►
From YouTube: IETF102-RTGAREA-20180717-1330
Description
RTGAREA meeting session at IETF102
2018/07/17 1330
https://datatracker.ietf.org/meeting/102/proceedings/
A
A
C
B
C
C
B
A
B
You'll
notice
that
our
agenda
is
slightly
different
from
what
we've
always
had
in
the
routing
area,
meaning
this
one
is
a
very
special
because
we
have
our
several
presentations.
We
don't
have
for
the
first
time
in
probably
many
many
many
years,
a
review
of
all
the
working
groups
we
do
have.
However,
thank
you.
B
There
was
a
group
chair
who
was
clapping
yeah.
We
do
have
for
the
enjoyment
of
everyone,
the
wiki,
so
that
you
can
still
go
look
at
the
wiki.
It
won't
probably
finished
start
by
the
other
week
with
updates
on
the
different
working
groups.
So,
instead
of
everyone
getting
up
and
reading
what
the
wiki
says,
we
figured
that
we
would
use
the
time
better
and
actually
have
discussions
about
other
things
in
in
the
routing
area.
Maybe
so
that's
what
the
agenda
reflects
here.
B
B
Yeah
that
deserves
a
hand,
because
you
know
not
not.
Anyone
comes
out
of
retirement
just
to
be
with
you
guys,
then
everyone's
going
to
talk
about
others
don'ts
for
a
few
minutes
and
then
we're
going
to
have
the
to
a
NRP,
advanced
or
applied
networking
research.
Price
winners
do
the
presentation
here.
B
We
believe
that
there
is
some
relationship
with
routing
in
both
of
them.
One
is
a
lot
more
obvious
than
the
other
one,
the
first
one
I,
which
talk
about
running
attacks
on
cyber
currencies
and
then
we're
going
to
have
panelists
talk
about
skill
or
bus
identity
in
vehicular
networks,
early
communications.
We
have
a.
B
Anyone
want
to
change
the
agenda
just
so
you
know
the
only
change
will
be
accepting
is
to
put
back
the
working
good
reviews
in
the
agenda
and
ready
for
the
wiki.
No,
no
are
you
sure,
okay
good,
so
the
areas
that
is
nothing
or
not
a
lot
has
changed.
We
managed
to
reach
Artur
when
working
good
when
the
Martin
is
working.
We
were
charter
Babel
with
a
minor
change
weeks
ago,
and
we
did
close.
One
work
helps
to
be
extensions.
E
E
F
I
am
tall,
so
I
will
try
to
I,
don't
know
if
I
can
make
this
taller
or
not.
I
can
aha,
so
we're
owners
up
here.
Next,
we'll
have
to
deal
with
the
fact
that
I
set
this
for
a
tall
person,
so
I
sure
had
a
hobby
back
when
I
used
to
work
for
a
living
of
keeping
track
of
ways
that
whole
networks
can
go
down
at
once.
F
F
F
F
So
back
when
I
went
to
ITF
meetings
every
now
and
then
we
would
see
somebody
bringing
in
an
idea
that
looked
like
some
of
the
things
we
did
wrong
in
the
past
and
old
people
with
gray
beards
and
I'd
say
no,
don't
do
that
I'm
a
little
concerned
that
some
of
us
old
people
with
graveyards
are
getting
old
and
we're
not
gonna
be
around
forever,
and
some
of
us
aren't
around
anymore
at
all.
So,
except
for
this
one
talk
so
I
figured.
It
would
be
a
good
idea
to
write
this
down.
F
F
Generally,
you
know
the
best
stuff
that
was
out
there
got
deployed,
so
the
stuff
that
did
not
fail.
This
way
did
not
fail
because
it
was
even
worse,
not
because
it
was
better,
and
you
know
we've
all
done
this.
If
I
had
named
vendors,
there
would
be
something
like
six
or
seven
of
them.
That
would
be
named
in
this
talk
alone,
and
that's
not
counting.
F
It
used
a
3-bit
sequence
number
space,
because
back
in
the
1970s
networks
were
pretty
slow
right,
I
think
there
might
have
been
56
K
links
if
that
tying
the
ARPANET
together.
When
the
three
that
sequence
number
space,
you
were
going
to
run
off
the
end
of
it
eventually,
so
it
was
a
circular
space.
So
when
you
got
to
the
end,
you
went
back
to
the
beginning
and
since
it's
a
circular
space,
whether
a
is
greater
than
B
or
B
is
greater
than
a
it
depends
on
which
way
around
the
circle
is
shorter.
F
A
single
arpanet
switch
I'm
sure
that
more
than
one
crash,
but
one
in
particular
example
that
was
interesting
was
one
of
them
crashed
sometime
in
the
early
1980s
and
when
it
came
back
up,
it
thought
oh
well,
these
messages
in
my
queue,
somebody's
going
to
want
to
see
them.
