Sunday, July 6, 2008

Reputations for ISP protection

Several serious problems this year made me think about security of the Internet as a whole. Those particular problems were caused by misconfigurations in BGP routers of different Internet providers. The real problem is that there are too many players on the Internet that are treated equally even though they are not equal. This causes all sorts of the problems and it is hard to expect that those problems will be solved any time soon.

Internet, at the level of the autonomous systems, is kind of a peer-to-peer network and similar problems in those networks are solved using reputations. So, it's natural to try to apply similar concept to the Internet. And indeed, there are few papers discussing use of reputations on Internet. Still, there are at least two problems with them. The first one is that thay require at least several players to deploy them, even more if they are going to be usefull at all. The second one is that they are usualy restricted in scope, e.g. try to only solve some subset of BGP security problems.

The solution I envision assumes that ISP's differ in quality and that each ISP's quality can be determined by measuring their behivor. Then, based on those measurements all the ISPs are ranked. Finally, this ranking is used to penalize misbehaving ISPs. The penalization is done by using DiffServ to lower the priority of the traffic and when some router's queues start filling up, then packets are droped, but first of the worst ISPs. This can further be expaned, as each decision made can use trustworthiness of the ISP in question. E.g., when calculating BGP paths, trustworthiness of AS path can be determined and this can be taken into account for setting up the routes. Furhtermore, all the IDS and firewalls can have special set of rules and/or lower tresholds for more problemattic traffic. I believe that possibilities are endless. It should be noted that it is envisioned that this system will be deployed by a single ISP in some kind of a trust server, and that this ISP will monitor other ISPs and appropriately modulate traffic entering it's network!

In time, when this system is deployed by more and more ISPs (well, I should better say IF :)), there will be additional benefits. First, communication between trust servers of ISPs could be established in order to exchange recommendations (as is already proposed in one paper). But the biggest benefit could be the incentive that ISPs start to think about security of the Internet, their own security and security of their custerms. If they don't then their traffic and their sevices will have lower priorites on the Internet and thus their sevice will be worse that those of their competitors which will reflect on income!

Of course that it's not so easy at it might seem at first glance. There are number of problems that have to be solved, starting with the first and the most basic one: How practical/useful is this really for network operators? Then, there are problems of how to exactly calculate reputation. And when the reputation is determined, how will routers mark the packets? They should match each packet by the source address in order to determine DS codepoint but the routers are already overloaded and this could prove unfeasible.

I started to write a paper that I planned to submit for HotNets08, but I'm not certain if I'm going to make it before deadline as I have some other, higher priority work to do. The primary reason for sending this paper is to get feedback that is necessary in order to continue developing this idea. But, maybe I get some feedback from this post, who knows? :)

20081229
I missed the deadline because of the omission, but the paper is available on my homepage. It is under work in progress section on the publication page. Maybe I'll try to work a bit on it and send it to some relevant conference next year. Are there any suggestions or opinions about that?

No comments:

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)