RFC8573: Message authentication code for the network time protocol

The Network Time Protocol (NTP), as described in RFC 5905, states that NTP packets should be authenticated by appending NTP data to a 128-bit key and hashing the result with MD5 to obtain a 128-bit tag. This document deprecates MD5-based authentication, which is considered too weak, and recommends the use of AES-CMAC as described in RFC 4493 as a replacement.https://www.rfc-editor.org/rfc/rfc8573.htmlPublished versio

Technology diffusion in communication networks

The deployment of new technologies in the Internet is notoriously difficult, as evidence by the myriad of well-developed networking technologies that still have not seen widespread adoption (e.g., secure routing, IPv6, etc.) A key hurdle is the fact that the Internet lacks a centralized authority that can mandate the deployment of a new technology. Instead, the Internet consists of thousands of nodes, each controlled by an autonomous, profit-seeking firm, that will deploy a new networking technology only if it obtains sufficient local utility by doing so. For the technologies we study here, local utility depends on the set of nodes that can be reached by traversing paths consisting only of nodes that have already deployed the new technology. To understand technology diffusion in the Internet, we propose a new model inspired by work on the spread of influence in social networks. Unlike traditional models, where a node's utility depends only its immediate neighbors, in our model, a node can be influenced by the actions of remote nodes. Specifically, we assume node v activates (i.e. deploys the new technology) when it is adjacent to a sufficiently large connected component in the subgraph induced by the set of active nodes; namely, of size exceeding node v's threshold value \theta(v). We are interested in the problem of choosing the right seedset of nodes to activate initially, so that the rest of the nodes in the network have sufficient local utility to follow suit. We take the graph and thresholds values as input to our problem. We show that our problem is both NP-hard and does not admit an (1-o(1) ln|V| approximation on general graphs. Then, we restrict our study to technology diffusion problems where (a) maximum distance between any pair of nodes in the graph is r, and (b) there are at most \ell possible threshold values. Our set of restrictions is quite natural, given that (a) the Internet graph has constant diameter, and (b) the fact that limiting the granularity of the threshold values makes sense given the difficulty in obtaining empirical data that parameterizes deployment costs and benefits. We present algorithm that obtains a solution with guaranteed approximation rate of O(r^2 \ell \log|V|) which is asymptotically optimal, given our hardness results. Our approximation algorithm is a linear-programming relaxation of an 0-1 integer program along with a novel randomized rounding scheme.National Science Foundation (S-1017907, CCF-0915922

Message authentication codes for the Network Time Protocol

RFC 5905 [RFC5905] states that Network Time Protocol (NTP) packets should be authenticated by appending a 128-bit key to the NTP data, and hashing the result with MD5 to obtain a 128-bit tag. This document deprecates MD5-based authentication, which is considered to be too weak, and recommends the use of AES-CMAC [RFC4493] as a replacement.https://datatracker.ietf.org/doc/draft-ietf-ntp-mac/First author draf

Low-resource eclipse attacks on Ethereum’s peer-to-peer network

We present eclipse attacks on Ethereum nodes that exploit the peer-to-peer network used for neighbor discovery. Our attacks can be launched using only two hosts, each with a single IP address. Our eclipse attacker monopolizes all of the victim’s incoming and outgoing connections, thus isolating the victim from the rest of its peers in the network. The attacker can then filter the victim’s view of the blockchain, or co-opt the victim’s computing power as part of more sophisticated attacks. We argue that these eclipse-attack vulnerabilities result from Ethereum’s adoption of the Kademlia peer-to-peer protocol, and present countermeasures that both harden the network against eclipse attacks and cause it to behave differently from the traditional Kademlia protocol. Several of our countermeasures have been incorporated in the Ethereum geth 1.8 client released on February 14, 2018.First author draf

BGP Security in Partial Deployment: Is the Juice Worth the Squeeze?

As the rollout of secure route origin authentication with the RPKI slowly gains traction among network operators, there is a push to standardize secure path validation for BGP (i.e., S*BGP: S-BGP, soBGP, BGPSEC, etc.). Origin authentication already does much to improve routing security. Moreover, the transition to S*BGP is expected to be long and slow, with S*BGP coexisting in "partial deployment" alongside BGP for a long time. We therefore use theoretical and experimental approach to study the security benefits provided by partially-deployed S*BGP, vis-a-vis those already provided by origin authentication. Because routing policies have a profound impact on routing security, we use a survey of 100 network operators to find the policies that are likely to be most popular during partial S*BGP deployment. We find that S*BGP provides only meagre benefits over origin authentication when these popular policies are used. We also study the security benefits of other routing policies, provide prescriptive guidelines for partially-deployed S*BGP, and show how interactions between S*BGP and BGP can introduce new vulnerabilities into the routing system

MaxLength considered harmful to the RPKI

User convenience and strong security are often at odds, and most security applications need to find some sort of balance between these two (often opposing) goals. The Resource Public Key Infrastructure (RPKI), a security infrastructure built on top of interdomain routing, is not immune to this issue. The RPKI uses the maxLength attribute to reduce the amount of information that must be explicitly recorded in its cryptographic objects. MaxLength also allows operators to easily reconfigure their networks without modifying their RPKI objects. Our network measurements, however, suggest that the maxLength attribute strikes the wrong balance between security and user convenience. We therefore believe that operators should avoid using maxLength. We give operational recommendations and develop software that allow operators to reap many of the benefits of maxLength without its security costs.https://eprint.iacr.org/2016/1015.pdfhttps://eprint.iacr.org/2016/1015.pdfPublished versio

Passport: enabling accurate country-level router geolocation using inaccurate sources

When does Internet traffic cross international borders? This question has major geopolitical, legal and social implications and is surprisingly difficult to answer. A critical stumbling block is a dearth of tools that accurately map routers traversed by Internet traffic to the countries in which they are located. This paper presents Passport: a new approach for efficient, accurate country-level router geolocation and a system that implements it. Passport provides location predictions with limited active measurements, using machine learning to combine information from IP geolocation databases, router hostnames, whois records, and ping measurements. We show that Passport substantially outperforms existing techniques, and identify cases where paths traverse countries with implications for security, privacy, and performance.First author draf

Passport: Enabling Accurate Country-Level Router Geolocation using Inaccurate Sources

When does Internet traffic cross international borders? This question has major geopolitical, legal and social implications and is surprisingly difficult to answer. A critical stumbling block is a dearth of tools that accurately map routers traversed by Internet traffic to the countries in which they are located. This paper presents Passport: a new approach for efficient, accurate country-level router geolocation and a system that implements it. Passport provides location predictions with limited active measurements, using machine learning to combine information from IP geolocation databases, router hostnames, whois records, and ping measurements. We show that Passport substantially outperforms existing techniques, and identify cases where paths traverse countries with implications for security, privacy, and performance