research-article

Packet-dropping adversary identification for data plane security

Authors:

Adrian PerrigAuthors Info & Claims

CoNEXT '08: Proceedings of the 2008 ACM CoNEXT Conference

Article No.: 24, Pages 1 - 12

https://doi.org/10.1145/1544012.1544036

Published: 09 December 2008 Publication History

Abstract

Until recently, the design of packet dropping adversary identification protocols that are robust to both benign packet loss and malicious behavior has proven to be surprisingly elusive. In this paper, we propose a secure and practical packet-dropping adversary localization scheme that is robust and achieves a high detection rate and low communication and storage overhead -- the three key performance metrics for such protocols in realistic settings. Other recent work just optimizes either the detection rate or the communication overhead.

In this paper, we systematically explore the design space of acknowledgment-based protocols to identify a packet dropping adversary on a forwarding path. In particular, we investigate a set of basic protocols, each exemplifying a design dimension, and examine the underlying tradeoff between the performance metrics. For each basic protocol, we present both upper and lower performance bounds via theoretical analysis, and average-case results via simulations. We conclude that the proposed PAAI-1 protocol outperforms other related schemes.

References

[1]

K. Argyraki, P. Maniatis, D. Cheriton, and S. Shenker. Providing packet obituaries. In ACM Hotnets-III, 2004.

[2]

K. Argyraki, P. Maniatis, O. Irzak, S. Ashish, and S. Shenker. Loss and delay accountability interface for the internet. In Proceedings of IEEE International Conference on Network Protocols, 2007.

[3]

I. Avramopoulos, H. Kobayashi, R. Wang, and A. Krishnamurthy. Amendment to: Highly secure and efficient routing. Available at http://www.princeton.edu/~iavramop/amendment.pdf.

[4]

I. Avramopoulos, H. Kobayashi, R. Wang, and A. Krishnamurthy. Highly secure and efficient routing. In IEEE Infocom, 2004.

[5]

I. Avramopoulos and J. Rexford. Stealth probing: Efficient data-plane security for ip routing. In USENIX, 2006.

Digital Library

[6]

B. Awerbuch, D. Holmer, C. Nita-Rotaru, and H. Rubens. An on-demand secure routing protocol resilient to byzantine failures. In ACM WiSe, 2002.

Digital Library

[7]

B. Barak, S. Goldberg, and D. Xiao. Protocols and lower bounds for failure localization in the internet. In Proceedings of EUROCRYPT, 2008.

Digital Library

[8]

K. A. Bradley, S. Cheung, N. Puketza, B. Mukherjee, and R. A. Olsson. Detecting disruptive routers: A distributed network monitoring approach. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 115--124, Oakland, CA, May 1998.

[9]

S. Goldberg, D. Xiao, E. Tromer, B. Barak, and J. Rexford. Path-quality monitoring in the presence of adversaries. In Proceedings of SIGMETRICS, 2008.

Digital Library

[10]

J. R. Hughes, T. Aura, and M. Bishop. Using conservation of flow as a security mechanism in network protocols. In Proceedings of IEEE Symposium on Security and Privacy, 2000.

Digital Library

[11]

M. Just, E. Kranakis, and W. Tao. Resisting malicious packet dropping in wireless ad hoc networks. In Proceedings of ADHOC-NOW, Oct. 2003.

[12]

K. Liu, J. Deng, P. K. Varshney, and K. Balakrishnan. An acknowledgement-based approach for the detection of routing misbehavior in MANETs. IEEE Transactions on Mobile Computing, May 2007.

Digital Library

[13]

J. McCune, E. Shi, A. Perrig, and M. K. Reiter. Detection of denial-of-message attacks on sensor network broadcasts. In Proceedings of IEEE Symposium on Security and Privacy, May 2005.

Digital Library

[14]

A. T. Mizrak, Y.-C. Cheng, K. Marzullo, and S. Savage. Fatih: detecting and isolating malicious routers. In Proceedings of International Conference on Dependable Systems and Networks, 2005.

Digital Library

[15]

V. N. Padmanabhan and D. R. Simon. Secure traceroute to detect faulty or malicious routing. SIGCOMM Computer Communication Review (CCR), 33(1): 77--82, 2003.

Digital Library

[16]

R. Perlman. Network Layer Protocol with Byzantine Agreement. PhD thesis, The MIT Press, Oct. 1988. LCS TR-429.

[17]

X. Zhang, A. Jain, and A. Perrig. Full version: Packet-dropping adversary identification for data plane security. Available at http://www.cs.cmu.edu/~xzhang1/doc/conext08_full.pdf.

