SlideShare una empresa de Scribd logo

Overlay networks

Descargar como PPTX, PDF
Mayank Chaudhari
Mayank Chaudhari

Overlay networks and their use in Anonymous Communication Networks.

Internet
1 de 33
Overlay networks MAYANK CHAUDHARI
Content  Introduction  Deficiencies of Internet  Types of overlay  ACN  I2P  Introduction  Working  Routing  netDb  TCP layer. 2
Introduction  Network  defines addressing, routing, and service model for communication between hosts  Overlay network  A network built on top of one or more existing networks  adds an additional layer of indirection/virtualization  changes properties in one or more areas of underlying network  Alternative  change an existing network layer 3
Definition  An overlay network is a virtual network of nodes and logical links that is built on top of an existing network with the purpose to implement a network service that is not available in the existing network. 4
Internet as an Overlay  The Internet is an overlay network  goal: connect local area networks  built on local area networks (e.g., Ethernet), phone lines  add an Internet Protocol header to all packets  5
Uses  Routing  Addressing  Security  Multicast  Mobility 6
Deficiencies of the Internet  The major shortcomings of Internet that make it unsuitable for directly supporting the stringent requirements of Internet-based services without a overlay.  Outages :  Partial network outages are common on the Internet caused by misconfigured core routers, DDoS attacks, cable cuts, power disruptions, natural calamities, and de-peering due to a business conflict. 7
Deficiencies of the Internet  Congestion :  When the capacity of routers and links on the Internet are insufficient to meet the traffic demand, congestion occurs resulting in packet loss.  Lack of scalability :  Online services require provisioning server and network resources to meet the demand of users at all times, even during un-expected periods of peak demand and flash crowds.  Without the existence of overlays, an enterprise may deploy their online services in a centralized fashion within a single data center and expect to serve their users from that centralized origin infrastructure. 8
Deficiencies of the Internet  Slow adaptability :  Online services and their requirements evolve rapidly. However, the fundamental architecture and protocols of the Internet are slow to change or accommodate new primitives.  Lack of security :  Modern online services require protection from catastrophic events such as distributed denial of service (DDoS) attacks. 9
Types of Overlay  caching overlay :  The ubiquitous caching overlay that aims to deliver web sites, on-demand videos, music downloads, software downloads, and other forms of online content. Such overlays are applicable for content that does not change over extended periods of time and is hence cacheable. The key benefits that a caching overlay provides are greater availability, performance, origin offload, and scalability 10
Types of Overlay  routing overlay :  The routing overlay that provides wide-area communication with more reliability, lesser latency, and greater throughput than the public Internet can. Such overlays could be used to deliver dynamic web content or live stream content that normally cannot be cache.  security overlay:  The security overlay that increases the security and mitigates distributed denial of service (DDoS) attacks on web sites and other online services.  11
Anonymous Communication Networks  Motivation  Censorship at the local, organizational, or national level  Personal privacy preferences such as preventing tracking or data mining activities  The material or its distribution is considered illegal or incriminating by possible eavesdroppers.  Material is legal but socially deplored, embarrassing or problematic in the individual's social world.  Fear of retribution (against whistleblowers, unofficial leaks, and activists who do not believe in restrictions on information nor knowledge) 12
I2P Introduction  I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other.  The network itself is strictly message based (IP), but there is a library available to allow reliable streaming communication on top of it.  All communication is end to end encrypted (in total there are four layers of encryption used when sending a message), and even the end points ("destinations") are cryptographic identifiers (essentially a pair of public keys). 13
How does it work?  I2P makes a strict separation between the software participating in the network (a "router") and the anonymous endpoints ("destinations") associated with individual applications.  What is hidden is information on what the user is doing, if anything at all, as well as what router a particular destination is connected to.  End users will typically have several local destinations on their router - for instance, one proxying in to IRC servers, another supporting the user's anonymous webserver ("eepsite"), another for an I2Phex instance, another for torrents, ete. 14
How does it work?  Another critical concept to understand is the "tunnel". A tunnel is a directed path through an explicitly selected list of routers.  Layered encryption is used, so each of the routers can only decrypt a single layer.  The decrypted information contains the IP of the next router, along with the encrypted information to be forwarded.  Messages can be sent only in one way. To send messages back, another tunnel is required. 15
How does it work? 16
How does it work?  Types of tunnels : 1. Inbound : bring messages to the tunnel creator. 2. Outbound :send messages away from the tunnel creator  The gateway of an inbound tunnel can receive messages from any other user and will send them on until the endpoint ("Bob").  The endpoint of the outbound tunnel will need to send the message on to the gateway of the inbound tunnel.  To do this, the sender ("Alice") adds instructions to her encrypted message. 17
How does it work?  Several tunnels for a particular purpose may be grouped into a "tunnel pool“.  The pools used by the router itself are called "exploratory tunnels“.  The pools used by applications are called "client tunnels".  Tunnel lengths are specified by clients via I2CP options.  The maximum number of hops in a tunnel is 7.  To reduce the susceptibility to some attacks, 3 or more hops are recommended for the highest level of protection. 18
