acm sigcomm

Besides the recently famous gravitational waves, there is another phenomenon affecting the spacetime continuum, at least in the Internet universe: the Network Time Protocol (NTP, RFC5905), used for decades by Internet attached hosts to establish and maintain synchronization of their clocks. In this paper, Aanchal and Sharon show how an attacker can alter a system’s perception of time when it relies on NTP. System time has an immense effect on host activities: cached data expiration, scheduled jobs, public-key certificate expiration, backups, cryptographic protocols, time-outs in general, etc. Therefore, manipulation of the system clock can open the path to several attacks.The authors identify two vulnerabilities affecting NTP protocol’s cryptographically-authenticated broadcast mode. The first allows an on-path attacker to stick an NTP broadcast client to a specific time indefinitely. The second vulnerability exposes a client to a denial-of-service attack, in which an off-path attacker prevents the client from updating its system clock. The authors also perform a survey of the IPv4 address space, identifying several hosts using NTP broadcast mode.Reviewers found the contribution of this work relevant, not only because it pertains to more secure protocol design, but also because the authors explain solutions and collaborated with industry, developers and standardization groups to improve the security of the protocol and its implementations. The reviewers also discussed the potentially limited nature of these vulnerabilities given that NTP’s cryptographically-authenticated broadcast mode does not seem to be widely adopted. However, as the authors explain, it is difficult to establish figures on the popularity of this mode, since (i) it is most common in clients behind NAT, and (ii) several firewalls filter queries that may reveal such information. Finally, we believe this paper is a good match for CCR also because the two vulnerabilities discussed have just been disclosed and assigned a CVE-ID, which makes the paper even more... timely! ACM SIGCOMM Computer Communication Review

Interdomain routing has been extensively studied over the past decade by both research and industrial communities. While tremendous knowledge and understanding have been gained on various aspects of the Interdomain routing (including routing policies), there are some gaps that remain to be filled. What make this paper interesting and distinguish itself from many other paper on interdomain routing policies is that this paper intended to bridge one of these knowledge gaps by conducting a survey on business relationships and routing policies used by individual autonomous systems in practice. About 100 network operators responded to the survey and answered questions about their routing policies, billing models, and thoughts on routing security. The paper presented survey results and discussed their implications. While most of results provided a systematic view of interdomain routing policies used in practice and on the extent to which common modeling assumptions about routing policies actually hold on the Internet, some of the findings are quite interesting and require deeper understanding on their implications. For example, the survey results showed that 90% of operators disabled MRAI timer which is used to rate limit update messages between neighboring BGP-speaking routers. This paper provided a good starting point on some of these findings. Follow up studies that look deeper into these findings would be of great interest to the research community and can potentially impact network operators for setting their policies in the future. One limitation of this paper is that survey results only represented a somewhat bias view from the 100 operators who were questioned and responded. Having said that, I believe these results provided very useful information on the operational reality of interdomain routing policies. Researchers and students who work on the interdomain routing area would find this survey beneficial.

This paper focuses on improving the scalability and robustness of simulations for analyzing interdomain routing techniques. There are two challenges with inter-domain routing simulations (as outlined by the paper): (i) The running time of simulations on large AS graphs can be very high – O(|V|^3) for an AS graph with |V| vertices. For an empirical AS graph with 36K nodes, it will take several months to finish. (ii) The lack of ground truth information makes assessing the accuracy and robustness of routing techniques difficult. To address the first challenge, the author develops a novel routing tree algorithm that takes only O(|V|^2) time to compute paths between all source-destination pairs in an AS graph with |V| vertices, which is significantly faster than the state of the art. The algorithm exploits the fact that realworld AS graphs are typically very sparse, with only around 4*|V| edges as opposed to O(|V|^2) edges. It computes all the paths by performing a specialized three-stage breadth-first search (BFS) on the AS graph. To further improve the scalability in the context of repeated simulations, the paper develops lightweight faster amortized algorithms that achieve 5-times speedup compared to running repeated simulations. The idea is to run a single computation for all-pairs paths once and saving and reusing the intermediate results for subsequent iterations. Since the algorithms can be run independently across destinations, Map-reduce style parallelization is used to achieve another 200-times speedup. This is very good! Regarding robustness, the paper proposes to perform repeated simulations with varied parameters – this becomes computationally feasible because of the significantly reduced run-time. While it is arguable whether repeated simulations alone suffice to cope with the lack of ground truth, the approach helps better understand the impact of the imperfect data and modeling assumptions and is therefore clearly valuable. Overall, a very nice paper. The core ideas are both interesting and useful. The techniques proposed in the paper should really become the common practice in future large-scale simulation studies of interdomain routing.