop on Hot Topics in Networks10.1145/3563766.3564107(174-180)Online publication date: 14-Nov-2022
https://dl.acm.org/doi/10.1145/3563766.3564107
Li XYeung K(2020)Monitoring Trail Design Based on Segment RoutingIEEE Transactions on Network and Service Management10.1109/TNSM.2020.301722217:4(2648-2661)Online publication date: Dec-2020
https://doi.org/10.1109/TNSM.2020.3017222
Fragkouli GArgyraki KFord B(2019)MorphIT: Morphing Packet Reports for Internet TransparencyProceedings on Privacy Enhancing Technologies10.2478/popets-2019-00212019:2(88-104)Online publication date: 4-May-2019
https://doi.org/10.2478/popets-2019-0021
Show More Cited By

Index Terms

Path-quality monitoring in the presence of adversaries
1. Networks
  1. Network protocols

Recommendations

Path-quality monitoring in the presence of adversaries
SIGMETRICS '08

Edge networks connected to the Internet need effective monitoring techniques to drive routing decisions and detect violations of Service Level Agreements (SLAs). However, existing measurement tools, like ping, traceroute, and trajectory sampling, are ...
Path-quality monitoring in the presence of adversaries: the secure sketch protocols

Edge networks connected to the Internet need effective monitoring techniques to inform routing decisions and detect violations of Service Level Agreements (SLAs). However, existing measurement tools, like ping, traceroute, and trajectory sampling, are ...
Two-Thirds Honest-Majority MPC for Malicious Adversaries at Almost the Cost of Semi-Honest
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Secure multiparty computation (MPC) enables a set of parties to securely carry out a joint computation of their private inputs without revealing anything but the output. Protocols for semi-honest adversaries guarantee security as long as the corrupted ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGMETRICS '08: Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems

June 2008

486 pages

ISBN:9781605580050

DOI:10.1145/1375457

General Chair:
Zhen Liu
IBM T. J. Watson Research Center, USA
,
Program Chairs:
Vishal Misra
Columbia University, USA
,
Prashant Shenoy
University of Massachusetts, USA

ACM SIGMETRICS Performance Evaluation Review Volume 36, Issue 1
SIGMETRICS '08
June 2008
469 pages
ISSN:0163-5999
DOI:10.1145/1384529
Issue’s Table of Contents

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 June 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGMETRICS08

Sponsor:

SIGMETRICS08: ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems

June 2 - 6, 2008

MD, Annapolis, USA

Acceptance Rates

Overall Acceptance Rate 459 of 2,691 submissions, 17%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

69
Total Citations
View Citations
481
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Birge-Lee HApostolaki MRexford J(2022)It takes two to tangoProceedings of the 21st ACM Workshop on Hot Topics in Networks10.1145/3563766.3564107(174-180)Online publication date: 14-Nov-2022
https://dl.acm.org/doi/10.1145/3563766.3564107
Li XYeung K(2020)Monitoring Trail Design Based on Segment RoutingIEEE Transactions on Network and Service Management10.1109/TNSM.2020.301722217:4(2648-2661)Online publication date: Dec-2020
https://doi.org/10.1109/TNSM.2020.3017222
Fragkouli GArgyraki KFord B(2019)MorphIT: Morphing Packet Reports for Internet TransparencyProceedings on Privacy Enhancing Technologies10.2478/popets-2019-00212019:2(88-104)Online publication date: 4-May-2019
https://doi.org/10.2478/popets-2019-0021
Nikolopoulos PPappas CArgyraki KPerrig A(2019)Retroactive Packet Sampling for Traffic ReceiptsACM SIGMETRICS Performance Evaluation Review10.1145/3376930.337694247:1(17-18)Online publication date: 17-Dec-2019
https://dl.acm.org/doi/10.1145/3376930.3376942
Nikolopoulos PPappas CArgyraki KPerrig A(2019)Retroactive Packet Sampling for Traffic ReceiptsProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/3322205.33110903:1(1-39)Online publication date: 26-Mar-2019
https://dl.acm.org/doi/10.1145/3322205.3311090
Nikolopoulos PPappas CArgyraki KPerrig ANahum EBonald TDuffield N(2019)Retroactive Packet Sampling for Traffic ReceiptsAbstracts of the 2019 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems10.1145/3309697.3331485(17-18)Online publication date: 20-Jun-2019
https://dl.acm.org/doi/10.1145/3309697.3331485
Vairam PMitra GManoharan VRebeiro CRamamurthy BKamakoti (2019)Towards Measuring Quality of Service in Untrusted Multi-Vendor Service Function Chains: Balancing Security and Resource ConsumptionIEEE INFOCOM 2019 - IEEE Conference on Computer Communications10.1109/INFOCOM.2019.8737487(163-171)Online publication date: Apr-2019
https://doi.org/10.1109/INFOCOM.2019.8737487
Zhou FQi ZYao JMa RWang BVasilakos AGuan H(2018)FL: Design and Implementation of Distributed Dynamic Fault LocalizationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2016.259988115:3(378-392)Online publication date: 1-May-2018
https://doi.org/10.1109/TDSC.2016.2599881
Abdou AMatrawy Avan Oorschot PKarri RSinanoglu OSadeghi AYi X(2017)Accurate Manipulation of Delay-based Internet GeolocationProceedings of the 2017 ACM on Asia Conference on Computer and Communications Security10.1145/3052973.3052993(887-898)Online publication date: 2-Apr-2017
https://dl.acm.org/doi/10.1145/3052973.3052993
Giachanou ACrestani F(2016)Like It or NotACM Computing Surveys10.1145/293864049:2(1-41)Online publication date: 30-Jun-2016
https://dl.acm.org/doi/10.1145/2938640
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents