Securing Internet Coordinate Systems
 Dali Kaafar,
 Laurent Mathy,
 Kavé Salamatian,
 Chadi Barakat,
 Thierry Turletti,
 Walid Dabbous
 … show all 6 hide
Abstract
Internet coordinate systems (e.g. [1,?]) have been proposed to allow for distance (RoundTrip Time, shortly RTT) estimation between nodes, in order to reduce the measurement overhead of many applications and overlay networks. Indeed, by embedding the Internet delay space into a metric space – an operation that only requires each node in the system to measure delays to a small set of other nodes (its neighbors), nodes are attributed coordinates that can then be used to estimate the RTT between any two nodes, without further measurements, simply by applying the distance function associated with the chosen metric space to the nodes’ coordinates.
Recently, these coordinatesbased systems have been shown to be accurate, with very low distance prediction error. However, most, if not all, of current proposals for coordinate systems assume that the nodes partaking in the system cooperate fully and honestly with each other – that is that the information reported by probed nodes is correct – this could also make them quite vulnerable to malicious attacks. In particular, insider attacks executed by (potentially colluding) legitimate users or nodes infiltrating the system could prove very effective.
As the use of overlays and applications relying on coordinates increases, one could imagine the release of worms and other malware, exploiting such cooperation, which could seriously disrupt the operations of these systems and therefore the virtual networks and applications relying on them for distance measurements.
In this talk, we first identify such attacks, and through a simulation study, we observed their impact on two recently proposed positioning systems [3], namely Vivaldi and NPS. We experimented with attack strategies, carried out by malicious nodes that provide biased coordinates information and delay measurement probes, and that aim to (i) introduce disorder in the system, (ii) fool honest nodes to move far away from their correct positions and (iii) isolate particular target nodes in the system through collusion. Our findings confirm the susceptibility of the coordinate systems to such attacks.
Our major contribution is therefore a model for malicious behavior detection during coordinates embedding [4]. We first show that the dynamics of a node, in a coordinate system without abnormal or malicious behavior, can be modeled by a Linear State Space model and tracked by a Kalman filter. Then we show, that the obtained model can be generalized in the sense that the parameters of a filter calibrated at a node can be used effectively to model and predict the dynamic behavior at another node, as long as the two nodes are not too far apart in the network. This leads to the proposal of a Surveyor infrastructure: Surveyor nodes are trusted, honest nodes that use each other exclusively to position themselves in the coordinate space, and are therefore immune to malicious behavior in the system. During their own coordinate embedding, other nodes can then use the filter parameters of a nearby Surveyor as a representation of normal, clean system behavior to detect and filter out abnormal or malicious activity. A combination of simulations and PlanetLab experiments are used to demonstrate the validity, generality, and effectiveness of the proposed approach for both Vivaldi and NPS.
Finally, we address the issue of asserting the accuracy of Internet coordinates advertised by nodes of Internet coordinate systems during distance estimations. Indeed, some nodes may even lie deliberately about their coordinates to mount various attacks against applications and overlays.
Our proposed method consists in two steps: 1) establish the correctness of a node’s claimed coordinate by using the Surveyor infrastructure and malicious embedding neighbor detection; and 2) issue a time limited validity certificate for each verified coordinate. Validity periods are computed based on an analysis of coordinate intershift times observed by Surveyors. By doing this, each surveyor can estimate the time until the next shift and thus, can limit the validity of the certificate it issues to regular nodes for their calculated coordinates. Our method is illustrated using a trace collected from a Vivaldi system deployed on PlanetLab, where intershift times are shown to follow longtail distribution (lognormal distribution in most cases, or Weibull distribution otherwise). We show the effectiveness of our method by measuring the impact of a variety of attacks, experimented on PlanetLab, on distance estimates.
 Ng, T.E., Zhang, H.: A Network Positioning System for the Internet. In: Proceedings of the USENIX annual technical conference, Boston (June 2004)
 Dabek, F., Cox, R., Kaashoek, F., Morris, R.: Vivaldi: A decentralized network coordinate system. In: Proceedings of the ACM SIGCOMM, Portland, Oregon (August 2004)
 Kaafar, M.A., Mathy, L., Turletti, T., Dabbous, W.: Virtual Networks under Attack: Disrupting Internet Coordinate Systems. In: Proceedings of CoNext 2006, Lisboa (December 2006)
 Kaafar, M.A., Mathy, L., Barakat, C., Salamatian, K., Turletti, T., Dabbous, W.: Securing Internet Coordinates Embedding Systems. In: SIGCOMM 2007 (2007)
 Title
 Securing Internet Coordinate Systems
 Book Title
 Sustainable Internet
 Book Subtitle
 Third Asian Internet Engineering Conference, AINTEC 2007, Phuket, Thailand, November 2729, 2007. Proceedings
 Pages
 pp 167168
 Copyright
 2007
 DOI
 10.1007/9783540768098_15
 Print ISBN
 9783540768081
 Online ISBN
 9783540768098
 Series Title
 Lecture Notes in Computer Science
 Series Volume
 4866
 Series ISSN
 03029743
 Publisher
 Springer Berlin Heidelberg
 Copyright Holder
 SpringerVerlag Berlin Heidelberg
 Additional Links
 Topics
 Industry Sectors
 eBook Packages
 Editors
 Authors

 Dali Kaafar ^{(1)}
 Laurent Mathy ^{(2)}
 Kavé Salamatian ^{(3)}
 Chadi Barakat ^{(1)}
 Thierry Turletti ^{(1)}
 Walid Dabbous ^{(1)}
 Author Affiliations

 1. INRIA SophiaAntipolis, France
 2. Lancaster University, UK
 3. LiP6, France
Continue reading...
To view the rest of this content please follow the download PDF link above.