## etc. Securing Internet Coordinate Embedding Systems (2007)

### Cached

### Download Links

Venue: | In Proceedings of the ACM SIGCOMM |

Citations: | 29 - 4 self |

### BibTeX

@INPROCEEDINGS{Kaafar07etc.securing,

author = {Mohamed Ali Kaafar and Inria Sophia Antipolis and Kave Salamatian and Laurent Mathy and Thierry Turletti and Chadi Barakat and Walid Dabbous and Inria Sophia Antipolis},

title = {etc. Securing Internet Coordinate Embedding Systems},

booktitle = {In Proceedings of the ACM SIGCOMM},

year = {2007}

}

### OpenURL

### Abstract

This paper addresses the issue of the security of Internet Coordinate Systems, by proposing a general method for malicious behavior detection during coordinate computations. We first show that the dynamics of a node, in a coordinate system without abnormal or malicious behavior, can be modeled by a Linear State Space model and tracked by a Kalman filter. Then we show that the obtained model can be generalized in the sense that the parameters of a filter calibrated at a node can be used effectively to model and predict the dynamic behavior at another node, as long as the two nodes are not too far apart in the network. This leads to the proposal of a Surveyor infrastructure: Surveyor nodes are trusted, honest nodes that use each other exclusively to position themselves in the coordinate space, and are therefore immune to malicious behavior in the system. During their own coordinate embedding, other nodes can then use the filter parameters of a nearby Surveyor as a representation of normal, clean system behavior to detect and filter out abnormal or malicious activity. A combination of simulations and Planet-Lab experiments are used to demonstrate the validity, generality, and effectiveness of the proposed approach for two representative coordinate embedding systems, namely Vivaldi and NPS.

### Citations

3855 | Chord: A scalable peer-to-peer lookup service for internet applications
- Stoica, Morris, et al.
- 2001
(Show Context)
Citation Context ...lysis from a live, large-scale deployment have shown network coordinate systems to be fit for purpose [7], making them a valuable tool to support distributed applications, systems and overlays (e.g., =-=[8, 9, 10]-=-) that rely on, and benefit from, the notion of network topology-awareness. However, it should also be noted that coordinate-based positioning systems only achieve desirable accuracy, robustness, stab... |

2486 |
A New Approach to Linear Filtering and Prediction Problems. Transaction of the ASME
- Kalman
- 1960
(Show Context)
Citation Context ...e postulate and verify that, in the absence of malicious activity, a node’s coordinate can be viewed as a stochastic process with linear dependencies whose evolution can be tracked by a Kalman filter =-=[13, 14]-=-. Each Surveyor then computes and calibrates the parameters of a linear state space model and shares the parameters of this model with other nodes. These nodes can then use these parameters, to run lo... |

557 | Predicting Internet Network Distance with Coordinates-based Approaches
- Ng, Zhang
- 2002
(Show Context)
Citation Context ...equires prior specific permission and/or a fee. SIGCOMM’07, August 27–31, 2007, Kyoto, Japan. Copyright 2007 ACM 978-1-59593-713-1/07/0008 ...$5.00. 1. INTRODUCTION Internet coordinate systems (e.g., =-=[1, 2, 3, 4, 5, 6]-=-, etc.) embed latency measurements amongst samples of a node population into a geometric space and associate a network coordinate vector (or coordinate in short) in this geometric space to each node, ... |

503 | Vivaldi: A Decentralized Network Coordinate System
- Dabek, Cox, et al.
- 2004
(Show Context)
Citation Context ...equires prior specific permission and/or a fee. SIGCOMM’07, August 27–31, 2007, Kyoto, Japan. Copyright 2007 ACM 978-1-59593-713-1/07/0008 ...$5.00. 1. INTRODUCTION Internet coordinate systems (e.g., =-=[1, 2, 3, 4, 5, 6]-=-, etc.) embed latency measurements amongst samples of a node population into a geometric space and associate a network coordinate vector (or coordinate in short) in this geometric space to each node, ... |

368 | New results in linear filtering and prediction theory
- Kalman, Bucy
- 1961
(Show Context)
Citation Context ...e postulate and verify that, in the absence of malicious activity, a node’s coordinate can be viewed as a stochastic process with linear dependencies whose evolution can be tracked by a Kalman filter =-=[13, 14]-=-. Each Surveyor then computes and calibrates the parameters of a linear state space model and shares the parameters of this model with other nodes. These nodes can then use these parameters, to run lo... |

236 | SOS: Secure overlay services
- Keromytis, Misra, et al.
- 2002
(Show Context)
Citation Context ...es not address the problem of external attacks on the infrastructure (e.g. denial of service attacks, “link clogging”, etc.), we note that solutions to such attacks have been proposed elsewhere (e.g. =-=[24]-=-). The operations of the proposed detection protocol were deliberately kept simple and tested on systems where Surveyors were chosen randomly, although their representativeness increases with closenes... |

165 | PIC: Practical Internet Coordinates for Distance Estimation
- Costa, Castro, et al.
- 2004
(Show Context)
Citation Context ...equires prior specific permission and/or a fee. SIGCOMM’07, August 27–31, 2007, Kyoto, Japan. Copyright 2007 ACM 978-1-59593-713-1/07/0008 ...$5.00. 1. INTRODUCTION Internet coordinate systems (e.g., =-=[1, 2, 3, 4, 5, 6]-=-, etc.) embed latency measurements amongst samples of a node population into a geometric space and associate a network coordinate vector (or coordinate in short) in this geometric space to each node, ... |

