Future-proof the Internet

A concept for a P4-programmable IXPs

Investigators: Daniel Wagner, Anja Feldmann, and Christoph Dietzel (DE-CIX/MPI-INF), in cooperation with Matthias Wichtlhuber (DE-CIX), and Jeremias Blendin (Intel, Barefoot Switch Division)

Internet Exchange Points (IXPs) are globally distributed Internet infrastructures, that facilitate exchange of local Internet peering traffic. They vary greatly in size and also in their requirements. They are understood to play a critical role in the Internet’s ecosystem and harbor the potential to reduce end-to-end latency of any kind of Internet traffic. However, hardware vendors do not focus on special IXP networking requirements due to the small market share of the latter. IXP operators are thus left to invest in expensive hardware with a unsuitable and bloated feature set. Recent endeavors have incorporated the idea of software-programmable networks to efficiently implement solutions tailored for IXPs to build so-called Software Defined Internet Exchanges (SDXes). In this project [1], we propose a concept of leveraging the programming language P4 to implement a P4-based IXP, the P4IX. We detail on a P4 pipeline concept that is split into various stages, each fulfilling certain demands of small, medium, and large IXPs. We account to the major advantages a significantly reduced time to market of solutions highly tailored for IXPs, a tight and automated integration of the business logic into the productive environment and enormously reduced cost. However, challenges come with this proposal. We critically discuss the required shift in the mindset of network operators to software developers and the need for a comprehensive testing environment of the self-implemented features.

• [1] D. Wagner, M. Wichtlhuber, C. Dietzel, J. Blendin, and A. Feldmann. P4IX: A concept for P4 programmable data planes at IXPs. In FIRA ’22, ACM SIGCOMM 2022 Workshop on Future of Internet Routing & Addressing, Amsterdam, Netherlands, 2022, pp. 72–78. ACM.

Collaborative DDos Mitigation

Investigators: Daniel Wagner, Anja Feldmann, and Christoph Dietzel (DE-CIX/MPI-INF), in cooperation with Daniel Kopp, Matthias Wichtlhuber (DE-CIX), Oliver Hohlfeld (Brandenburg University of Technology), and Georgios Smaragdakis (TU Delft)

Our daily lives increasingly rely on services in the Internet. With that, the availability of these services has become of unprecedentedly value. At the same time, they evolved into a decent target for attackers to cause harm. A typical Internet attack is the Distributed Denial of Service (DDoS) attack. Here, an attacker is in control of multiple distributed hosts to send coordinated traffic to overwhelm the target’s resources and effectively denying the target to serve benign requests. Despite ongoing research on DDoS detection and mitigation paired with improved understanding about adversary strategies, DDoS attacks are still on the rise and at an all time high. To date, attackers incorporate more sophisticated techniques and exploit by far more different mechanisms and protocols to form DDoS attacks at unparalleled threat levels.

In this project [1], we measure the ability of Internet Exchange Points (IXPs) to mitigate amplification DDoS attacks. Located in the heart of the Internet, they are closer to the source of attacks than conventional mitigation facilities that are typically located at the attack’s destination, at the egress edge of the Internet. However, the IXPs’ location usually lacks a holistic view on the attack traffic, as routes exist towards the target that bypass IXPs. The remaining fraction of the attack that crosses the IXP may not be large enough for local detection mechanisms to detect the traffic as malicious. To cope with this, we propose a collaboration between IXPs to get a more informed view on the attacks and improve the local attack detection. We unify the data of 11 IXPs across Europe and North America and identify 120k amplification DDoS attack events throughout a period of 6 months. We find that more than 80% of the attack traffic carried by these IXPs is locally undetected as such. With the help of collaborativel  exchanging information about traffic activity, a more comprehensive view on globally distributed DDoS attacks can be applied to the local detection. This helps to detect up to 90% of the attack traffic. For exchanging the required information, we further propose a DDoS information exchange platform. This comes with two different trust scenarios from which collaborating parties can choose to exchange their DDoS information.

