Xin Liu, Ang Li, Xiaowei Yang  (UC Irvine) David Wetherall (Intel Research Seattle & U. Washington) USENIX Network System ...
Passport: Goal and Assumption <ul><li>A cryptographic scheme to  authenticate the source AS  of network traffic </li></ul>...
Design: Overview 3/24/09 Speaker : Yun Liaw
Design: Key distribution protocol <ul><li>Use  Diffie-Hellman  for key exchange </li></ul><ul><li>Distribute the public va...
Design: Stamping and Verification <ul><li>Source AS’s border routers  stamp MACs on Passport header as inter-AS authentica...
Mitigating Reflector Attack 3/24/09 Speaker : Yun Liaw
Performance Evaluation 3/24/09 Speaker : Yun Liaw
Performance Evaluation 3/24/09 Speaker : Yun Liaw
Adoptability <ul><li>E(M,D) : Security indicator that set to 1 if  M  cannot spoof  S , and 0 otherwise </li></ul><ul><li>...
Adoptability 3/24/09 Speaker : Yun Liaw
Upcoming SlideShare
Loading in …5
×

Passport

463 views

Published on

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
463
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Teemu Koponen and Daekyeong Moon are student/post doc, and rest of them are professor
  • Passport

    1. 1. Xin Liu, Ang Li, Xiaowei Yang (UC Irvine) David Wetherall (Intel Research Seattle & U. Washington) USENIX Network System Design and Implementation (NSDI) 2008 Speaker: Yun Liaw Passport: Secure and Adoptable Source Authentication
    2. 2. Passport: Goal and Assumption <ul><li>A cryptographic scheme to authenticate the source AS of network traffic </li></ul><ul><li>Consider an AS to prevent a malicious host in its network as an internal issue </li></ul><ul><li>But do not verify the duplication of packet </li></ul><ul><ul><li>It should be done by lower protocol </li></ul></ul><ul><ul><li>Duplicate is not as problematic as spoofing </li></ul></ul><ul><li>Assume that routing is secure </li></ul>3/24/09 Speaker : Yun Liaw
    3. 3. Design: Overview 3/24/09 Speaker : Yun Liaw
    4. 4. Design: Key distribution protocol <ul><li>Use Diffie-Hellman for key exchange </li></ul><ul><li>Distribute the public value via piggybacking on BGP routing advertisement </li></ul><ul><li>The private/public key pair can be generated and renew inside the AS </li></ul>3/24/09 Speaker : Yun Liaw
    5. 5. Design: Stamping and Verification <ul><li>Source AS’s border routers stamp MACs on Passport header as inter-AS authentication information </li></ul><ul><li>Verification: On each ASes alone the path </li></ul><ul><li>If pass, </li></ul><ul><li> erase the MAC to prevent cryptanalysis </li></ul><ul><li>If not, </li></ul><ul><li> If the verifying AS is destination AS, </li></ul><ul><li> discard the packet </li></ul><ul><li> If the packet spoofs the intermediate AS that checks the packet, </li></ul><ul><li> discard the packet </li></ul><ul><li> Else, </li></ul><ul><li> intermediate AS demote the packet </li></ul>3/24/09 Speaker : Yun Liaw
    6. 6. Mitigating Reflector Attack 3/24/09 Speaker : Yun Liaw
    7. 7. Performance Evaluation 3/24/09 Speaker : Yun Liaw
    8. 8. Performance Evaluation 3/24/09 Speaker : Yun Liaw
    9. 9. Adoptability <ul><li>E(M,D) : Security indicator that set to 1 if M cannot spoof S , and 0 otherwise </li></ul><ul><li>P(M) : The probability that M is malicious </li></ul><ul><li>ω D : The weight that an AS S sends different amount of traffic to different AS D s </li></ul><ul><li>Security Benefit: </li></ul>3/24/09 Speaker : Yun Liaw
    10. 10. Adoptability 3/24/09 Speaker : Yun Liaw

    ×