1 / 28

Robust Congestion Control for IP Multicast

Robust Congestion Control for IP Multicast. Sergey Gorinsky Applied Research Laboratory Department of Computer Science and Engineering Washington University in St. Louis November 3, 2003. The Internet Growth and Its Implications. Evolution of the Internet Original design

lynnea
Download Presentation

Robust Congestion Control for IP Multicast

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Robust Congestion Control for IP Multicast Sergey Gorinsky Applied Research Laboratory Department of Computer Science and Engineering Washington University in St. Louis November 3, 2003

  2. The Internet Growth and Its Implications • Evolution of the Internet • Original design • Small test bed. Close-knit scientific community • Today’s reality • Global commercial network. Large number of selfish users • Need to rethink assumptions in the Internet design • Network bandwidth allocation • Traditional assumption of universal trust • Misbehavior incentives: unfairly high acquisition of bandwidth • Misbehavior opportunities: open-source operating systems Challenge: robust allocation of network bandwidth in distrusted environments Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis2

  3. This Talk • Focus • Robust congestion control for multicast services • Outline • Background • Congestion control and multicast services • Trust model • Self-beneficial attacks by a receiver • Vulnerabilities of existing multicast protocols • Robust mechanisms for multicast congestion control • DELTA and SIGMA • Conclusion and future work Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis3

  4. Congestion Control • Congestion • Excessive transmission results in packet losses • Uncontrolled retransmission leads to congestion collapse • Congestion control • Allocation of bandwidth along network paths • Prevention of congestion collapse • Responsiveness to congestion • Efficient utilization • Fair sharing • Unicast: TCP congestion control [Jacobson 1988] • Receiver acknowledges delivered packets • Sender adjusts its transmission in response to feedback Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis4

  5. One-to-Many Communications • Dissemination of data to multiple receivers • Example • Video address by the CEO of an international company to employees • Inefficient solutions • Direct unicast from the sender to each receiver • Broadcast • Multicast • Hierarchy for data duplication and forwarding • Implementations • IP multicast: router-based hierarchy [Deering 1991] • End-system multicast: host-based hierarchy [Chu 2000] • Congestion control challenges • Scalability • Receiver heterogeneity Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis5

  6. Supporting Scalable IP Multicast Sender Receiver Receiver Receiver • Receivers subscribe to a multicast group at their local edge routers • Receivers provide the sender with limited feedback • RMTP [Paul 1997], SAMM [Albuquerque 1998], pgmcc [Rizzo 2000], TFMCC [Widmer 2001] Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis6

  7. 1 Mbps group 3 Mbps group Addressing Receiver Heterogeneity Sender • A multicast session is composed of multiple groups • Layered multicast: RLM [McCanne 1996], FLID-DL [Byers 2000], WEBRC [Luby 2002] • Replicated multicast: DSG [Cheung 1996] 1 Mbps receiver 4 Mbps receiver 1 Mbps receiver Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis7

  8. Talk Outline • Background • Congestion control and multicast • Trust model • Self-beneficial attacks by a receiver • Vulnerabilities of existing multicast protocols • Robust mechanisms for multicast congestion control • DELTA and SIGMA • Conclusion and future work Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis8

  9. Our trust model Trust Existing protocols Sender Receiver Receiver Receiver Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis9

  10. Types of Bandwidth Attacks • Denial-of-service attacks • Disruption of network services • Intentionally visible • Self-beneficial attacks • Acquisition of data at an unfairly high rate • Intentionally keeping a low profile • Easy to launch • TCP Daytona [Savage 1999], “throughput improvement” tools • Dangerous Our focus: self-beneficial bandwidth attacks Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis10

  11. Vulnerabilities of Multicast Protocols Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis11

  12. Inflated Subscription in FLID-DL One bottleneck link shared by six sessions: two FLID-DL and four TCP Inflated subscription is a fundamental threat to fair bandwidth allocation Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis12

  13. Approach: restricted access to groups • Traditional implementation: identity-based access control • Secure IGMP [Ballardie 1995], GOTHIC [Judge 2002] • Problem: identity does not prove adherence to subscription rules Protection against Inflated Subscription • Source of inflated subscription: ability to join any group • Solution: congestion-dependent group access control • Access rights are a function of the congestion status • Access keys change every time slot • Requirements • Minimal generic changes in the network • Support of existing and future multicast protocols • Preservation of congestion control properties Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis13

  14. Updated key Receiver Receiver Receiver No updated key Updated key No updated key Linkage of Access Rights with the Congestion Status Packets Sender Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis14

  15. Robust Group Subscription: DELTA and SIGMA • DELTA (Distribution of ELigibility To Access) • In-band distribution of keys from the sender to eligible receivers • Transforms a vulnerable multicast protocol into its robust version • Requires a protocol-specific instantiation dependent on: • Congestion notification • Session structure • Congested state • Subscription rules • SIGMA (Secure Internet Group Management Architecture) • Generic distribution of keys from the sender to edge routers • Key-based group access control at edge routers Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis15