Garlic Routing  Derived from Onion Routing.  Generally, when referring to I2P, the term "garlic" may mean one of three things: 1. Layered Encryption 2. Bundling multiple messages together 3. ElGamal/AES Encryption 19
Garlic Routing  Layered Encryption  Onion routing is a technique for building paths, or tunnels, through a series of peers, and then using that tunnel. Messages are repeatedly encrypted by the originator, and then decrypted by each hop.  Bundling Multiple Messages  in onion multiple messages are bundled together. He called each message a "bulb“.  Our term for garlic "bulbs" is "cloves“.  Any number of messages can be contained, instead of just a single message. 20
Tunnel Building and Routing  Now that we've defined various "garlic" terms, we can say that I2P uses garlic routing, bundling and encryption in three places: 1. For building and routing through tunnels (layered encryption) 2. For determining the success or failure of end to end message delivery (bundling) 3. For publishing some network database entries (dampening the probability of a successful traffic analysis attack) (ElGamal/AES). 21
Garlic Routing  In I2P, tunnels are unidirectional. Each party builds two tunnels, one for outbound and one for inbound traffic. Therefore, four tunnels are required for a single round-trip message and reply.  Tunnels are built, and then used, with layered encryption.  Tunnels are a general-purpose mechanism to transport all I2NP messages, and Garlic Messages are not used to build tunnels.  We do not bundle multiple I2NP messages into a single Garlic Message for unwrapping at the outbound tunnel endpoint. 22
End-to-End Message Bundling  At the layer above tunnels, I2P delivers end-to-end messages between Destinations.  Each client message as delivered to the router through the I2CP interface becomes a single Garlic Clove with its own Delivery Instructions, inside a Garlic Message.  Delivery Instructions may specify a Destination, Router, or Tunnel.  Generally, a Garlic Message will contain only one clove. However, the router will periodically bundle two additional cloves in the Garlic Message. 23
End-to-End Message Bundling 24
End-to-End Message Bundling  A Delivery Status Message, with Delivery Instructions specifying that it be sent back to the originating router as an acknowledgment.  A Database Store Message, containing a LeaseSet for the originating Destination, with Delivery Instructions specifying the far-end destination's router. By periodically bundling a LeaseSet, the router ensures that the far- end will be able to maintain communications. Otherwise the far-end would have to query a floodfill router for the network database entry, and all LeaseSets would have to be published to the network database 25
Network Database  I2P's netDb works to share the network's metadata.  A percentage of I2P users are appointed as 'floodfill peers'. Currently, I2P installations that have a lot of bandwidth and are fast enough, will appoint themselves as floodfill as soon as the number of existing floodfill routers drops too low.  If a floodfill router receives a 'store' query, it will spread the information to other floodfill routers using the Kademlia algorithm. 26
Network Database  Two types of information are stored in the network database.  A Router Info stores information on a specific I2P router and how to contact it  A LeaseSet stores information on a specific destination (e.g. I2P website, e- mail server...).  In addition, the data contains timing information, to avoid storage of old entries and possible attacks. 27
Transport protocols  Then, to accommodate the need for high degree communication), I2P moved from a TCP based transport to a UDP-based one - "Secure Semi reliable UDP", or "SSU".  The goal of this protocol is to provide secure, authenticated, semi reliable and unordered message delivery, exposing only a minimal amount of data easily discernible to third parties. It should support high degree communication as well as TCP-friendly congestion control and may include PMTU detection. It should be capable of efficiently moving bulk data at rates sufficient for home users. In addition, it should support techniques for addressing network obstacles, like most NATs or firewalls. 28
Benefits of I2P over Tor  Designed and optimized for hidden services, which are much faster than in Tor  Fully distributed and self organizing  Peers are selected by continuously profiling and ranking performance, rather than trusting claimed capacity  Floodfill peers ("directory servers") are varying and untrusted, rather than hardcoded  Small enough that it hasn't been blocked or DOSed much, or at all  Peer-to-peer friendly. 29
Benefits of I2P over Tor  Packet switched instead of circuit switched  implicit transparent load balancing of messages across multiple peers, rather than a single path  resilience vs. failures by running multiple tunnels in parallel, plus rotating tunnels  scale each client's connections at O(1) instead of O(N) (Alice has e.g. 2 inbound tunnels that are used by all of the peers Alice is talking with, rather than a circuit for each)  Unidirectional tunnels instead of bidirectional circuits, doubling the number of nodes a peer has to compromise to get the same information. 30
Benefits of I2P over Tor  Protection against detecting client activity, even when an attacker is participating in the tunnel, as tunnels are used for more than simply passing end to end messages (e.g. netDb, tunnel management, tunnel testing)  Tunnels in I2P are short lived, decreasing the number of samples that an attacker can use to mount an active attack with, unlike circuits in Tor, which are typically long lived.  I2P APIs are designed specifically for anonymity and security, while SOCKS is designed for functionality. 31
Benefits of I2P over Tor  Essentially all peers participate in routing for others  The bandwidth overhead of being a full peer is low, while in Tor, while client nodes don't require much bandwidth, they don't fully participate in the mixnet.  Integrated automatic update mechanism  Both TCP and UDP transports  Java, not C (ewww). 32
THANK YOU 33

