article

Securing internet coordinate embedding systems

Authors:
Mohamed Ali Kaafar

INRIA, Sophia Antipolis, France

INRIA, Sophia Antipolis, France
View Profile

,
Laurent Mathy

Lancaster University, Lancaster, United Kingdom

Lancaster University, Lancaster, United Kingdom
View Profile

,
Chadi Barakat

INRIA, Sophia Antipolis, France

INRIA, Sophia Antipolis, France
View Profile

,
Kave Salamatian

LIP6: FR, Paris 6, France

LIP6: FR, Paris 6, France
View Profile

,
Thierry Turletti

INRIA, Sophia Antipolis, France

INRIA, Sophia Antipolis, France
View Profile

,
Walid Dabbous

INRIA, Sophia Antipolis, France

INRIA, Sophia Antipolis, France
View Profile

Authors Info & Claims

ACM SIGCOMM Computer Communication Review Volume 37 Issue 4October 2007pp 61–72https://doi.org/10.1145/1282427.1282388

Published:27 August 2007Publication History

ACM SIGCOMM Computer Communication Review

Abstract

This paper addresses the issue of the security of Internet Coordinate Systems,by proposing a general method for malicious behavior detection during coordinate computations. We first show that the dynamics of a node, in a coordinate system without abnormal or malicious behavior, can be modeled by a Linear State Space model and tracked by a Kalman filter. Then we show, that the obtained model can be generalized in the sense that the parameters of a filtercalibrated at a node can be used effectively to model and predict the dynamic behavior at another node, as long as the two nodes are not too far apart in the network. This leads to the proposal of a Surveyor infrastructure: Surveyor nodes are trusted, honest nodes that use each other exclusively to position themselves in the coordinate space, and are therefore immune to malicious behavior in the system.During their own coordinate embedding, other nodes can thenuse the filter parameters of a nearby Surveyor as a representation of normal, clean system behavior to detect and filter out abnormal or malicious activity. A combination of simulations and PlanetLab experiments are used to demonstrate the validity, generality, and effectiveness of the proposed approach for two representative coordinate embedding systems, namely Vivaldi and NPS.