• [1] D. Wagner, D. Kopp, M. Wichtlhuber, C. Dietzel, O. Hohlfeld, G. Smaragdakis, and A. Feldmann. United we stand: Collaborative detection and mitigation of amplification DDoS attacks at scale.
In Y. Kim, J. Kim, G. Vigna, E. Shi, H. Kim, and J. B. Hong, eds., CCS ’21, ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, 2021, pp. 970–987. ACM.

Advanced Prefix De-aggregation Attack

Investigators: Lars Prehn and Oliver Gasser in cooperation with Pawel Foremski (Institute of Theoretical and Applied Informatics, Polish Academy of Sciences)

The Internet is a critical resource in the day-to-day life of billions of users. To support the growing number of users and their increasing demands, operators have to continuously scale their network footprint, e.g. by joining Internet Exchange Points(IXPs) — and adopt relevant technologies—such as IPv6. IPv6, however, has a vastly larger address space compared to its predecessor, which allows for new kinds of attacks on the Internet routing infrastructure. In this project, we revisited prefix de-aggregation attacks in the light of these two changes and introduced Kirin—an advanced BGP prefix de-aggregation attack that sources millionsf IPv6 routes and distributes them via thousands of sessions across various IXPs to overflow the memory of border routers within thousands of remote ASes. Kirin’s highly distributed nature allows it to bypass traditional route-flooding defense mechanisms, such as per-session prefix limits or route flap damping. We analyzed the theoretical feasibility of the attack by formulating it as a Integer Linear Programming problem, tested for practical hurdles by deploying the infrastructure required to perform a small-scale Kirin attack using 4 IXPs, and validated our assumptions via BGP data analysis, real-world measurements, and router testbed experiments. Despite its low deployment cost, we found Kirin capable of injecting lethal amounts of IPv6 routes in the routers of thousands of ASes [1].

• [1] L. Prehn, P. Foremski, and O. Gasser. Kirin: Hitting the Internet with Millions of Distributed IPv6 Announcements, 2022. arXiv: 2210.10676.

Automatic Detection of Fake Key Attacks in Secure Messaging

Investigators: Devashish Gosain in cooperation with Tarun Kumar Yadav, Amir Herzberg, Daniel Zappala, and Kent Seamons.

Popular instant messaging applications such as WhatsApp and Signal provide end-to-end encryption for billions of users. They rely on a centralized, application-specific server to distribute public keys and relay encrypted messages between the users. Therefore, they prevent passive attacks but are vulnerable to some active attacks. A malicious or hacked server can distribute fake keys to users to perform man-in-the-middle or impersonation attacks. While typical secure messaging applications provide a manual method for users to detect these attacks, this burdens users, and studies show it is ineffective in practice. In our reserach [1], we present a completely automated approach for key verification (KTACA) that is oblivious to users and easy to deploy. We motivate KTACA by designing two approaches to automatic key verification. One approach uses client auditing (KTCA) and the second uses anonymous key monitoring (AKM). Both have relatively inferior security properties, leading to KTACA, which combines these approaches to provide the best of both worlds. We provide a security analysis of each defense, identifying which attacks they can automatically detect. We implement the active attacks to demonstrate they are possible, and we also create a prototype implementation of all the defenses to measure their performance and confirm their feasibility. Finally, we discuss the strengths and weaknesses of each defense, the overhead on clients and service providers, and deployment considerations.

• [1] T. K. Yadav, D. Gosain, A. Herzberg, D. Zappala, and K. Seamons. Automatic detection of fake key attacks in secure messaging. In H. Yin, A. Stavrou, C. Cremers, and E. Shi, eds., CCS ’22, 28th ACM SIGSAC Conference on Computer and Communications Security, Los Angeles, CA, USA, 2022, pp. 3019–3032. ACM.

