securing information transmission by redundancy l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Securing Information Transmission by Redundancy PowerPoint Presentation
Download Presentation
Securing Information Transmission by Redundancy

Loading in 2 Seconds...

play fullscreen
1 / 13

Securing Information Transmission by Redundancy - PowerPoint PPT Presentation


  • 224 Views
  • Uploaded on

Securing Information Transmission by Redundancy. Jun Li Peter Reiher Gerald Popek Computer Science Department UCLA NISS Conference October 21, 1999. Outline. Interruption threats are hard to counter Redundant transmission makes interruptions harder

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Securing Information Transmission by Redundancy' - salena


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
securing information transmission by redundancy

Securing Information Transmission by Redundancy

Jun Li Peter Reiher Gerald Popek

Computer Science Department

UCLA

NISS Conference

October 21, 1999

outline
Outline
  • Interruption threats are hard to counter
  • Redundant transmission makes interruptions harder
  • But redundant transmission is not as easy as using redundancy in other areas
  • Sample uses
  • Conclusion
interruption threats
Interruption Threats

Destination

Source

An interruption attack occurs

Result?

No data flows to the destination

problem
Problem
  • Many kinds of interruption threats
    • Corrupted routers drop packets
    • Transmitting over packets on shared media
    • Congesting links or routers
  • Conventional approaches won’t help
    • Encrypted/signed message can still be interrupted
  • Acknowledgement won’t help either
    • The acknowledgement itself is subject to interruption
    • Retransmission means possibly failing again
  • So?
using redundancy to counter interruptions

receiver

Using Redundancy To Counter Interruptions
  • Don’t use a single path
    • Any point on the single path is a point of failure
  • Use redundancy to secure transmission
    • Only parallel redundancy considered here
      • A node is expected to receive multiple copies of one message
      • Successful if at least one copy is authentically received
  • Redundancy has been widely used in other areas
    • High availability storage
    • Replicated execution
    • And many others
a simple example

How does redundant deliver help?

What if a router is corrupted?

A Simple Example

Source

Normal delivery uses a default path

The redundant copy gets through despite a bad router

Destination

slide7

sender

receiver

But . . .
  • Redundant transmission is tough
    • Discovering disjoint paths is difficult
      • Routing is transparent to applications
    • Using disjoint paths is difficult
    • They may not exist at all
  • Can try to be as disjoint as possible nevertheless
    • An attacker has to find a choke point or break multiple points
  • Scale can also cause big problems
  • And what about costs of sending multiple copies?
sample uses of redundancy
Sample Uses of Redundancy
  • Revere
    • Secure delivery of security updates
  • General purpose redundant packet delivery service
    • Redundancy for every network user?
revere
Revere
  • Goal: disseminate security updates to large number of machines
  • Assume a trusted dissemination center
  • Security updates
    • Small size but critical information
    • Examples:
      • New virus signature
      • New intrusion detection signature
      • CRL (certificate revocation lists)
      • Offending characteristics for a firewall to monitor
revere structure
Revere Structure
  • Acks/Nacks inappropriate
    • Scaling, lack of complete trust, etc.
  • Use redundancy to send multiple copies to each node
    • Each node can also forward security updates to others
  • A node can contact multiple repository nodes for missed updates
general redundant packet delivery services
General Redundant Packet Delivery Services
  • How could we add a redundant packet delivery service to the Internet?
  • What would be the best method of achieving redundancy?
    • Know a lot about the network?
    • Or rely on randomness and obscurity?
  • What are the costs of doing so?
  • How could it be easily deployable?
    • Proxy-based solutions?
conclusion
Conclusion
  • Conventional security approaches and transmission primitives don’t adequately counter interruption threats
  • Redundancy is a promising tool
  • But effective use of redundancy is challenging
  • Are there other problems that redundancy can solve?
  • Does redundancy itself lead to new security threats?
questions
Questions
  • Contact information
    • Peter Reiher: reiher@cs.ucla.edu
    • Jun Li: lijun@cs.ucla.edu
    • Gerald Popek: popek@cs.ucla.edu