Recomendados

Overlay network
Overlay networkOverlay network
Overlay networkiQra Rafaqat
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocolasimnawaz54
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRPKishore Kumar
 
Link state routing protocol
Link state routing protocolLink state routing protocol
Link state routing protocolAung Thu Rha Hein
 
Quality of Service
Quality of ServiceQuality of Service
Quality of ServiceAbhishek Wadhwa
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
IP Multicasting
IP MulticastingIP Multicasting
IP MulticastingTharindu Kumara
 
Network layer tanenbaum
Network layer tanenbaumNetwork layer tanenbaum
Network layer tanenbaumMahesh Kumar Chelimilla
 

Recomendados

Overlay network
Overlay networkOverlay network
Overlay networkiQra Rafaqat
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocolasimnawaz54
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRPKishore Kumar
 
Link state routing protocol
Link state routing protocolLink state routing protocol
Link state routing protocolAung Thu Rha Hein
 
Quality of Service
Quality of ServiceQuality of Service
Quality of ServiceAbhishek Wadhwa
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
IP Multicasting
IP MulticastingIP Multicasting
IP MulticastingTharindu Kumara
 
Network layer tanenbaum
Network layer tanenbaumNetwork layer tanenbaum
Network layer tanenbaumMahesh Kumar Chelimilla
 
Transport layer
Transport layer Transport layer
Transport layer Mukesh Chinta
 
Dhcp ppt
Dhcp pptDhcp ppt
Dhcp pptHema Dhariwal
 
Overlay networks ppt
Overlay networks pptOverlay networks ppt
Overlay networks pptAkshay Hegde
 
Routing algorithm
Routing algorithmRouting algorithm
Routing algorithmBushra M
 
TCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureTCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureManoj Kumar
 
Nfs
NfsNfs
NfsShingalaKrupa
 
VLAN
VLANVLAN
VLANVarsha Honde
 
Chapter05
Chapter05Chapter05
Chapter05Muhammad Ahad
 
SDN Fundamentals - short presentation
SDN Fundamentals - short presentationSDN Fundamentals - short presentation
SDN Fundamentals - short presentationAzhar Khuwaja
 
ISSUES IN AD HOC WIRELESS NETWORKS
ISSUES IN AD HOC WIRELESS NETWORKS ISSUES IN AD HOC WIRELESS NETWORKS
ISSUES IN AD HOC WIRELESS NETWORKS Dushhyant Kumar
 
TOR NETWORK
TOR NETWORKTOR NETWORK
TOR NETWORKRishikese MR
 
Destination Sequenced Distance Vector Routing (DSDV)
Destination Sequenced Distance Vector Routing (DSDV)Destination Sequenced Distance Vector Routing (DSDV)
Destination Sequenced Distance Vector Routing (DSDV)ArunChokkalingam
 
Wireless Sensor Network Routing Protocols
Wireless Sensor Network Routing ProtocolsWireless Sensor Network Routing Protocols
Wireless Sensor Network Routing ProtocolsVirendra Thakur
 
Types of firewall
Types of firewallTypes of firewall
Types of firewallPina Parmar
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
System models in distributed system
System models in distributed systemSystem models in distributed system
System models in distributed systemishapadhy
 
Difference between Routing & Routed Protocol
Difference between Routing & Routed ProtocolDifference between Routing & Routed Protocol
Difference between Routing & Routed ProtocolNetwax Lab
 
Mobile transportlayer
Mobile transportlayerMobile transportlayer
Mobile transportlayerRahul Hada
 
Wireless security
Wireless securityWireless security
Wireless securitySalma Elhag
 
WEP
WEPWEP
WEPSudeep Kulkarni
 
SKYPE AS OVERLAY NETWORK
SKYPE AS OVERLAY NETWORKSKYPE AS OVERLAY NETWORK
SKYPE AS OVERLAY NETWORKPrathamesh Sonawane
 
Network virtualization
Network virtualizationNetwork virtualization
Network virtualizationDamian Parniewicz
 

Más contenido relacionado

La actualidad más candente

Overlay networks ppt
Overlay networks pptOverlay networks ppt
Overlay networks pptAkshay Hegde
 
Routing algorithm
Routing algorithmRouting algorithm
Routing algorithmBushra M
 
TCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureTCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureManoj Kumar
 
SDN Fundamentals - short presentation
SDN Fundamentals - short presentationSDN Fundamentals - short presentation
SDN Fundamentals - short presentationAzhar Khuwaja
 
ISSUES IN AD HOC WIRELESS NETWORKS
ISSUES IN AD HOC WIRELESS NETWORKS ISSUES IN AD HOC WIRELESS NETWORKS
ISSUES IN AD HOC WIRELESS NETWORKS Dushhyant Kumar
 
Destination Sequenced Distance Vector Routing (DSDV)
Destination Sequenced Distance Vector Routing (DSDV)Destination Sequenced Distance Vector Routing (DSDV)
Destination Sequenced Distance Vector Routing (DSDV)ArunChokkalingam
 
Wireless Sensor Network Routing Protocols
Wireless Sensor Network Routing ProtocolsWireless Sensor Network Routing Protocols
Wireless Sensor Network Routing ProtocolsVirendra Thakur
 
Types of firewall
Types of firewallTypes of firewall
Types of firewallPina Parmar
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
System models in distributed system
System models in distributed systemSystem models in distributed system
System models in distributed systemishapadhy
 
Difference between Routing & Routed Protocol
Difference between Routing & Routed ProtocolDifference between Routing & Routed Protocol
Difference between Routing & Routed ProtocolNetwax Lab
 
Mobile transportlayer
Mobile transportlayerMobile transportlayer
Mobile transportlayerRahul Hada
 
Wireless security
Wireless securityWireless security
Wireless securitySalma Elhag
 

La actualidad más candente (20)

Transport layer
Transport layer Transport layer
Transport layer
 
Dhcp ppt
Dhcp pptDhcp ppt
Dhcp ppt
 
Overlay networks ppt
Overlay networks pptOverlay networks ppt
Overlay networks ppt
 
Routing algorithm
Routing algorithmRouting algorithm
Routing algorithm
 
TCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureTCP/IP Protocol Architeture
TCP/IP Protocol Architeture
 