MiXiM: Mixnet Design Decisions and Empirical Evaluation

Investigators: Devashish Gosain in cooperation with Ines Ben Guirat and Claudia Diaz (KU Leuven)

Mixnets are anonymous communication networks that aim to be secure against global adversarieswhoobserveallcommunicationsintheunderlyingnetwork.Real-worlddeployment of mix networks is challenging and lags behind relatively more recent low-latency systems. Many theoretical results and analyses exist but they do not adequately bridge the gap between theory and practice. One of the main challenges of deployment is deciding on the different mixnet building blocks and if the combination of them is necessarily the best system in terms of anonymity. The MiXiM framework [1] fills this gap and provides the means to systematically analyze mix network designs from a number of dimensions and supports the mix-network adopter to take practical decisions backed with empirical support. With MiXiM, one can document the metadata (packet sources, destinations, and timings) exposed to mixnet nodes and the underlying network while making an abstraction of data payloads and cryptographic operations. To the best of our knowledge, MiXiM is the first generic mixnet simulation framework that allows the evaluation of anonymity (entropy) for different mixnet designs. In addition, MiXiM captures a number of relevant metrics (latency, bandwidth overhead) that can be used to perform novel analysis. As a result, researchers aiming to build a new mixnet system (or compare existing systems) can use MiXiM and evaluate anonymity and performance trade-offs under different scenarios. This flexible framework allows one to quickly set up experiments to investigate a large combination of mix networks building blocks, such as mixing strategies, network topologies, and the different parameters related to each component. The framework provides a number of metrics covering the anonymity, end-to-end latency, and overheads of mix networks.

• [1] I. Ben Guirat, D. Gosain, and C. Diaz. MiXiM: Mixnet design decisions and empirical evaluation. In G. Livraga and N. Park, eds., WPES ’21, 20th Workshop on Workshop on Privacy in the Electronic Society, Virtual Event, Republic of Korea, 2021, pp. 33–37. ACM.

Deep Packet Inspection in P4

Investigators: Devashish Gosain in cooperation with Sahil Gupta (Rochester Institute of Technology), Minseok Kwon (Rochester Institute of Technology), and Hrishikesh B Acharya (Rochester Institute of Technology)

Switches and routers–particularly Software-Defined Network (SDN) switches–have been successfully used to implement network-layer firewalls, flow analysis, and a wide range of other functions. Part of the reason for this remarkable versatility is that a small number of packet headers (source IP, source port, destination IP, destination port, protocol, etc.) are key for a variety of networking tasks. However, more advanced techniques, such as the detection of malicious traffic or malware signatures, require Deep Packet Inspection (DPI), i.e., the inspection of packet payloads and not just packet headers. However, we find that DPI-in- SDN is challenging because, in general, the payload is large and unpredictable in structure compared to packet headers. For example, one payload item–the HTTP application-layer header–has 47 possible fields, and these fields can occur out-of-order, have variable lengths, or can be entirely missing. Switches are designed for high-performance packet forwarding and not for general computation  so even in the case of P4–a language that allows users to freely define headers for their own protocols (which the switch then parses as easily as TCP or IP headers)–the authors of the P4 standard explicitly say that P4 is not intended for DPI. But in this work, we present a system–Deep Packet Inspection in P4 using packet recirculation (DeeP4R)–that performs Deep Packet Inspection in the data plane [1, 2]. DeeP4R is the first firewall to achieve “true Deep Packet Inspection in P4” (which we define as, DPI without realtime help from a controller or external firewall), using only standard P4-compatible switches. When a packet arrives, we use P4 functions to clone it, then apply the recirculate-and-truncate method of pattern matching on the cloned packet. (We loop the packet through the switch, consuming one byte from it with each pass. A Deterministic Finite Automaton keeps track if we have seen the target string.) If the clone is consumed without us seeing the target string (URL), we let the original packet (which has not been altered) pass through; otherwise, we drop it. Our novel method of combining packet cloning with recirculate-and-truncate allows us to perform flexible parsing in P4 and allow non-target traffic to pass through transparently. We do not claim that DeeP4R can handle all Deep Packet Inspection tasks, but it is perfectly capable of application-layer firewall tasks such as URL filtering. To our knowledge, DeeP4R is the first filter able to block URLs directly in the data plane (not taking real-time help from SDN controller, firewall, or special hardware).

In future we will extend our approach to match other strings such as keywords, and to other protocols such as DNS. We implement, demonstrate, and benchmark the scalability and performance of DeeP4R, which as a dataplane program can process traffic very efficiently on a real switch. For instance, with 5000 domain names to filter and 10000 parallel flows, the latency on DeeP4R on a commodity SDN switch is under 1 milli-second while our firewall server (running standard Linux netfilter firewall) takes over 5 seconds.

