University of Michigan School of Information
Small changes can make a big difference for network security
Wednesday, 04/17/2019
From sharing cat videos to planning social uprisings, online communication has become vital to how people interact. But just how vulnerable is it to attack, surveillance and censorship?
That’s a big problem, say researchers at University of Michigan School of Information (UMSI). While the internet was designed to be resilient to random failures like a tree falling on a power line, the very structure of the network makes the internet vulnerable to targeted attacks.
In a new paper, UMSI PhD student Edward L. Platt and assistant professor Daniel Romero examine the inherent vulnerability of several of the internet’s subsystems and propose solutions to guard against attacks.
It starts with how our computers connect to the internet.
“The Domain Name System is one example. Each computer manufacturer has preinstalled a list of a small number of computers that it trusts, called certificate authorities,” says Platt. “And then those authorities are trusted to refer you to other servers called domain name servers. We trust them to tell us things like which servers point to Google or Facebook, for instance.”
The whole system is based on sending messages from point to point along this network, and you have to be able to trust that these messages will be handled properly along the way. Platt says problems arise when the network is too centralized and all of the messages pass through a single point in the network.
“We talk about single points of failure,” says Platt. “If every message is going through one point, it’s easy to block those messages at that point, or to spy on them.”
One of the more memorable examples of this happened in 2008 with the video sharing site YouTube. In response to material deemed offensive, the Pakistani government directed the Pakistan Telecommunication Authority to block access to the video sharing site for the country’s internet users.
Instead of censoring the site only in Pakistan, though, Pakistan Telecom targeted a central router, redirecting all global YouTube web traffic to a dummy route in Pakistan, bringing the entire site offline for two hours.
Butterflied networks
Platt and Romero say that redundancy and independent routing can mitigate these issues, removing the opportunity for easy attack at a single point of failure.
Romero explains: “If two nodes in a network are trying to communicate, one thing they can do to detect when their communication might have been compromised is to send many versions of the same message.”
If there are discrepancies in the messages received, that’s a tip-off that there has been interference somewhere along the network.
Sending multiple redundant messages only addresses half the problem, however. If all the messages pass through one central hub, they are still vulnerable to manipulation.
“For redundancies to be useful, we have to find ways for these messages to be independent from each other, so they go through completely different routes,” says Romero. “With this, if one message is blocked or altered, it won’t impact the others. Redundancy plus independent route – both need to be in place to be effective against interference.”
The ultimate expression of this is a network design called the butterfly network, a decentralized network that is nearly impervious to attack due to its structure.
“Of course you can’t just go in and tear up the existing internet networks and start from scratch with this ideal model,” says Platt. “But I like to use the analogy of urban planning. You’re not going to go in and tear down the city and build a new one, but you can widen a street here, or redirect a street there to solve transportation problems.”
Romero and Platt ran simulations on network data to see if adding elements of this ideal model to the existing framework of a network could make it less vulnerable to attack.
“What we showed is you can take real networks and just ‘butterfly’ them a little by rewiring a small fraction of their links to reflect the structure of a butterfly network,” says Romero. “We found that even with very small changes we were able to increase the resilience of that network.”
“Towards attack tolerant networks: concurrent multipath routing and the butterfly network” was published this month in PLOS One. [Read the article.]
This work was partially supported by the NSF under Grant No. IIS-1617820.
- Jessica Webster, UMSI PR Specialist