Cited By

Faisal TDohler MMangiante SLopez D(2022)BEAT: Blockchain-Enabled Accountable and Transparent Infrastructure Sharing in 6G and BeyondIEEE Access10.1109/ACCESS.2022.317198410(48660-48672)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3171984
Selvaraj NMadhan EKathirvel A(2022)Identifying and Eliminating the Misbehavior Nodes in the Wireless Sensor NetworkSoft Computing and Signal Processing10.1007/978-981-16-7088-6_36(393-403)Online publication date: 15-Feb-2022
https://doi.org/10.1007/978-981-16-7088-6_36
Fragkouli GArgyraki KFord B(2019)MorphIT: Morphing Packet Reports for Internet TransparencyProceedings on Privacy Enhancing Technologies10.2478/popets-2019-00212019:2(88-104)Online publication date: 4-May-2019
https://doi.org/10.2478/popets-2019-0021
Show More Cited By

Index Terms

Packet-dropping adversary identification for data plane security
1. Hardware
  1. Communication hardware, interfaces and storage
2. Networks
  1. Network protocols

Recommendations

Hop-count based probabilistic packet dropping: Congestion mitigation with loss rate differentiation

Network applications and users have very diverse service expectations and requirements, demanding for provisioning different levels of quality of service on the Internet. As the speed of network links has been rising at a pace that exceeds that of the ...
How to reduce packet dropping in a bufferless NoC

Networks on-chip (NoCs) interconnect the components located inside a chip. In multicore chips, NoCs have a strong impact on the overall system performance. NoC bandwidth is limited by the critical path delay. Recent works show that the critical path ...
Multi-Party Computation with Omnipresent Adversary
Irvine: Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09

Secure multi-party computation (MPC) protocols enable a set of <em>n</em> mutually distrusting participants <em>P</em> ₁ , ..., <em>P</em> _<em>n</em> , each with their own private input <em>x</em> _<em>i</em> , to compute a function <em>Y</em> = <em>...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CoNEXT '08: Proceedings of the 2008 ACM CoNEXT Conference

December 2008

526 pages

ISBN:9781605582108

DOI:10.1145/1544012

Conference Chairs:
Arturo Azcorra
IMDEA Networks and University Carlos III of Madrid, Spain
,
Gustavo de Veciana
University Texas at Austin
,
Program Chairs:
Keith W. Ross
Polytechnic University
,
Leandros Tassiulas
University of Thessaly, Greece

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 December 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

Acceptance Rates

Overall Acceptance Rate 198 of 789 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

30
Total Citations
View Citations
252
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Faisal TDohler MMangiante SLopez D(2022)BEAT: Blockchain-Enabled Accountable and Transparent Infrastructure Sharing in 6G and BeyondIEEE Access10.1109/ACCESS.2022.317198410(48660-48672)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3171984
Selvaraj NMadhan EKathirvel A(2022)Identifying and Eliminating the Misbehavior Nodes in the Wireless Sensor NetworkSoft Computing and Signal Processing10.1007/978-981-16-7088-6_36(393-403)Online publication date: 15-Feb-2022
https://doi.org/10.1007/978-981-16-7088-6_36
Fragkouli GArgyraki KFord B(2019)MorphIT: Morphing Packet Reports for Internet TransparencyProceedings on Privacy Enhancing Technologies10.2478/popets-2019-00212019:2(88-104)Online publication date: 4-May-2019
https://doi.org/10.2478/popets-2019-0021
Nikolopoulos PPappas CArgyraki KPerrig A(2019)Retroactive Packet Sampling for Traffic ReceiptsACM SIGMETRICS Performance Evaluation Review10.1145/3376930.337694247:1(17-18)Online publication date: 17-Dec-2019
https://dl.acm.org/doi/10.1145/3376930.3376942
Nikolopoulos PPappas CArgyraki KPerrig A(2019)Retroactive Packet Sampling for Traffic ReceiptsProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/3322205.33110903:1(1-39)Online publication date: 26-Mar-2019
https://dl.acm.org/doi/10.1145/3322205.3311090
Nikolopoulos PPappas CArgyraki KPerrig ANahum EBonald TDuffield N(2019)Retroactive Packet Sampling for Traffic ReceiptsAbstracts of the 2019 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems10.1145/3309697.3331485(17-18)Online publication date: 20-Jun-2019
https://dl.acm.org/doi/10.1145/3309697.3331485
Zhou FQi ZYao JMa RWang BVasilakos AGuan H(2018)FL: Design and Implementation of Distributed Dynamic Fault LocalizationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2016.259988115:3(378-392)Online publication date: 1-May-2018
https://doi.org/10.1109/TDSC.2016.2599881
Ahmad ADoss RAlajeely MRubeaai S(2018)Trust strategy implementation in OppNetsComputing10.1007/s00607-017-0569-2100:2(151-181)Online publication date: 1-Feb-2018
https://dl.acm.org/doi/10.1007/s00607-017-0569-2
Chen AHaeberlen AZhou WLoo B(2017)One Primitive to Diagnose Them AllProceedings of the Twelfth European Conference on Computer Systems10.1145/3064176.3064212(374-388)Online publication date: 23-Apr-2017
https://dl.acm.org/doi/10.1145/3064176.3064212
Lopez ENavarro L(2017)Tight bounds for sketches in traffic validation2017 IEEE 14th International Conference on Networking, Sensing and Control (ICNSC)10.1109/ICNSC.2017.8000093(210-215)Online publication date: May-2017
https://doi.org/10.1109/ICNSC.2017.8000093
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten