Hao Cai, a Ph.D. Student in the Network Systems Laboratory of Professor Tilman Wolf in the Electrical and Computer Engineering Department, received the best student paper runner-up award at the 25th International Conference on Computer Communication and Networks (ICCCN 2016), run by the Institute of Electrical and Electronics Engineers from August 1 through 4 at the Waikoloa Beach Marriott Resort Hotel in Hawaii. The title of Cai’s paper was “Source Authentication and Path Validation in Networks Using Orthogonal Sequences.” Wolf is the co-author of the paper.
As Cai explains about his paper, “Verifying the authenticity of the source of network traffic and the path that this traffic has traversed is an important building block for secure network protocols and defense mechanisms. We investigate these problems of in-network source authentication and path validation. Existing approaches are either unable to satisfy security requirements or need significant computational resources due to cryptographic operations, thus limiting their suitability in practice where potentially every packet needs to be checked at line rate.”
As Cai says in his award paper, source authentication and path validation are two important concepts in networking, which help construct higher-level security mechanisms, such as mitigating denial-of-service attack, ensuring path compliance and packet attribution, and protecting against flow redirection. Source authentication is the verification of the source address of a host that sends a packet and is designed to determine whether this packet indeed originated from the claimed source. Path validation confirms that a packet indeed traversed the path known to (or selected by) the host (i.e., the source). The latter is used when senders, receivers, or operators want to ensure that a packet’s path adheres to their preferences. For example, an enterprise might want to dictate that incoming traffic passes through certain services, such as deep packet inspection. Path validation provides a way to verify this path compliance according to the policies of ISPs, enterprises, and data centers.
Cai says that the current Internet does not provide any effective means for source authentication and path validation by routers or end-hosts. For example, a network provider cannot determine if traffic is sent by neighboring providers along paths that match service-level agreements; a receiver cannot be sure whether a packet is from a specific source, since an attacker can spoof source addresses in packets.
In addition, “Widely used end-to-end encryption and authentication schemes are not able to solve these issues, since they are agnostic to which path their packets have been forwarded on,” says Cai. “A stronger approach is needed, which enables routers and destinations to perform source authentication and path validation.”
Cai’s research investigates “Orthogonal Sequence Verification” (OSV), a lightweight and scalable technique to address this problem. OSV uses orthogonal capabilities to enable source authentication and path verification simultaneously. The verification of these orthogonal capabilities is based on inner product computations, which can be easily realized by basic bitwise operations in a processor. Cai notes that OSV significantly reduces computational cost, while achieving the necessary security properties.
“We present evaluation results which show that OSV is three orders of magnitude faster than the current approaches based on cryptographic operations,” says Cai. “Therefore, we believe that our work presents an important contribution toward realizing high-performance, secure network protocols and network attack defenses in practice.”
Before studying in UMass Amherst, Cai received his Bachelor and Master of Science degrees in Electrical Engineering, both from Shanghai Jiao Tong University, in 2009 and 2012, respectively.
ICCCN is one of the leading international conferences for presenting novel ideas and fundamental advances in the fields of computer communications and networks. ICCCN serves to foster communication among researchers and practitioners with a common interest in improving communications and networking through scientific and technological innovation. The primary focus of the conference is on new and original research results in the areas of design, implementation, and applications of computer communications and networks. (August 2016)