So,
let's
forward
them
on
so
it
did
forward
them
on,
and
one
of
the
messages
in
its
queue
happened
to
be
a
routing
update,
which
was
exactly
halfway
around
the
circular
sequence
space
from
the
current
update
and
this
occurred.
F
While
an
update
was
in
progress,
so
the
three
sequence
number
is
ABC
right:
a
came
out,
bigger
than
B
and
B
was
bigger
than
C,
but
C
was
bigger
than
a
going
around
the
circular
space,
which
meant
that
update
a
replaced,
update,
B
and
then
update,
be
replaced,
update,
C
and
then
update.
C
replaced
update
a
so
next
slide.
F
This
was
a
little
bit
unpleasant
back
in
the
1980s,
but
it
wasn't
that
catastrophic,
because
you
know
the
ARPANET
failure
wasn't
catastrophic
today,
if
you
had
hundreds
or
even
thousands
of
routers
in
a
network,
this
could
be
quite
unpleasant.
Next
line
will
get
a
different
problem
back
in
the
early.
F
This
is
sometime
around
92
or
93
I
think
there
was
a
network
that
was
stable
and
working
well
and
had
a
fairly
modest
number
of
routers
that
were
basically
as
big
as
you
could
buy
back
then
in
the
core,
and
it
had
a
whole
bunch
of
edge
routers
as
stubs,
and
it
was
working
well
and
the
customer
was
quite
happy,
but
the
customer
thought
well
I
care
about
reliability.
So,
let's
multi-home
the
stubs
next
slide.
F
So
they
did
that
and
immediately
the
network
completely
collapsed.
So
what
happened?
What
happened
was
on
the
next
slide,
some
router,
some
that
liked
that
core
router
in
the
middle
had
a
link-state
advertisements
send
out
so
send
it
to
all
its
neighbors,
including
all
of
the
stubs.
All
of
the
neighbors
thought
all
my
other
neighbors
are
going
to
want
to
see
this
update,
so
they
all
forward
it
on
to
so
they
all
arrived
at
once
at
another
core
router.
It
turned
out
I.
Remember
at
the
time
people
complaining
that
Dijkstra
was
so
slow.
F
No,
no
Dijkstra
wasn't
really
the
problem.
People
just
thought
it
was
once
they
actually
started.
Looking
hard
at
the
code
and
instrumenting
it
they
discovered.
The
problem
was
simply
getting
the
same
length
state
advertisement,
20
30
40
times
all
at
once
was
too
much
for
their
little
processors
at
the
time
and
it
caused
them
to
crash
in
various
ways
up
until
seeing
this
happen
in
the
network,
nobody
predicted
that
this
is
going
to
be
a
problem,
but
then
we
saw
a
problem
and
networks
failed
and
we
fixed
it
a.
F
Similar
problem
can
occur
with
IP
over
ATM,
where
you
have
I
did
not
I
got
lazy
because
I'm
writing
the
slide.
One
of
the
last
ones
I
did
before
sending
the
slides
in
and
I
didn't
draw
the
ATM
switches
in
the
middle.
But
if
you
have
a
bunch
of
hours
all
attached
to
an
ATM
cloud
and
you
have
bunch
of
ATM
switches
in
the
middle
or
frame
relay
switches
in
the
middle,
you.
F
There's
another
problem
that
I
notice
and
this
I
was
actually
pulled
down
into
the
lab
in
1992
and
somebody
said,
sit
there
and
look
at
this
network
would
stay
stable
for
quite
a
while
and
it
just
you
know,
work
great
and
then
just
randomly
by
coincidence.
Several
things
would
happen
at
pretty
much
the
same
time.
Now,
in
those
days
back
before
my
hair
turned
gray,
processors
were
a
lot
slower
than
they
are
now,
and
the
processors
were
also
used
to
forward
packets,
in
addition
to
doing
the
routing
protocol
stuff.
F
So
if
you've
got
several
changes
that
just
happen
to
occur
at
the
same
time,
the
processors
could
fall
behind.
So
even
if
one
router
was
sending
out
hit
its
loans
on
time,
the
next
router
over
might
not
notice
for
awhile,
simply
because
it
was
too
busy
doing
other
stuff,
and
so
it
might
have
the
timer
go
off.
Saying:
I
haven't
gotten
too
low
in
the
last.
You
know
10
seconds
before
it
noticed
that
it
has
alone
sitting
in
its
queue,
and
so
what
happens
when
that
happens?
Well,
it
decides.
F
I
haven't,
got
hellos
for
a
while
I'm
going
to
drop
the
adjacency.