References

T. E. Ng, and H. Zhang, Predicting internet network distance with coordinates-based approaches, in Proceedings of the IEEE INFOCOM, New York, June 2002.Google ScholarCross Ref
M. Pias, J. Crowcroft, S.Wilbur, S. Bhatti, and T. Harris, Lighthouses for Scalable Distributed Location, in Proceedings of International Workshop on Peer-to-Peer Systems (IPTPS03), Berkeley, February 2003.Google ScholarCross Ref
M. Costa, M. Castro, A. Rowstron, and P. Key, Practical Internet coordinates for distance estimation, in Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS), Tokyo, March 2004. Google ScholarDigital Library
T. E. Ng and H. Zhang, A Network Positioning System for the Internet, in Proceedings of the USENIX annual technical conference, Boston, June 2004. Google ScholarDigital Library
F. Dabek, R. Cox, F. Kaashoek and R. Morris, Vivaldi: A decentralized network coordinate system, in Proceedings of the ACM SIGCOMM, Portland, Oregon, August 2004. Google ScholarDigital Library
Y. Shavitt and T. Tankel, Big-Bang Simulation for embedding network distances in Euclidean Space, in Proceedings of the IEEE INFOCOM, June 2002.Google Scholar
J. Ledlie, P. Gardner, and M. Seltzer, Network Coordinates in the Wild, in Proceedings of NSDI, Cambridge, MA, April 2007. Google ScholarDigital Library
I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, and H. Balakrishnan, Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications, in Proceedings ofSIGCOMM, San Diego, CA, August 2001. Google ScholarDigital Library
Azureus BitTorrent Client.http://azureus.sourceforce.netGoogle Scholar
www.skype.comGoogle Scholar
M. A. Kaafar, L. Mathy, T. Turletti, and W. Dabbous, Virtual Networks under Attack: Disrupting Internet Coordinate Systems, in Proceedings of CoNext 2006, Lisboa, December, 2006. Google ScholarDigital Library
M. A. Kaafar, L. Mathy, T. Turletti and W. Dabbous, Real attacks on virtual networks: Vivaldi out of tune, in Proceedings of the SIGCOMM workshop on Large Scale Attack Defense (LSAD),Pisa, September 2006. Google ScholarDigital Library
R. E. Kalman, A New Approach to Linear Filtering and Prediction Problems, in Transactions of the ASME - Journalof Basic Engineering Vol. 82: pp. 35--45, 1960.Google ScholarCross Ref
R. E. Kalman, and R. S. Bucy, New Results in Linear Filtering and Prediction Theory, in Transactions of the ASME - Journal of Basic Engineering Vol. 83: pp. 95--107, 1961.Google ScholarCross Ref
Y. Zhang, N. Duffield, V. Paxson, and S. Shenker, On the Constancy of Internet Path Properties, in Proceedings of ACM SIGCOMM Internet Measurement Workshop, San Francisco, CA, November 2001. Google ScholarDigital Library
Z. Ghahramani, G. Hinton, Parameter Estimation for Linear Dynamical Systems, University of Toronto, Technical Report CRG-TR-96-2.Google Scholar
M. A. Kaafar, L. Mathy, C. Barakat, K. Salamatian, T. Turletti and W. Dabbous, Securing Internet Coordinate System: Embeeding Phase, Technical Report INRIA-00151257.Google Scholar
K. P. Gummadi, S. Saroiu, and S. D. Gribble, King: Estimating Latency between Arbitrary Internet End Hosts, in Proceedings of SIGCOMM Internet Mesasurement Workshop (IMW), Pittsburgh, PA, November 2002. Google ScholarDigital Library
H. Lilliefors, On the Kolmogorov-Smirnov test for normality with mean and variance unknown, Journal of the American Statistical Association, Vol. 62. pp. 399--402, June, 1967.Google ScholarCross Ref
A. Soule, K. Salamatian, and N. Taft, Combining Filtering and Statistical Methods for Anomaly Detection, in Proceedings of Internet Measurement Conference (IMC), Berkeley, October, 2005. Google ScholarDigital Library
E. K. Lua, T. griffin, M. Pias, H. Zheng, and J. Crowcroft, On the accuracy of Embeddings for Internet Coordinate Systems, in Proceedings of Internet Measurement Conference (IMC), Berkeley, October 2005. Google ScholarDigital Library
H. Zheng, E. K. Lua, M. Pias, and T. Griffin, Internet Routing Policies and Roun-Trip Times, in Proceedings of the Passive Active Measurement (PAM), Boston, March 2005. Google ScholarDigital Library
J. Bilmes, A gentle tutorial on the EM algorithm including gaussian mixtures and baum-welch, Technical Report TR-97-021, International Computer Science Institute, Berkeley, CA, 1997.Google Scholar
A. Keromytis, V. Misra and D. Rubenstein, SOS: Secure Overlay Services, in Proceedings of ACM SIGCOMM, Pittsburgh, PA, August 2002. Google ScholarDigital Library

Index Terms

Securing internet coordinate embedding systems
1. Networks
  1. Network properties
    1. Network structure

Recommendations

Securing internet coordinate embedding systems
SIGCOMM '07: Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications

This paper addresses the issue of the security of Internet Coordinate Systems,by proposing a general method for malicious behavior detection during coordinate computations. We first show that the dynamics of a node, in a coordinate system without ...
Read More
Securing Internet Coordinate Systems
Sustainable Internet
Abstract
Internet coordinate systems (e.g. [1,?]) have been proposed to allow for distance (Round-Trip Time, shortly RTT) estimation between nodes, in order to reduce the measurement overhead of many applications and overlay networks. Indeed, by embedding ...
Read More
Internet of Things security

The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM SIGCOMM Computer Communication Review Volume 37, Issue 4
October 2007
420 pages
ISSN:0146-4833
DOI:10.1145/1282427
Issue’s Table of Contents
SIGCOMM '07: Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
August 2007
432 pages
ISBN:9781595937131
DOI:10.1145/1282380
General Chairs:
Jun Murai
Keio University, Japan
,
Kenjiro Cho
IIJ, Japan
Copyright © 2007 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 27 August 2007
Check for updates
Author Tags
internet coordinates-embedding systems
kalman filter
malicious behavior detection
network positioning systems
security
Qualifiers
- article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 41
  Total Citations
  View Citations
- 544
  Total Downloads
- Downloads (Last 12 months)25
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Securing internet coordinate embedding systems

ACM SIGCOMM Computer Communication Review

Abstract

References

Cited By

Index Terms

Recommendations

Securing internet coordinate embedding systems

Securing Internet Coordinate Systems

Internet of Things security