1 / 29

Authenticated Adversarial Routing

Authenticated Adversarial Routing. Yair Amir, Paul Bunn, Rafail Ostrovsky 6 th IACR Theory of Cryptography Conference March 15, 2009. Authenticated Adversarial Routing. Problem Statement Solution Ideas Conclusion. Authenticated Adversarial Routing. Problem Statement

talia
Download Presentation

Authenticated Adversarial Routing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authenticated Adversarial Routing Yair Amir, Paul Bunn, Rafail Ostrovsky 6th IACR Theory of Cryptography Conference March 15, 2009

  2. Authenticated Adversarial Routing • Problem Statement • Solution Ideas • Conclusion

  3. AuthenticatedAdversarial Routing • Problem Statement • Adversarial Networks • Statement of Result • Previous Work • Solution Ideas • Conclusion

  4. The Network • Most basic task: two “uncorrupted” nodes need to communicate R S {m1, m2, m3, …}

  5. The Adversary • For clarity, break-up adversary into 2 (collaborating) adversaries: • Node-controlling Malicious Adversary • Edge-scheduling Adversary

  6. End-to-End, Synchronous Only 1 packet can cross an edge per round Controls Edges (Up/Down) Edge-Scheduling Adversary R S {m1, m2, m3, …}

  7. End-to-End, Synchronous Only 1 packet can cross an edge per round Controls Edges (Up/Down) Conforming (Always a Path!) Edge-Scheduling Adversary R S {m1, m2, m3, …}

  8. Node-Controlling Adversary • Controls Nodes • “Malicious” ⇒ Nodes act arbitrarily • “Dynamic” ⇒ Adaptive corruption • Conforming (Always a Path!) • Polynomially Bounded R S {m1, m2, m3, …}

  9. Node-Controlling Adversary • Controls Nodes • “Malicious” ⇒ Nodes act arbitrarily • “Dynamic” ⇒ Adaptive corruption • Conforming (Always a Path!) • # Malicious nodes allowed >> n/2 R S {m1, m2, m3, …}

  10. The Problem: Goals of Routing • Correctness: “Packets are output by R without duplication or omission” • Throughput: Number of messages received as a function of time • Memory per Node R S {m1, m2, m3, …}

  11. Our Main Result • Theorem (informal): If OWF’s exist THEN routing that is resilient against any poly-time conforming (node-controlling + edge-scheduling) adversary can be achieved with: • Throughput: Linear • O(t ) rounds  t packets delivered • Memory per Node: O(n4 log n) • Proof is constructive, local control

  12. History of Routing in Malicious Networks • Fault Detection, Fault Localization • [Awerbuch Holmer Nita-Rotaru Rubens 02] [Barak Goldberg Xiao 08] • A priori select a single-path • Fault Detection/Localization performed on this path • After identifying fault, new path selected • Open in [BGX 08]: how do we handle adaptive routing?

  13. AuthenticatedAdversarial Routing • Problem Statement • Solution Ideas • Naïve Solutions • Dynamic Topology Networks • [AG 88] [AMS 89] [AGR 92] [AAGMRS 97] [KOR 98] • Highlights of our Solution • Conclusion

  14. Naïve Solutions • Flooding: • Sender floods one message + index + signature • Nodes broadcast message with highest index • Receiver floods confirmation of receipt + signature • Nodes broadcast confirmation with highest index R S {m1, m2, m3, …}

  15. Naïve Solutions • Flooding: • Slow: Delivery is sublinear • Expensive (Pay for Bandwidth Used) R S {m1, m2, m3, …}

  16. Slide Protocol • “Slide” Protocol: • [Afek Gafni 88], [Awerbuch Mansour Shavit 89], [Afek Gafni Rosen 92], [Afek Awerbuch Gafni Mansour Rosen Shavit 97] • How it works: • Edges viewed as directional • Internal nodes maintain buffers on every edge (size n) • Protocol proceeds in 3 steps: { n … … … … … …

  17. Slide Protocol • “Slide” Protocol: • [Afek Gafni 88], [Awerbuch Mansour Shavit 89], [Afek Gafni Rosen 92], [Afek Awerbuch Gafni Mansour Rosen Shavit 97] • How it works: • Edges viewed as directional • Internal nodes maintain buffers on every edge (size n) • Protocol proceeds in 3 steps: { n … … … … … … … … … … … … S R … …