Nfs
NfsNfs
Nfs
 
VLAN
VLANVLAN
VLAN
 
Chapter05
Chapter05Chapter05
Chapter05
 
SDN Fundamentals - short presentation
SDN Fundamentals - short presentationSDN Fundamentals - short presentation
SDN Fundamentals - short presentation
 
ISSUES IN AD HOC WIRELESS NETWORKS
ISSUES IN AD HOC WIRELESS NETWORKS ISSUES IN AD HOC WIRELESS NETWORKS
ISSUES IN AD HOC WIRELESS NETWORKS
 
TOR NETWORK
TOR NETWORKTOR NETWORK
TOR NETWORK
 
Destination Sequenced Distance Vector Routing (DSDV)
Destination Sequenced Distance Vector Routing (DSDV)Destination Sequenced Distance Vector Routing (DSDV)
Destination Sequenced Distance Vector Routing (DSDV)
 
Wireless Sensor Network Routing Protocols
Wireless Sensor Network Routing ProtocolsWireless Sensor Network Routing Protocols
Wireless Sensor Network Routing Protocols
 
Types of firewall
Types of firewallTypes of firewall
Types of firewall
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
 
System models in distributed system
System models in distributed systemSystem models in distributed system
System models in distributed system
 
Difference between Routing & Routed Protocol
Difference between Routing & Routed ProtocolDifference between Routing & Routed Protocol
Difference between Routing & Routed Protocol
 
Mobile transportlayer
Mobile transportlayerMobile transportlayer
Mobile transportlayer
 
Wireless security
Wireless securityWireless security
Wireless security
 
WEP
WEPWEP
WEP
 

Destacado

Introduction of Software Engineering
Introduction of Software EngineeringIntroduction of Software Engineering
Introduction of Software EngineeringZafar Ayub
 
Customer App Flow
Customer App FlowCustomer App Flow
Customer App FlowZafar Ayub
 
Network protocol structure scope
Network protocol structure scopeNetwork protocol structure scope
Network protocol structure scopeSanat Maharjan
 
SmartGrid System Report
SmartGrid System ReportSmartGrid System Report
SmartGrid System ReportGruene-it.org
 
DockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep DiveDockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep DiveDocker, Inc.
 
Organizational Structure
Organizational StructureOrganizational Structure
Organizational Structureahmad bassiouny
 
Data communication and network Chapter -1
Data communication and network Chapter -1Data communication and network Chapter -1
Data communication and network Chapter -1Zafar Ayub
 

Destacado (11)

SKYPE AS OVERLAY NETWORK
SKYPE AS OVERLAY NETWORKSKYPE AS OVERLAY NETWORK
SKYPE AS OVERLAY NETWORK
 
Network virtualization
Network virtualizationNetwork virtualization
Network virtualization
 
Final Presentation
Final PresentationFinal Presentation
Final Presentation
 
Introduction of Software Engineering
Introduction of Software EngineeringIntroduction of Software Engineering
Introduction of Software Engineering
 
Customer App Flow
Customer App FlowCustomer App Flow
Customer App Flow
 
Network protocol structure scope
Network protocol structure scopeNetwork protocol structure scope
Network protocol structure scope
 
Use case
Use caseUse case
Use case
 
SmartGrid System Report
SmartGrid System ReportSmartGrid System Report
SmartGrid System Report
 
DockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep DiveDockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep Dive
 
Organizational Structure
Organizational StructureOrganizational Structure
Organizational Structure
 
Data communication and network Chapter -1
Data communication and network Chapter -1Data communication and network Chapter -1
Data communication and network Chapter -1
 

Similar a Overlay networks

CCNA question and answer
CCNA question and answer CCNA question and answer
CCNA question and answer AnamikaSinha57
 
Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.RAVI RAJ
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptxkarthikvcyber
 
Some important networking questions
Some important networking questionsSome important networking questions
Some important networking questionsSrikanth
 
Networking Related
Networking RelatedNetworking Related
Networking RelatedZunAib Ali
 
Networking questions
Networking questionsNetworking questions
Networking questionsrajujast
 
A Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of ThingsA Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of ThingsIJERD Editor
 
Anonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsAnonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsBiagio Botticelli
 
Adhoc mobile wireless network enhancement based on cisco devices
Adhoc mobile wireless network enhancement based on cisco devicesAdhoc mobile wireless network enhancement based on cisco devices
Adhoc mobile wireless network enhancement based on cisco devicesIJCNCJournal
 
Network-20210426203825.ppt
Network-20210426203825.pptNetwork-20210426203825.ppt
Network-20210426203825.pptSri Latha
 

Similar a Overlay networks (20)

CCNA question and answer
CCNA question and answer CCNA question and answer
CCNA question and answer
 
Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
 
It6601 mobile computing unit2
It6601 mobile computing unit2It6601 mobile computing unit2
It6601 mobile computing unit2
 
Some important networking questions
Some important networking questionsSome important networking questions
Some important networking questions
 
F0322038042
F0322038042F0322038042
F0322038042
 
Networking Related
Networking RelatedNetworking Related
Networking Related
 
Networking questions
Networking questionsNetworking questions
Networking questions
 
NT BY AKATSUKI.pdf E
NT BY AKATSUKI.pdf ENT BY AKATSUKI.pdf E
NT BY AKATSUKI.pdf E
 
Onion Routing.ppt
Onion Routing.pptOnion Routing.ppt
Onion Routing.ppt
 
Network Concepts
Network ConceptsNetwork Concepts
Network Concepts
 
Mcse question
Mcse questionMcse question
Mcse question
 
A Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of ThingsA Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of Things
 
Networks faq
Networks faqNetworks faq
Networks faq
 
Anonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsAnonymity in the web based on routing protocols
Anonymity in the web based on routing protocols
 
Iap final
Iap finalIap final
Iap final
 
Final isp
Final ispFinal isp
Final isp
 
Adhoc mobile wireless network enhancement based on cisco devices
Adhoc mobile wireless network enhancement based on cisco devicesAdhoc mobile wireless network enhancement based on cisco devices
Adhoc mobile wireless network enhancement based on cisco devices
 
Internet
InternetInternet
Internet
 
Network-20210426203825.ppt
Network-20210426203825.pptNetwork-20210426203825.ppt
Network-20210426203825.ppt
 

Último

Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Último (20)

Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 

Overlay networks

  • 2. Content  Introduction  Deficiencies of Internet  Types of overlay  ACN  I2P  Introduction  Working  Routing  netDb  TCP layer. 2
  • 3. Introduction  Network  defines addressing, routing, and service model for communication between hosts  Overlay network  A network built on top of one or more existing networks  adds an additional layer of indirection/virtualization  changes properties in one or more areas of underlying network  Alternative  change an existing network layer 3
  • 4. Definition  An overlay network is a virtual network of nodes and logical links that is built on top of an existing network with the purpose to implement a network service that is not available in the existing network. 4
  • 5. Internet as an Overlay  The Internet is an overlay network  goal: connect local area networks  built on local area networks (e.g., Ethernet), phone lines  add an Internet Protocol header to all packets  5
  • 6. Uses  Routing  Addressing  Security  Multicast  Mobility 6
  • 7. Deficiencies of the Internet  The major shortcomings of Internet that make it unsuitable for directly supporting the stringent requirements of Internet-based services without a overlay.  Outages :  Partial network outages are common on the Internet caused by misconfigured core routers, DDoS attacks, cable cuts, power disruptions, natural calamities, and de-peering due to a business conflict. 7
  • 8. Deficiencies of the Internet  Congestion :  When the capacity of routers and links on the Internet are insufficient to meet the traffic demand, congestion occurs resulting in packet loss.  Lack of scalability :  Online services require provisioning server and network resources to meet the demand of users at all times, even during un-expected periods of peak demand and flash crowds.  Without the existence of overlays, an enterprise may deploy their online services in a centralized fashion within a single data center and expect to serve their users from that centralized origin infrastructure. 8
  • 9. Deficiencies of the Internet  Slow adaptability :  Online services and their requirements evolve rapidly. However, the fundamental architecture and protocols of the Internet are slow to change or accommodate new primitives.  Lack of security :  Modern online services require protection from catastrophic events such as distributed denial of service (DDoS) attacks. 9
  • 10. Types of Overlay  caching overlay :  The ubiquitous caching overlay that aims to deliver web sites, on-demand videos, music downloads, software downloads, and other forms of online content. Such overlays are applicable for content that does not change over extended periods of time and is hence cacheable. The key benefits that a caching overlay provides are greater availability, performance, origin offload, and scalability 10
  • 11. Types of Overlay  routing overlay :  The routing overlay that provides wide-area communication with more reliability, lesser latency, and greater throughput than the public Internet can. Such overlays could be used to deliver dynamic web content or live stream content that normally cannot be cache.  security overlay:  The security overlay that increases the security and mitigates distributed denial of service (DDoS) attacks on web sites and other online services.  11
  • 12. Anonymous Communication Networks  Motivation  Censorship at the local, organizational, or national level  Personal privacy preferences such as preventing tracking or data mining activities  The material or its distribution is considered illegal or incriminating by possible eavesdroppers.  Material is legal but socially deplored, embarrassing or problematic in the individual's social world.  Fear of retribution (against whistleblowers, unofficial leaks, and activists who do not believe in restrictions on information nor knowledge) 12
  • 13. I2P Introduction  I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other.  The network itself is strictly message based (IP), but there is a library available to allow reliable streaming communication on top of it.  All communication is end to end encrypted (in total there are four layers of encryption used when sending a message), and even the end points ("destinations") are cryptographic identifiers (essentially a pair of public keys). 13
  • 14. How does it work?  I2P makes a strict separation between the software participating in the network (a "router") and the anonymous endpoints ("destinations") associated with individual applications.  What is hidden is information on what the user is doing, if anything at all, as well as what router a particular destination is connected to.  End users will typically have several local destinations on their router - for instance, one proxying in to IRC servers, another supporting the user's anonymous webserver ("eepsite"), another for an I2Phex instance, another for torrents, ete. 14
  • 15. How does it work?  Another critical concept to understand is the "tunnel". A tunnel is a directed path through an explicitly selected list of routers.  Layered encryption is used, so each of the routers can only decrypt a single layer.  The decrypted information contains the IP of the next router, along with the encrypted information to be forwarded.  Messages can be sent only in one way. To send messages back, another tunnel is required. 15
  • 16. How does it work? 16
  • 17. How does it work?  Types of tunnels : 1. Inbound : bring messages to the tunnel creator. 2. Outbound :send messages away from the tunnel creator  The gateway of an inbound tunnel can receive messages from any other user and will send them on until the endpoint ("Bob").  The endpoint of the outbound tunnel will need to send the message on to the gateway of the inbound tunnel.  To do this, the sender ("Alice") adds instructions to her encrypted message. 17
  • 18. How does it work?  Several tunnels for a particular purpose may be grouped into a "tunnel pool“.  The pools used by the router itself are called "exploratory tunnels“.  The pools used by applications are called "client tunnels".  Tunnel lengths are specified by clients via I2CP options.  The maximum number of hops in a tunnel is 7.  To reduce the susceptibility to some attacks, 3 or more hops are recommended for the highest level of protection. 18