163 |
On the Kolmogorov‐Smirnov test for normality with mean and variance unknown
- Lilliefors
- 1967
(Show Context)
Citation Context ...the applicability of the Kalman filter framework. Every node calibrated its own Kalman filter based on the observation of its own embedding, and we checked this assumption by applying the Lillie test =-=[19]-=-, a robust version of the well known kolmogoroff-Smirnov goodnessof-fit test, to whitened filter inputs. We observed that the Lillie test leads to only 14 gaussian fitting rejections in simulations (o... |

162 | Parameter estimation for linear dynamical systems
- Ghahramani, Hinton
- 1996
(Show Context)
Citation Context ...hood criteria (choosing parameter values such that the likelihood of observing the measurements is maximized) by applying the Expectation Maximization (EM) method. We follow the approach presented in =-=[16]-=- for the EM derivation. Calibration by EM method. Let’s assume that D N 0 is the set of all measured prediction errors, D N 0 = {D0, . . . , DN } and let ∆ N 0 = {∆0, . . . , ∆N } be the set of nomina... |

148 | Lighthouses for scalable distributed location
- Pias, Crowcroft, et al.
- 2003
(Show Context)
Citation Context |

135 | Big-Bang Simulation for Embedding Network Distances in Euclidean Space
- Shavitt, Tankel
- 2003
(Show Context)
Citation Context |

120 |
estimating latency between arbitrary Internet hosts
- Gummadi, Saroiu, et al.
- 2002
(Show Context)
Citation Context ...host Internet RTTs (the “King” dataset) to model latencies based on real world measurements. This dataset contains the pair-wise RTTs between 1740 Internet DNS servers collected using the King method =-=[18]-=- and was used to generate a topology with 1740 overlay nodes. In the case of Vivaldi, each node had 64 neighbors (i.e. was attached to 64 springs), 32 of which being chosen to be closer than 50 ms. Th... |

112 | A network positioning system for the internet
- Ng, Zhang
- 2004
(Show Context)
Citation Context |

88 | On the Accuracy of Embeddings for Internet Coordinate Systems
- Lua, Griffin, et al.
- 2005
(Show Context)
Citation Context ...nate systems. Our method does not rely on the geometric properties of the coordinate space, and is therefore unaffected by potential triangular inequality violations which often occur in the Internet =-=[21, 22]-=-. Instead, our detection test is based on the modeling of the dynamic relative errors observed in a clean system. The relative error is a dimensionless quantity which is at the very core of any embedd... |

75 | Combining filtering and statistical methods for anomaly detection
- Soule, Salamatian, et al.
- 2005
(Show Context)
Citation Context ...e impact on the system as long as their occurrence is low. The trade-off between aggressivity and strictness of the test is represented by the so called ROC (Receiver Operation Characteristic) curves =-=[20]-=-. These curves plot the true positive rate versus the false positive rate, i.e. the probability of correctly detecting a malicious node versus the probability of labelling an honest node as malicious.... |

26 | Real attacks on virtual networks: Vivaldi out of tune, to appear
- Kaafar, Mathy, et al.
- 2006
(Show Context)
Citation Context ...ribution of measured relative errors. The cumulative distribution function of the measured relative errors, across all normal nodes, after convergence (in the sense of error convergence as defined in =-=[12]-=-) is shown in figure 13 (for the time being, ignore the curve entitled ”Using Dedicated Surveyors for Embedding”). We see that the detection mechanism renders the system practically immune to the atta... |

20 | Virtual Networks under Attack: Disrupting Internet Coordinate Systems
- Kaafar, Mathy, et al.
- 2006
(Show Context)
Citation Context ... been shown to be vulnerable to malicious attacks, providing a potentially attractive fertile ground for the disruption or collapse of the many applications and overlays that would use these services =-=[11]-=-. There are actually two obvious ways to disrupt the operation of a coordinate based system. First when requested to give its coordinate for a distance estimation at the application-level, a malicious... |

10 | A gentle tutorial on the EM algorithm including gaussian mixtures and baum-welch - Bilmes - 1997 |

7 |
On the Constancy of
- Zhang, Duffield, et al.
- 2001
(Show Context)
Citation Context ...ling state generating measurement noise, etc), the exact value of the RTT varies continuously. However, it has been shown that RTT values in the Internet exhibit some stability in a statistical sense =-=[15]-=-, with the statistical properties of RTTs exhibiting no significant change at timescales of several minutes. It is that property that embedding systems exploit to provide good distance estimates while... |

2 | Securing Internet Coordinate System: Embedding Phase
- Kaafar, Mathy, et al.
- 2007
(Show Context)
Citation Context ... algorithm, we obtain ˆ δ (k) i , ˆπ (k) i and ˆπ (k) i,i−1 , which gives the expected loglikelihood at the (k + 1) th step. Interested readers can find details of the computations of these values in =-=[17]-=-. Maximization step. In this step, the parameter vector at step (k + 1) is chosen to maximize the expected log-likelihood. This is done by solving the equation ∂ ¯ L(θ, θ (k) ) ∂θ = 0. This results in... |