Towards Emergency Networks Security with Per
Towards Emergency Networks Security with Per-Flow Queue Rate Management Maurizio Casoni, Carlo A. Grazia, Martin Klapez, Natale Patriciello Department of Engineering Enzo Ferrari University of Modena and Reggio Emilia TCenter St.Louis, 27 March 2015 International Workshop on Pervasive Networks for Emergency Management PerNEM’2015 C. A. Grazia (PhD Student) Active Queue Management 27 March 2015 1 / 15 Introduction Buffer management Results Conclusions The PPDR-TC project: Public Protection and Disaster Relief - Transformation Center PPDR-TC goals Effective Public Protection & Disaster Relief (PPDR) communications Preparation of the next generation of PPDR systems The Consortium: C. A. Grazia (PhD Student) Active Queue Management 27 March 2015 2 / 15 Introduction Buffer management Results Conclusions Talk overview 1 Introduction Problem Real Example State-of-the-art 2 Buffer management Description 3 Results 4 Conclusions C. A. Grazia (PhD Student) Active Queue Management 27 March 2015 3 / 15 Introduction Buffer management Results Conclusions Problem what to support PPDR communications QoS guarantees attack prevention why resources are precious after a disaster satellite tech are often the only one solution (TCP problems) malicious users make things more challenging where cooperative network layer: buffer management C. A. Grazia (PhD Student) Active Queue Management 27 March 2015 4 / 15 Introduction Buffer management Results Conclusions Problem: simple PPDR scenario C. A. Grazia (PhD Student) Active Queue Management 27 March 2015 5 / 15 Introduction Buffer management Results Conclusions Effect of an attack over cooperative environment 14 Throughput (Mb/s) 12 10 8 6 4 2 0 0 10 20 30 40 Time (s) Attacker Flow 1 C. A. Grazia (PhD Student) 50 60 0 10 Flow 2 Flow 3 Active Queue Management 20 30 40 Time (s) 50 60 Flow 4 27 March 2015 6 / 15 Introduction Buffer management Results Conclusions State of the Art typical solution Network layer techniques: AQM or Packet Scheduler Scheduling is useless with same traffic type In satellite environment, TCP congestion is the critical point weaknesses difficult to bound the bandwidth packets in the queue −→ IP level bandwidth (congestion control) −→ TCP level how to move from packets burst to bandwidth? flooding attack cannot be managed by packet schedulers C. A. Grazia (PhD Student) Active Queue Management 27 March 2015 7 / 15 Introduction Buffer management Results Conclusions AQM classical schema C. A. Grazia (PhD Student) Active Queue Management 27 March 2015 8 / 15 Introduction Buffer management Results Conclusions AQM classical schema C. A. Grazia (PhD Student) Active Queue Management 27 March 2015 8 / 15 Introduction Buffer management Results Conclusions Proposed solution: Queue Rate Management (QRM) simple AQM placed at networking layer born for cooperative networks (node-rate given) RCP-AC, XPLIT, ECN, CCML (Satellite, Data Centers, etc) malicious node could exceed it QRM node-rate hypothesis not strong it traces packets to get the flow RTT and calculate the actual flow rate C. A. Grazia (PhD Student) Active Queue Management 27 March 2015 9 / 15 Introduction Buffer management Results Conclusions QRM benefits 1 gives control about length and bandwidth in a single queue manager 2 deterministic drop policy 3 consume O(n) memory like standard AQM 4 5 time complexity of O(n), simulations show a Θ(1) behavior (we already have an O(1) version) max queue length is bounded at BDP value (Theorem) C. A. Grazia (PhD Student) Active Queue Management 27 March 2015 10 / 15 Introduction Buffer management Results Conclusions PPDR case study LTE BandWidth: 20Mbit/s Satellite bandwidth 20Mbit/s Satellite delay 350ms Queue BDP size of 1.8MB [2, 32] FRs involved: [1, 16] Malicious users C. A. Grazia (PhD Student) Active Queue Management 27 March 2015 11 / 15 Introduction Buffer management Results Conclusions CoDel vs QRM: Rate and fairness 12 12 10 10 Throughput (Mb/s) Throughput (Mb/s) 5 ns-3 client nodes, 1 node is an attacker 8 6 4 2 8 6 4 2 0 0 0 10 Attacker Flow 1 20 30 Time (s) Flow 2 Flow 3 C. A. Grazia (PhD Student) 40 50 60 0 Flow 4 Active Queue Management 10 Attacker Flow 1 20 30 Time (s) Flow 2 Flow 3 40 50 60 Flow 4 27 March 2015 12 / 15 Introduction Buffer management Results Conclusions 1500 1500 1000 1000 500 500 0 0 10 20 30 Time (s) 40 50 0 60 2000 2000 1500 1500 1000 1000 500 500 0 0 Good Flow RTT Max Queue Occupancy C. A. Grazia (PhD Student) 10 20 30 Time (s) 40 50 Queue Occupancy (KB) 2000 RTT (ms) 2000 Queue Occupancy (KB) RTT (ms) No buffer management vs QRM: RTT and queue length 0 60 Good Flow RTT Max Queue Occupancy Active Queue Management 27 March 2015 13 / 15 Introduction Buffer management Results Conclusions QRM Scalability: queue length Gateway Queue Occupancy (KB) 2000 1800 1600 1400 1200 1000 800 600 400 200 0 2 4 DropTail CoDel C. A. Grazia (PhD Student) 8 # Nodes 16 32 Red QRM Active Queue Management 27 March 2015 14 / 15 Introduction Buffer management Results Conclusions Conclusions Buffer Manager: QRM a novel timestamps based AQM for infer and bound the flow rate efficiently insulate malicious traffic (flooding attack) effective use of the typical BDP standard buffer-size optimal run-time time and space complexity preserves all the cooperative feature (QoS, Latency, etc) C. A. Grazia (PhD Student) Active Queue Management 27 March 2015 15 / 15 thank you for your attention [email protected] extra slides QRM Defense Scalability: queue length with attackers growth over 32 total nodes Gateway Queue Occupancy (KB) 2000 1800 1600 1400 1200 1000 800 600 400 200 0 1 2 DropTail CoDel 4 # Attackers Red QRM 8 16 Normalized Final Goodput Good Node QRM Worst-case Tx Data: good nodes 1 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 2 4 DropTail CoDel 8 # Nodes 16 Red QRM 32 Normalized Final Goodput Good Node QRM Worst-case Tx Data: good nodes with attackers growth over 32 total nodes 1 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 1 2 DropTail CoDel 4 # Attackers Red QRM 8 16
© Copyright 2024