  18. Slide Protocol • “Slide” Protocol: • [Afek Gafni 88], [Awerbuch Mansour Shavit 89], [Afek Gafni Rosen 92], [Afek Awerbuch Gafni Mansour Rosen Shavit 97] • How it works: • Edges viewed as directional • Internal nodes maintain buffers on every edge (size n) • Protocol proceeds in 3 steps: 2) Transfer Packets 3) Re-Shuffle Locally 1) Communicate Heights … … … … … … … … S R H = 2 H = 1 H = 0 H = n-1 H = 2 H = n H = n-1 H = 1

  19. Slide Protocol • “Slide” Protocol: • [Afek Gafni 88], [Awerbuch Mansour Shavit 89], [Afek Gafni Rosen 92], [Afek Awerbuch Gafni Mansour Rosen Shavit 97] • How it works: • Edges viewed as directional • Internal nodes maintain buffers on every edge (size n) • Protocol proceeds in 3 steps: 2) Transfer Packets 3) Re-Shuffle Locally 1) Communicate Heights Packets “flow” downhill from S to R S R

  20. Slide Protocol • “Slide” Protocol: • [Afek Gafni 88], [Awerbuch Mansour Shavit 89], [Afek Gafni Rosen 92], [Afek Awerbuch Gafni Mansour Rosen Shavit 97] • How it works: • Edges viewed as directional • Internal nodes maintain buffers on every edge (size n) • Protocol proceeds in 3 steps: 2) Transfer Packets 3) Re-Shuffle Locally 1) Communicate Heights • Correctness: • Throughput: • Memory: Linear (Optimal with respect to Conforming Adversary!) O(n2 log n)

  21. Towards Our Solution • Assume signatures for all packets • Adv cannot insert “new” packets – are we done? • NO! We must counter all malicious behavior: • Examples: Message Deletion; Message Duplication; “Play-Dead”; … R S {m1, m2, m3, …}

  22. Sketch of Proof • Start with “Slide” protocol • Every message of O(n3) bits is expanded into a codeword of O(n3) packets • Sender signs all packets he inserts • “Routing with Responsibility”: Every time a packet is transferred across an edge, adjacent nodes sign various forms of communication

  23. Sketch of Proof After the O(n3) rounds allotted to the transfer of any message, we prove one of the following happens: 1. R can decode the codeword • Successful message transmission • Great, proceed to the next message! 2. R did not receive 8 n3 packets • Packet Deletion • Keep track (signed) volume across each edge of total volume 3. R has received a duplicated packet • Packet Duplication + Packet Deletion • Keep track (signed) # of appearances of each packet across each edge 4. S was not able to insert 12n3 packets • Packet Duplication • Keep track (signed) of potential changes across each edge

  24. Blacklist • Non-responding nodes put on blacklist by sender • Control information is flooded • Control info is much smaller then messages, so does not impact throughput • Blacklisted nodes don’t transfer messages (until they are removed) • Nodes crucial to link S and R won’t remain on blacklist for long

  25. AuthenticatedAdversarial Routing • Problem Statement • Solution Approach and Description • Conclusion

  26. Conclusion Thank You ! • 1st routing protocol secure against (node-controlling+edge-scheduling) conforming adversary • Same Throughput as non-secure protocols: • Throughput: Linear (Optimal!) • More Memory as non-secure protocols, but still polynomial: • Memory: O(n4 log n) vs. O(n2log n)

  27. Sketch of Proof After the O(n3) rounds allotted to the transfer of any message, we prove one of the following happens: 1.R can decode the codeword • “Successful” message transmission 2. R did not receive 8 n3 packets • Packet Deletion 3.R has received a duplicated packet • Packet Duplication + Packet Deletion 4.S was not able to insert 12n3 packets • Packet Duplication 57 A B 57

  28. Sketch of Proof After the O(n3) rounds allotted to the transfer of any message, we prove one of the following happens: 1.R can decode the codeword • “Successful” message transmission 2.R did not receive 8 n3 packets • Packet Deletion 3. R has received a duplicated packet • Packet Duplication + Packet Deletion 4.S was not able to insert 12n3 packets • Packet Duplication (5, P102) P102 A B (5, P102)

  29. Sketch of Proof After the O(n3) rounds allotted to the transfer of any message, we prove one of the following happens: 1.R can decode the codeword • “Successful” message transmission 2.R did not receive 8 n3 packets • Packet Deletion 3.R has received a duplicated packet • Packet Duplication + Packet Deletion 4. S was not able to insert 12n3 packets • Packet Duplication 1 -3 C (-5,3) (-3, 2) (-3, 2) 4 5 3 2 2 3 (-5, 3) A B -3 1 D

More Related