What
do
I
do
when
I
drop
the
adjacency
island
send
out
another
update.
So
at
the
time
when
the
network
was
too
busy,
what
am
I
gonna
do
send
more
traffic
to
make
it
more
busy
a
couple
of
routers.
Do
this
it's
going
to
cause
more
in
the
same
or
congestion,
other
processors
get
collide,
get
busy,
they
drop
all
those.
F
So
what
I
was
sort
of
looking
at
in
the
lab
in
1992
was
an
entire
network
disconnecting
at
once
now
another
fun
thing
happened.
These
things
their
advertisements
were
going
to
be
refreshed
periodically
with
a
fixed
timer.
So
since
the
whole
network
collapses
at
once,
they
all
come
back
up
at
once.
It
all
comes
back
up
and
once
20
minutes
later,
they
all
decide
at
the
same
time
they
have
to
refresh
their
lsas,
so
they
send
them
all
out
again,
all
at
the
same
time,
which
means
it
happens
again.
F
So
since
I
was
encouraged
to
sit
there
for
like
an
hour
and
watch
this
happen,
every
20
minutes,
it
would
happen
again
know
that
were
disposed
down.
The
hole
that
comes
back
up,
works,
5,
20
minutes,
then
whole
thing
goes
down
and
the
whole
thing
comes
back
up.
This
was
considered
not
a
good
thing.
Then
this
way
fun,
though
much
more
fun
than
you
know,
watching
TV.
F
Well,
it
means
every
20
minutes.
It
was
more
fun
some
solution.
You
optimize
the
hello
there,
the
protocol
processing,
you
prioritize
the
hello,
so
you
deal
with
them
first,
because
you
never
want
to
drop
in
adjacency.
If
you
Jason
sees
really
there,
you
ran
the
mines,
the
timer,
so
that
if
everybody
goes
down
and
up
at
once,
they
don't
all
20
minutes
later
get
panicky.
At
the
same
time,
this
will
seem
to
be
known
to
me
in
92
or
93,
because
it
was
92
I
watched.
F
This
all
happened
in
93
I
watched
it
all
get
fixed,
but
about
a
year
later
there
was
an
ATM
network,
a
pretty
big
one,
well-known
service
provider
that
you've
all
heard
of
on
a
big
ATM
network
and
a
couple
I
know:
love
was
2
or
3,
but
a
small
number
of
links
went
down
that
happened
to
partition
the
entire
ATM
network
and
the
link
stayed
down
long
enough
for
all
of
the
link
state
advertisements
on
each
side
of
the
partition
to
get
completely
refreshed.
While
the
network
was
partitioned.
F
This
was
an
ATM
network
that
was
using
OSPF
as
its
routing
protocol.
So
at
some
point
one
of
those
partitions
healed
right
or
got
you
know.
Somebody
went
out
there
and
reconnected
the
wire,
and
then
the
link
came
back
up
again
and
so
the
switch
on
each
side.
Of
that
we
connected
link.
You
know
they
they've
run.
You
know
the
database
sync
and
they
each
decide.
F
Okay,
the
guy
on
the
other
ends,
gonna,
want
to
know
about
the
entire
database
that
I
have
so
both
switches
at
each
end
of
the
link
that
came
back
up,
send
its
entire
database
to
the
other
side.
What
happened?
Well,
every
single
CPU
in
the
entire
network
congested
dropped,
the
loans,
every
link
in
the
entire
network
went
down,
and
then
they
came
back
up
again
to
the
credit
of
whoever
wrote
the
software.
They
did
randomize
their
timers,
and
so
it
did
not
repeat
every
20
minutes
for
the
rest
of
all
time.
F
Denial
service
attacks,
I
guess
you
know
we're
all
familiar
with
that.
Some
attacker
manages
to
get
software
onto
many
many
hosts
throughout
the
network
and
they
all
send
traffic
to
the
same
place
overwhelming
a
victim
congesting
links
next
slide.
There
was
a
funny
example
of
this
that
happened
in
2003.
F
If
we
get
to
the
next
slide,
Odessa
try
again,
you
might
have
to
do
it
one
more
time,
because
I
think
since
I
had
to
build
with
three
things
that
it
showed
me
the
same
picture
three
times:
it's
not
exactly
what
you
would
have
wanted,
but
it's
good
enough
for
government
work.
Okay,
so
in
January
2003
there
was
the
slammer
world
right.
It
was
a
worm
that
was
created
that
just
propagated
itself
very
rapidly.
F
On
average,
it
doubled
every
eight
seconds
so
from
until
you
notice
it's
there
until
it's
causing
a
horrible
problem
is
not
very
long.
It
decide
and
what
IP
address
to
attack
by
just
picking
an
address
at
random
and
trying
to
attack
it,
and
if
it
succeeded,
I
succeeded
and
if
not,
it
would
pick
a
different
address
at
random
and
try
to
attack
it
of
all
of
the
addresses
that
it
picked
at
random.
F
Some
of
them
were
the
address
of
a
router,
so
not
only
when
other
routers
not
aware
of
any
routers
that
actually
got
infected
by
the
slammer
worm
because
they
had
fairly
special
software,
but
they
certainly
got
a
lot
of
traffic
sent
to
them.
So
what
happened
in
2003?
Well,
the
routers
drop
their
hellos
in
some
cases
and
drop
their
adjacencies
and
the
network's
disconnect.
So
apparently,.
D
F
Everything
that
was
learned
back
in
the
1990's
was
actually
completely
totally
learned.
However,
I
don't
know
whether
this
was
caused
by
link
ingestion
or
by
CPU
congestion.
There's,
you
know,
slammer
really
hit
the
internet
very,
very
hard,
and
so
exactly
almost
everything
got
overwhelmed
at
the
time.
The
other
fun
thing
is
there
were
some
routers
that
were
getting
so
much
traffic
that
they
won't
respond
to
the
management
plane.
F
They
right.
This
is
a
fun
problem.
Next,
so
the
same
pretty
much
solution,
but
it
had
to
be
done
with
river
board
here,
oh
yeah,
this
is
a
fun
one.
The
I
dunno,
who
wrote
some
of
the
software
involved
here
nice
point
out
of
it
is,
is
and
OSPF
were
designed
in
the
mid-1980s
back
then
again,
the
CPUs
are
slower
than
they
are
now
and
again.
Some
of
the
CPUs
are
still
in
fact,
I
think
on
the
most
part,
we're
still
forwarding
packets
in
the
same
CPU.
F
Because
of
this
I
don't
know
what
funny
character
showed
up
there
on
right,
but
the
original
spec
tried
to
minimize
the
strain
on
the
CPU
and
optimize
the
speed
of
flooding.
Given
that
the
CPUs
were
not
super
fast
back,
then
so
one
of
the
things
that
the
is
is
spec
specifies
is
first,
you
check
the
auto
rapper,
so
you
check
the
checksum
yep
that
passes.
That's
good.
You
check
the
sequence
number
and
the
LSP
number.
Is
this
a
new
update?
Yes,
it
is
ok,
it's
a
new
update
flood
it
out
after
you
flooded
it
out.
F
F
There
happen
to
be
a
bad
interface
somewhere
that
was
thrashing
packets.
That
would
just
randomly
change
a
few
bits
and
then
could
forward
the
packet
now
most
of
the
time,
the
checksum
would
fail
right
in
the
back
beats
where
I
went
away,
but
one
packet
managed
to
get
through,
because
if
you
randomly
change
one
bit,
the
checksum
will
always
catch
it.
But
if
you
randomly
change
multiple
bits,
the
checksum
will
catch
it
with
something
like
one
in
65,000
or
65
536
or
some
number
up
around
there
that
it
might
get
through
is
ok.
F
F
Somebody
forgot
to
check
that
in
the
software
so
crash,
but
you
forward
the
packet
before
you
crashed.
So
when
you
come
back
up,
somebody
else
will
be
forwarding
the
packets
you
before
it
crashes,
so
like
a
whole
network,
crashed
and
came
back
up
and
crashing
what,
but
there
one
fun
thing
was
this
actually
affected?
More
than
one
vendor
at
the
same
time,
I'm
not
the
name
any
of
the
vendors
involved,
because
I
said
I,
wouldn't
name
vendors,
but
it
was.
Most
of
these
crashes
have
been
single
vendor
crashes.
F
Basically
right,
you
have
a
destination,
a
the
router,
the
one
hop
away,
says:
I'm,
one
half
away
from
a
and
the
next
router
says
I'm
too
hot.
So
a
and
the
next
router
say
on
three
hops
away.
You
don't
save
this
back
to
the
guy
you're,
getting
it
from,
because
that's
the
way
your
one
hopper
to
hops
and
three
hops
drove.
So
you
say
it
in
other
directions.
However,
these
packets
are
sent
out.
You
know
with
some
time
delay
involved
right.
F
So
exactly
when
any
one
router
notices
that
they've
got
this,
it
might
be
a
you
know
a
few
seconds.
It
might
be
a
few
more
seconds
or
a
few
less
seconds.
It
can
vary
a
little
bit.
So
if
a
goes
away
at
some
point
and
that
first
router
says
I
can't
get
there
anymore,
the
next
router
says
I
can't
get
there
anymore,
but
that
router
sent
out
of
things
hang
on
two
hops
away
and
then
it
says
something:
I
can't
get
there
anymore.
F
The
next
router
over
has
those
last
two
routers
have
been
hearing
from
each
other
that
they
can
get
there
at
three
hops.
They
think
they
have
a
three
hop
way
to
get
there
in
addition
to
the
two
halfway
right,
so
we're
really
it
be
yeah.
So
when
a
goes
away,
those
routers
on
the
right
think
that
they
can
get
there
by
each
other
by
three
hearts.
So
when
they
hear
they
can't
get
there
from
the
guy
in
the
middle,
the
two
hops
they
might
say
back
to
that
guy.
F
Well,
that's,
okay,
I
can
get
there
and
it's
four
hops.
However,
there's
going
to
be
a
timing
issue
as
to
when
does
one
say
that
and
when
does
the
other
hearing,
so
if
we
go
to
the
next
slide,
this
is
just
one
possible
thing
that
might
happen
is
that
guy
at
the
bottom
has
just
heard
from
the
guy
up
on
the
upper
right.
I
can
get
their
three
hops,
so
he
thinks
oh
well,
I
just
heard
from
the
guy
in
the
middle
that
he
can't
get
there
anymore.
F
So
I'll
tell
him
that
I
can
get
there
as
four
hops
sometime.
The
guy
in
the
middle
is
heard
that
so
he'll
say
to
the
guy
over
on
the
right.
Well,
I
can't
get
so
the
guy
on
there
on
the
upper
right
says
to
the
guy
in
the
bottom:
I
can
get.
There
are
six
hops
uses.
You
count
up
to
infinity
one
hop
at
a
time.
What
gets
around
this
by
the
ludley
approach
of
setting
infinity
to
a
fairly
small
number,
so
you'll
actually
get
there.
I
think
it's
15
is
infinity
and
either.
F
F
For
now
we're
going
to
get
into
I,
don't
know
why
the
slides
have
gone
to
tiny,
tiny
little
font.
Now
my
apologies.
What
I
sent
in
was
not
tiny
font,
although
I
will
admit
that
it
was
a
more
recent
slug
for
delay.
Based
routing
is
something
that's
been
tried,
a
bunch
of
times
with
a
bunch
of
fun
things
there's
been
multiple.
Actually
all
of
the
bullets
and
sub
bullets
have
been
lost
to
on
this
slide
very
interesting.
F
This
is
before,
or
IBM
got
involved.
It
was
back
when
it
was
a
university
professor
and
probably
a
few
grad
students,
or
maybe
even
undergrad,
students,
I'm,
not
sure
there
might
be
somebody
in
this
room
who
could
tell
me,
but
there
was
a
friendly
professor
who
was
building
the
routers
for
the
very
first
version
of
the
NSFNET,
and
they
were
called
fuzz
balls
and
they
worked.
That's
just
serve
their
nickname
and
they
had
a
real
time
delay
plate
based
protocol
which
actually
with
measuring
queuing
delays
in
the
router.
F
So
it
would
add
its
queuing
delays
to
what
it
was
hearing
from
its
neighbor
with
a
distant
sector
of
outing
in
the
core
of
the
NSFNET.
So
because
this
was
hearing
relays
up
and
down
and
up
and
down
right.
If,
if
you
have
a
particular
path,
that's
not
congested
at
all,
you'll
have
very
small
delays.
It
will
have
very
small
metrics.
F
Everybody
will
think
that's
a
great
way
to
go
so
a
whole
bunch
of
traffic
will
decide
to
go
that
way,
so
how
to
put
the
delay
way
up
and
they
never
got
inside
to
go
a
different
way
and
sort
of
oscillate
back
and
forth.
Now.
This
was
what
was
going
on
at
the
core
of
the
first
NSFNET
outside
of
that
they
were
running
rip.
So
how
do
you
go
from
rip
to
the
hello
protocol
in
the
middle?
F
You
have
mapping
tables
where
you
know
a
rip
value
of
two
will
get
mapped
to
a
delay
of
this
and
of
X,
and
a
value
of
three
would
get
mapped
of
slightly
larger
delay
and
so
on.
Then
you
go
across
the
core
and
on
the
other
side
it
was
mapped
back
into
RIP
and
it
was
done
so
if
you
know
if
a
particular
rip
value
of
let's
say
three
got
mapped
to
a
particular
delay.
F
When
you
got
to
the
other
side,
it
was
guaranteed
to
be
mapped
to
at
least
four
right,
but
the
problem
is
you
had
this
delayed
based
protocol
in
the
core
that
was
flapping
all
over
the
place
and
that
was
getting
mapped
into
rip
values
pop
counts,
which
were
flapping
all
over
the
place.
So
you
take
that
counting
to
infinity
behavior
that
I
just
mentioned,
and
you
feed
it
with
highly
dynamic,
jumping
up
and
down
metric
values
that
you're
feeding
into
rip
all
around
the
edges.
The
early
NSFNET
was
not
the
greatest
success.
F
D
F
I
Telenet
it
back
to
my
home
computer
in
Cambridge,
Massachusetts
and
typed
in
their
log
in
and
did
a
couple
of
things
and
then
it
froze
and
I
couldn't
do
anything.
I
couldn't
log
out
I
couldn't
stop
the
session.
I
couldn't
do
anything
at
all.
45
minutes
later
came
back
and
I
was
still
logged
into
this
computer
on
the
other
side
of
the
country.
F
Of
course,
the
first
thing
I
did
was
log
out
right,
it's
I
could
have
walked
away
and
a
student
could
have
Marge
walked
up
and
being
logged
into
my
computer,
so
that
was
great
fun
there's
been
another
I
mean
there's
all
kinds
of
fun
things
that
have
happened
with
the
latest
routing.
Another
version
that
was
fun
was
again
in
the
mid
to
late
1980s
this.
What
they
called
the
new
ARPANET
routing
protocol
decided
to
use
delay
byte
heavily
dampened.
F
So
the
metrics
were
a
combination
of
hop
count
and
delay
with
the
contribution
of
delay
being
very,
very
small,
so
it
was
mostly
hop
count
with
a
little
bit
of
delay
so
between
equal
cost
paths.
You
take
the
less
congested
way.
The
problem
is,
then,
the
network
started
getting
congested
and
it
was
a
linear
combination
of
hop
count
in
doing
so,
as
the
delays
went
up
to
10
times
as
big
all
of
a
sudden,
it
turned
into
what
was
essentially
a
scrape
delay
based
routing
became
wildly
operating.
F
G
Yeah
so
fortunately
I
guess.
This
is
fortunate
when
Ross
asked
me
to
come
up
with
some
PGP
examples.
I
couldn't
think
of
as
many
that
fall
into
the
kind
of
Halden
catch
fire
category
as
he
came
up
with
in
the
earlier
slide
set,
but
there's
still
a
some
interesting
history
behind
BGP.
So
one
thing
that
I
thought
was
kind
of
interesting
is
that
we,
as
probably
a
four
I,
won't
repeat
this,
because
it's
generally
true,
but
as
a
lot
of
you
know
some
of
you
may
not.
We
currently
are
routing
the
internet
using
a
protocol.
G
That's
neither
deterministic
nor
even
formally
correct,
but
it
still
works
anyway,
mostly
so
so
one
of
the
ones
that
I
thought
was
really
cool
when
I
first
had
it
explained
to
me
by
tim
Griffin
was
this
thing
called
BGP
wedgies,
which
is
a
great
thing
and
there's
an
RFC
about
it
and
if
you've
never
heard
of
these
things
before
I
recommend
it
as
entertaining
reading
to
keep
you
awake
at
night
or
give
you
nightmares.
G
But
basically
the
you
know,
sort
of
the
the
outline
is
that
you
bgp,
if
you
hang
out
in
the
bgp
community
at
all,
you
keep
hearing
things
like
it's
a
local
matter
or
that's
policy
and
policy
is
local,
local,
but
forwarding
is
global
and
that
leads
to
interesting
consequences.
Next
slide,
please,
let's
see
what
happens
now.
G
Okay,
we
at
least
get
to
see
the
picture.
We
don't
get
to
see
the
build.
You
can
see
the
whole
bill
that
at
once,
I
guess
so.
I
normally
discourage
my
authors
from
doing
builds,
but
I
really
need
believe
there,
like
there's
at
least
that
much
work.
G
Alright,
so
we'll
try
to
do
it
this
way,
I
guess
basically
at
the
set
up.
This
is
a
relatively
simple
version
of
it
is
that
you
know
this
guy
down
here.
The
customer
has
a
link
that
they
only
ever
want
to
use
for
backup
their
policy
is
they
want
to
receive
all
of
their
traffic?
This
way,
you
know,
even
if
it's
coming
the
long
way
around,
because
you
know
maybe
things
were
all
really
high
bandwidth
links
and
that's
really
a
little
bandwidth,
they're
really
expensive
or
you
know
whatever.
G
Who
cares
so
they
implement
this
policy
using
a
community?
You
can
community
that
they
send
on
the
route
in
this
direction
and
that
community
has
the
semantics
they're
locally
defined
semantics
telling
this
provider.