  • 19. Garlic Routing  Derived from Onion Routing.  Generally, when referring to I2P, the term "garlic" may mean one of three things: 1. Layered Encryption 2. Bundling multiple messages together 3. ElGamal/AES Encryption 19
  • 20. Garlic Routing  Layered Encryption  Onion routing is a technique for building paths, or tunnels, through a series of peers, and then using that tunnel. Messages are repeatedly encrypted by the originator, and then decrypted by each hop.  Bundling Multiple Messages  in onion multiple messages are bundled together. He called each message a "bulb“.  Our term for garlic "bulbs" is "cloves“.  Any number of messages can be contained, instead of just a single message. 20
  • 21. Tunnel Building and Routing  Now that we've defined various "garlic" terms, we can say that I2P uses garlic routing, bundling and encryption in three places: 1. For building and routing through tunnels (layered encryption) 2. For determining the success or failure of end to end message delivery (bundling) 3. For publishing some network database entries (dampening the probability of a successful traffic analysis attack) (ElGamal/AES). 21
  • 22. Garlic Routing  In I2P, tunnels are unidirectional. Each party builds two tunnels, one for outbound and one for inbound traffic. Therefore, four tunnels are required for a single round-trip message and reply.  Tunnels are built, and then used, with layered encryption.  Tunnels are a general-purpose mechanism to transport all I2NP messages, and Garlic Messages are not used to build tunnels.  We do not bundle multiple I2NP messages into a single Garlic Message for unwrapping at the outbound tunnel endpoint. 22
  • 23. End-to-End Message Bundling  At the layer above tunnels, I2P delivers end-to-end messages between Destinations.  Each client message as delivered to the router through the I2CP interface becomes a single Garlic Clove with its own Delivery Instructions, inside a Garlic Message.  Delivery Instructions may specify a Destination, Router, or Tunnel.  Generally, a Garlic Message will contain only one clove. However, the router will periodically bundle two additional cloves in the Garlic Message. 23
  • 25. End-to-End Message Bundling  A Delivery Status Message, with Delivery Instructions specifying that it be sent back to the originating router as an acknowledgment.  A Database Store Message, containing a LeaseSet for the originating Destination, with Delivery Instructions specifying the far-end destination's router. By periodically bundling a LeaseSet, the router ensures that the far- end will be able to maintain communications. Otherwise the far-end would have to query a floodfill router for the network database entry, and all LeaseSets would have to be published to the network database 25
  • 26. Network Database  I2P's netDb works to share the network's metadata.  A percentage of I2P users are appointed as 'floodfill peers'. Currently, I2P installations that have a lot of bandwidth and are fast enough, will appoint themselves as floodfill as soon as the number of existing floodfill routers drops too low.  If a floodfill router receives a 'store' query, it will spread the information to other floodfill routers using the Kademlia algorithm. 26
  • 27. Network Database  Two types of information are stored in the network database.  A Router Info stores information on a specific I2P router and how to contact it  A LeaseSet stores information on a specific destination (e.g. I2P website, e- mail server...).  In addition, the data contains timing information, to avoid storage of old entries and possible attacks. 27
  • 28. Transport protocols  Then, to accommodate the need for high degree communication), I2P moved from a TCP based transport to a UDP-based one - "Secure Semi reliable UDP", or "SSU".  The goal of this protocol is to provide secure, authenticated, semi reliable and unordered message delivery, exposing only a minimal amount of data easily discernible to third parties. It should support high degree communication as well as TCP-friendly congestion control and may include PMTU detection. It should be capable of efficiently moving bulk data at rates sufficient for home users. In addition, it should support techniques for addressing network obstacles, like most NATs or firewalls. 28
  • 29. Benefits of I2P over Tor  Designed and optimized for hidden services, which are much faster than in Tor  Fully distributed and self organizing  Peers are selected by continuously profiling and ranking performance, rather than trusting claimed capacity  Floodfill peers ("directory servers") are varying and untrusted, rather than hardcoded  Small enough that it hasn't been blocked or DOSed much, or at all  Peer-to-peer friendly. 29
  • 30. Benefits of I2P over Tor  Packet switched instead of circuit switched  implicit transparent load balancing of messages across multiple peers, rather than a single path  resilience vs. failures by running multiple tunnels in parallel, plus rotating tunnels  scale each client's connections at O(1) instead of O(N) (Alice has e.g. 2 inbound tunnels that are used by all of the peers Alice is talking with, rather than a circuit for each)  Unidirectional tunnels instead of bidirectional circuits, doubling the number of nodes a peer has to compromise to get the same information. 30
  • 31. Benefits of I2P over Tor  Protection against detecting client activity, even when an attacker is participating in the tunnel, as tunnels are used for more than simply passing end to end messages (e.g. netDb, tunnel management, tunnel testing)  Tunnels in I2P are short lived, decreasing the number of samples that an attacker can use to mount an active attack with, unlike circuits in Tor, which are typically long lived.  I2P APIs are designed specifically for anonymity and security, while SOCKS is designed for functionality. 31
  • 32. Benefits of I2P over Tor  Essentially all peers participate in routing for others  The bandwidth overhead of being a full peer is low, while in Tor, while client nodes don't require much bandwidth, they don't fully participate in the mixnet.  Integrated automatic update mechanism  Both TCP and UDP transports  Java, not C (ewww). 32

Notas del editor

  1. 1
  2. 2