  16. Example of a Protected Protocol • Session structure • N cumulative subscription levels • First level: group 1 (base layer of data) • Second level: groups 1 and 2 (two lower layers of data) • … … • N-th level: all N groups of the session (all layers of data) • Congested state of a receiver • Single packet loss in any of the subscribed groups • Subscription rules Rule 1: Congested receiver must drop its top group Rule 2: Receiver can preserve its lower groups Rule 3: When authorized by the protocol, uncongested receiver can add the next group (i.e., the group immediately above its top group) Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis16

  17. 16 17 18 19 20 11 11 12 12 13 13 14 14 15 15 6 6 6 7 7 7 8 8 8 9 9 9 10 10 10 1 1 1 1 2 2 2 2 3 3 3 3 4 4 4 4 5 5 5 5 • Packets of a subscription level carry components of a key for its top group where is XOR, is a component in packet p of group j Rule 1: Congested Receiver Must Drop Its Top Group Packets of group 4: Packets of group 3: Packets of group 2: Packets of group 1: Time slot • Problem: each packet of group 1 carries N components • Reason: different keys use independent components Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis17

  18. 16 17 18 19 20 11 12 13 14 15 6 7 8 9 10 where is XOR, is a component in packet p of group j Rule 1: Congested Receiver Must Drop Its Top Group Packets of group 4: Packets of group 3: Packets of group 2: Packets of group 1: 1 2 3 4 5 Time slot • Packets of a subscription level carry components of a key for its top group • Problem: each packet of group 1 carries N components • Reason: different keys use independent components • Solution: keys reuse components from lower groups Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis18

  19. 3 16 17 18 19 20 3 3 3 3 2 2 2 2 2 11 12 13 14 15 1 1 1 1 1 6 7 8 9 10 1 2 3 4 5 where is XOR, is a component in packet p of group j • Each packet of group g carries a decrease key for group g-1 • Requirement: knowledge of should not reveal Rule 2: Receiver Can Preserve Its Lower Groups Packets of group 4: Packets of group 3: Packets of group 2: Packets of group 1: Time slot • Top key for each group g • Solution: decrease key and top key for each group are different Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis19

  20. 3 16 17 18 19 20 3 3 3 3 2 2 2 2 2 11 12 13 14 15 1 1 1 1 1 6 7 8 9 10 1 2 3 4 5 Rule 3: Authorized Uncongested Receiver Can Add Group Packets of group 4: Packets of group 3: Packets of group 2: Packets of group 1: Time slot • Increase key for each authorized group where is XOR, is a component in packet p of group j Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis20

  21. Generalizing the Solution • Above example of DELTA instantiation • Protected protocol • No support for reliable delivery • Loss-driven detection of congestion • Layered multicast • Single-loss definition for the congested state • Protection against individual attacks • Extensions • Protection against collusion attacks • DELTA instantiations for other types of protocols Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis21

  22. DELTA Instantiations for Different Types of Protocols • Reliability • Reliable protocols (vs. unreliable protocols) • Sender distributes components among both original and additional packets • Congestion notification • ECN (vs. loss) • Edge routers change the component in each marked packet • Session structure • Replicated multicast (vs. layered multicast) • Keys consist of components from a single group • Congested state • Loss rate exceeding a threshold (vs. single packet loss) • n packets are transmitted to a subscription level • (k,n) threshold scheme is used to generate components [Shamir 1979] • k components are necessary and sufficient for reconstructing the key Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis22

  23. SIGMA • Distribution of keys from the sender to edge routers • Challenge: generic network support • DELTA-style reconstruction of keys from components is protocol-specific • Solution: multicast of group addresses and keys to edge routers • Special packets carry address-key tuples • Edge routers intercept these packets • Forward error correction provides reliable delivery • Key-based group access control at edge routers Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis23

  24. The sender distributes the keys for time slot S+2 to edge routers and eligible receivers Receivers submit their group subscription requests for time slot S+2 Edge routers control access to the groups using the keys for time slot S+2 S S+1 S+2 Time slots Group Access Control in SIGMA • Operation timeline • New challenges in group management • Adding a group • Unconditional access to the added group for two consecutive time slots • Admitting a new receiver into the session • Intermittently unrestricted access to the minimal group Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis24

  25. DELTA and SIGMA protect against inflated subscription Protection against Inflated Subscription Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis25

  26. Preservation of Congestion Control Properties Responsiveness Efficiency DELTA and SIGMA preserve congestion control properties Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis26

  27. Research Summary • Relaxed the traditional assumption of universal trust in multicast congestion control • Focused on self-beneficial attacks of misbehaving receivers • Classified and demonstrated vulnerabilities in multicast protocols • Designed protection against inflated subscription • DELTA and SIGMA: congestion-dependent group access control • Generic network support • Robustness to individual attacks (and extension for collusion attacks) • Robust adaptation of FLID-DL (and RLM) protocols Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis27

  28. Future Work • Robust bandwidth allocation in peer-to-peer multicast • Routing with misbehaving receivers • New types of attacks • Eliciting a self-beneficial multicast hierarchy • Slow forwarding Trusted base Sender Receiver Misbehaving receiver Receiver Sergey Gorinsky, Applied Research Laboratory (ARL), Department of Computer Science and Engineering, Washington University in St. Louis28

More Related