1 / 20

Secure Overlay Services

Secure Overlay Services. Original paper by Keromytis , ET AL. Presented By Jared Bott April 8, 2010. Overview. SOS Background Problem 1 Problem Transformation? Problem 2 Problem Transformation with an NP-C Problem NP Proof Transformation. Secure Overlay Services.

ramiro
Download Presentation

Secure Overlay Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Overlay Services Original paper by Keromytis, ET AL. Presented By Jared Bott April 8, 2010

  2. Overview • SOS Background • Problem 1 • Problem • Transformation? • Problem 2 • Problem • Transformation with an NP-C Problem • NP Proof • Transformation

  3. Secure Overlay Services Network architecture designed to provide secure communication between certified users and a server Published in 2002 at SIGCOMM Runs upon CHORD [2]

  4. SOS Nodes • Different kinds of nodes • SOAP • Beacon • Secret Servlet • Restrict access to server to only a few secret IP addresses • Secret Servlets • Beacons know who Secret Servlets are

  5. SOS Nodes • Users verified by an access point • SOAP • Beacons and Secret Servlets externally the same as SOAPs • SOAPs pass message randomly amongst themselves • Eventually message ends up at a Secret Servlet or a Beacon • Forward to Secret Servlet or to target server

  6. Problem 1 • In a given SOS network, can an attacker disable access to the target server by disabling k nodes? • Attacker doesn’t know which nodes are Beacons, Secret Servlets, selects nodes to attack at random • Attacker may not know who users or target are • Answer is dependent upon network structure

  7. Example Users K=2 Can disable S1+S2, B3+SS1, SS1+SS2 S2 S1 B3 B2 B1 SS2 SS1 Target

  8. Restriction of SOS • Don’t care what kind of node is disabled • Arbitrary graphs • Two interpretations of the problem • Min Cut • Minimum K-Connected Subgraph

  9. Min Cut Reinterpret the problem to look at cutting links between nodes A cut is a partition of the vertices into disjoint subsets Given: A Graph G=(V, E), integer K Question: Is there a minimum cut of at most K edges? Can’t use this problem, as it is ∈ P

  10. K-Vertex Connected Graph A k-vertex connected graph cannot be disconnected by removing less than K nodes Ex. Both these graphs are 2-connected K3

  11. Minimum K-Connected Subgraph • Given: A Graph G = (V, E), positive integers K≤|V|, B≤|E| • Question: Is there a subset Eˊ⊆E with |Eˊ|≤B such that Gˊ=(V, Eˊ) is K-connected? • Will Gˊ not be disconnected by removing fewer than K vertices? • NP-Complete for K≥2 • [1]

  12. SOS 1 • Given: A Graph G=(V, E), positive integer K≤|V| • Question: Can G be disconnected by removing at most K vertices? • Is this version of SOS in NP? • Clearly a decision problem • Witness is categorization of vertices, one list for each connected group of vertices, one list of remaining edges • Find list with each endpoint – O(n) • Verification would check at most |E| edges – O(n2) • Polynomial

  13. SOS 1 Turing Transformation • Theorem: SOS 1 is NP-C • Accept an instance of Minimum K-Connected Subgraph • G=(V, E), K, B • Any subset of E can’t do better than E in remaining connected • Create an instance of SOS • H=G=(V, E), Kˊ=K-1 • Solve SOS

  14. SOS Turing Transformation • If SOS returns Yes, then G can be disconnected by removing fewer than K vertices, and G is not K-connected • MKCS returns No • If SOS returns No, then G cannot be disconnected in less than K vertices, and the subgraph that is K-connected is the entire graph • But this doesn’t take into account restrictions on the number of edges in the subgraph!

  15. Scramble To Find A New Problem • SOAPs randomly pass message to other SOAPs • One way to alter this process is to keep a list of nodes that have already received message and not send to any on the list • Can the message reach the target using this restriction and still be passed K times? • Need to specify some starting node • End node is the target server • Generalize the problem: Starting vertex s, Target vertex t

  16. SOS 2 • Given: A Graph G=(V, E), positive integer K, vertices s and t • Question: Is there a non-repeating path between s and t that contains at least K vertices? • Simple path is a path without any repeated vertices • Is this problem in NP? • Decision problem • Witness is the list of edges in the path

  17. Transformation • Hamiltonian Path • Hamiltonian path is one that contains every vertex once and only once • Given: A Graph G=(V, E) • Question: Does G contain a Hamiltonian path? • NP-Complete [1] • Hamiltonian Path Between Two Vertices • Is there a Hamiltonian path between two specified vertices? • Also NP-Complete [1]

  18. Transformation • Theorem: SOS 2 is NP-Complete • Proof by restriction • SOS 2 will give a Hamiltonian path between the two vertices if K=|V| • SOS 2 will only return Yes if there is a path that visits every vertex

  19. Conclusion • Is SOS 1 NP-Complete? • I don’t know • Is SOS 2 NP-Complete? • Yes

  20. References [1] Garey, R. and Johnson, D. “Computers and Intractability: A Guide to the Theory of NP-Completeness”, W. H. Freeman and Company, 1979. [2] Keromytis, A., Misra, V., and Rubenstein, D. “SOS: Secure Overlay Services”, SIGCOMM '02: Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications, 61-72, 2002.

More Related