You
know
what,
if
you
have
a
backup
route
available,
please
follow
that
one
instead
of
the
one
I'm
sending
you
so
when
you
set
the
topology
up,
it's
all
good
traffic
goes
boom
boom
boom
as
desired.
So
now,
let's
see
we
fail
this
link.
G
G
Yeah.
Do
you
end
up
with
traffic
following
that
set
of
routes?
Instead,
because
you
have
the
property
that
you
already
have
a
route
that
is
coming
this
way,
which
is
suppressing
advertisement
of
a
route
in
the
reverse
direction,
which
means
that
in
particular,
this
a
s
never
gets
to
here
about
this
route
and
therefore
never
stops
using
that
route.
E
G
G
So
so
the
description
for
that
kind
of
you
know
weird
behavior,
where
you
can
flip
from
one
stable
behavior.
They
have
an
have
a
transition
and
then
transition
back
into
a
completely
different,
stable
behavior
is
multi
stable.
So,
interestingly
enough,
if
once
you
throw
the
the
popular
bgp
multi
exit
discriminator
attribute
into
the
mix,
BGP
is
not
even
a
multi
stable,
it's
just
not
stable
and
well
how
the
heck
did
that
happen?
You
know:
were
the
designers
of
BGP
I'm
not
paying
attention
well,
who
knows,
but.
G
Basically,
the
the
you
know
and
again
there
are
RF
scenes
you
can
go
and
read.
If
you're
not
aware
of
this
phenomenon,
you
find
it
interesting,
but
pretty
much.
What
happened?
What
causes
the
behavior
is
the
BGP
route
selection
process
assumes.
There's.
You
know
you
can
find
a
total
ordering
over
all
of
the
routes.
G
G
So
far
as
long
as
you
deploy
the
protocol
as
it
was
originally
designed,
which
is
with
flat
I
BGP,
meaning
that
every
router
in
an
AAS
talks
to
every
other
router
in
the
AAS,
and
they
all
know
each
other's
routes,
it
turned
out
that
that
BGP
did
not
scale
or
deploy
well
to
large
a
essence
that
way.
So
we
invented
several
things,
including
rail
reflectors
route,
reflectors,
new
data
hiding
data,
hiding
works
great.
If
you
have
total
ordering,
we
don't
have
total
ordering.
G
What's
worse
is
so,
of
course,
we
did
not
realize
at
the
time
that
you
know
it
took
probably
a
few
years.
You
know,
and
it
kind
of
like
Roz
was
saying
where
he
had
to
sit,
and
you
know
force
not
to
leave
his
chair
for
twenty
minutes
and
said.
Oh,
you
know,
I
had
a
similar
experience
with
this
thing.
It's
not
completely
clear
that
you
know,
even
if
the
working
group
had
been
presented
with
this
problem,
you
know
the
moment
we
realize.
G
G
G
G
The
problem
is
that
PGP
was
also
designed
with
fairly
draconian
error,
checking
built
into
it
for
all
the
best
reasons.
It's
you
know.
If
your
peer
sends
you
data,
that's
insane,
don't
you
think
that
your
peer
might
be
insane?
If
your
peers
in
saying
don't
you
think
you
would
prefer
to
stop
routing
through
that
peer?
Well,
yes,
that
make
good
sense.
G
Anybody
who
cares
about
protocol
correctness
can
see
that
it's
obviously
the
right
thing
to
do,
especially
in
a
fully
incremental
protocol
as
BGP
is
where
you
don't
have
a
way
of
recovering
synchronization
once
you
lose
it,
but
Oh,
an
optional
transitive
attribute
may
not
have
been
formatted
by
your
peer.
Your
peer
may
not
be
in
this
behaving
party.
The
misbehaving
party
may
be
a
really
long
way
away
across
the
internet.
Their
attribute
may
have
you
know,
and
you
know
the
PGP
basically
is
behaving
like
a
replication
tree.
In
this
case
you
know
one
update.
G
It
gets
replicated
replicated
replicated
fans
out
across
the
Internet
hits
a
patch
of
routers
that
actually
understand
the
attribute
they
all
look
at
that.
They
all
say
this
router,
and
this
attribute
is
insane.
My
peer
must
be
insane,
and
next
thing
you
know
you
know
all
the
peering
z--
between
s1
over
there
and
a
s2
over
there
get
reset
and
people
become
very
upset,
and,
even
though
this
is
you
know,
in
certain
sense,
is
less
traumatic
than
a
lot
of
the
outages
Ross
was
talking
about.
G
It
was
also
more
dramatic
because
the
internet
was
a
little
further
evolved
and
you
know
there
were
things
like
phone
calls
going
over
those
links,
so
the
good
news
is
that
we
eventually
did
figure
out
how
to
fix
this.