• [1] S. Gupta, D. Gosain, G. Grigoryan, M. Kwon, and H. B. Acharya. Demo: Simple deep packet inspection with P4. In IEEE 29th International Conference on Network Protocols (ICNP 2021), Virtual Conference, 2021, pp. 1–2. IEEE.
• [2] S. Gupta, D. Gosain, M. Kwon, and H. Acharya. DeeP4R: Deep packet inspection in P4 using packet recirculation. In International Conference on Computer Communications (INFOCOM),2023. IEEE.

On the Anonymity of Peer-To-Peer Network Anonymity Schemes Used by Cryptocurrencies

Investigators: Devashish Gosain in cooperation with Piyush Kumar Sharma (imec-COSIC, KU Leuven) and Claudia Diaz (imec-COSIC, KU Leuven and Nym Technologies SA)

Cryptocurrencies are digital currencies that are neither issued nor backed by a centralized banking or financial authority. Instead, they rely on the decentralized verification of cryptographic transactions using blockchain technology, allowing everyone to join and contribute to securing the transaction ledger. The decentralization and scalability aspects of blockchains have received considerable attention and are by now well understood. On the other hand, understanding the privacy properties of these systems presents additional complexity. Transaction anonymity requires protection both on-chain and in the underlying peerto-peer network used to transport the transaction. Ideally, if a transaction is considered private it should not be possible for third parties to identify its source or destination, neither by analyzing blockchain data, nor by analyzing network traffic data available to peers.

But recent work demonstrated that Cryptocurrency systems can be subject to deanonimization attacks by exploiting the network-level communication on their peer-to-peer network. Adversaries who control a set of colluding node(s) within the peer-to-peer network can observe transactions being exchanged and infer the parties involved. Thus, various network anonymity schemes have been proposed to mitigate this problem, with some solutions providing theoretical anonymity guarantees. In this work [1], we model such peer-to-peer network anonymity solutions and evaluate their anonymity guarantees. To do so, we propose a novel framework that uses Bayesian inference to obtain the probability distributions linking transactions to their possible originators. Notably, our anonymity analysis relies on network-level traffic data related to anonymously routing a transaction. Thus, the analysis is identical if originators use the peer-to-peer routing scheme to anonymously broadcast (or to send to selected recipients) a text message, instead of a blockchain transaction. This makes the proposed Bayesian approach applicable to evaluating anonymous peer-to-peer routing schemes in a generic sense. Presently practical deployments of anonymous peer-to-peer schemes relate to blockchain applications, and we focus on these for our evaluation. We demonstrate the generality of our approach by applying it to schemes, Dandelion, Dandelion++ and Lightning network, that rely on fundamentally different concepts for anonymous peerto-peer routing. Dandelion and Dandelion++ implement hop-by-hop probabilistic routing (that ends in broadcast), whereas in Lightning Network transactions are source-routed (all the way to the intended recipient).

We characterize transaction anonymity with those distributions, using entropy as metric of adversarial uncertainty on the originator’s identity. We study different configurations and demonstrate that none of them offers acceptable anonymity to their users. For instance, our analysis reveals that in the widely deployed Lightning Network, with 1% strategically chosen colluding nodes the adversary can uniquely determine the originator for about 50% of the total transactions in the network. In Dandelion, an adversary that controls 15% of the nodes has on average uncertainty among only 8 possible originators. Moreover, we observe that due to the way Dandelion and Dandelion++ are designed, increasing the network size does not correspond to an increase in the anonymity set of potential originators. Alarmingly, our longitudinal analysis of Lightning Network reveals rather an inverse trend—with the growth of the network the overall anonymity decreases.

To encourage reproducibility, we make the framework and our analysis public.

• [1] P. Kumar Sharma, D. Gosain, and C. Diaz. On the anonymity of peer-to-peer network anonymity schemes used by cryptocurrencies. In Network and Distributed System Security Symposium (NDSS 2023), San Diego, CA, USA, 2023. Internet Society.