Basically
by
saying:
oh,
that
wasn't
the
right
thing
to
do.
We
shouldn't
reset
those
sessions.
Let's
not
do
that
anymore.
Next
slide.
Please.
G
G
You
know,
for
example,
the
example
about
meed
I'm
sure
it's
not
the
only
example
that
exists,
and
you
know
when
you,
when
you
invent
your
extensible
protocol
to
begin
with,
it's
got
kind
of
architectural
integrity,
but
you
know
when
you
have.
You
know
people
over
there
who
are
you
know,
building
one
kind
of
infrastructure
on
top
of
your
protocol
and
people
over
there
they're
doing
something
completely
different.
They
both
do
their
little
extension.
They
meet
in
the
middle
and
nobody
knew
that
was.
G
It's
sometimes
it's
kind
of
a
bad
word
in
protocol
design,
and
if
you
were
using
it,
you
should
probably
think
really
hard
and
finally,
I
I
love
this.
It's
not
even
a
paper.
It's
like
a
screen
that
somebody
wrote
a
long
time
ago
describing
the
worse
is
better
than
I'm
philosophy
and
I.
If
you
haven't
read
it,
google,
it
it's
it's
it's
a
fun
short
rate.
G
Basically
it
contrasts.
You
know
why
did
UNIX
ran
it
wasn't
because
it
was
technically
superior.
It
was
because
somebody
said
yeah
well,
we'll
cover
the
80%
and
then
like
the
20%,
we'll
figure
it
out
later
it's
you
know.
We
know
it
was
the
80/20
world,
but
yeah
you
can
build
a
virus
very
cheaply
and
get
it
out
into
the
world
and
you're.
Probably
one
of
the
thing
you'll
have
to
live
with
the
consequences,
which
is
what
we
do.
H
F
F
F
What
do
we
do
with
this
information?
I
attended
an
ITF
two
years
ago,
approximately
this
week,
roughly
in
Berlin,
two
weeks
after
that,
I
retired
and
I
thought
I've
got
lots
of
time
off.
I'm
gonna
write
this
all
up
and
get
an
internet
draft
and
send
it
off.
Well,
it's
I,
like
being
retired
too
much,
and
so
I
figured
out.
F
That
was
not
going
to
happen
and
I've
been
feeling
guilty
for
two
years
in
a
row
for
Amy
I
discovered
you
guys
are
visiting
something
not
that
far
away
from
my
neck
of
the
woods,
I'm
unwritten
aliy
from
somewhere
pretty
close
to
here
and
still
live
close
enough.
That
you
know,
one
daughter
is
only
a
two-hour
drive
from
here.
So
it
gave
me
an
excuse
to
have
lunch
with
her
and
drive
up
and
see
you
guys
and
then
once
they
agreed
to
have
me,
give
the
talk.
I
actually
had
to
do
the
slides.
F
Somebody
once
said
that
those
who
cannot
remember
the
past
are
condemned
to
repeat
it.
I
heard
it
as
an
old
saying,
I
googled,
that
a
few
weeks
ago,
and
it
was
alleged
that
it
was
said
by
somebody
in
particular
who
I
never
heard
of,
but
I
do
think
that
it's
true
right
I
mean
if
you
don't
learn
from
what
we
did
wrong
before
you're
likely
to
do
it
again,
and
the
old
guys
are
getting
old
and
getting
brain
going
off
other
fun
stuff.
F
F
So
I'm
hoping
that
somebody
will
decide
this
all
needs
to
get
written
up
in
more
detail,
and
you
know
they
can
bug
me
to
try
to
come
out
of
retirement
long
enough
to
read
a
write-up
and
comment
on
or
to
even
mention
some
of
the
other
people
that
I
colluded
with
in
putting
these
slides
together,
but
just
mostly
I'm
hoping.
This
is
helpful
to
guys.
I
It's
you
know
seeing
that
a
lot
of
that
recently
on
documents,
not
just
in
the
rounding
area
but
other
areas,
that
as
they
go
through
the
different
we
review
reviewers.
We
know
there's
a
long
chain
that
there's
a
lot
of
knits
picked
up
and
you
can't
expect
that
others
find
especially
technical
errors,
let
alone
editorial
so
make
sure
you
double-check
your
document
and
don't
expect
Dianna
to
clean
up
your
ana
section.
They
only
process
so
make
sure
it's
clear,
don't
hesitate
to
ask
for
help.
You
know,
especially
as
you're.
I
You
know,
share
chairs
document,
Shepards
eighties.
You
know
just
ask
ask
for
help,
you
know,
don't
let
things
sit
and
then
the
big
one
right
now
is
that
if
you're
an
author
and
your
documents
going
through
the
publication
process,
don't
think
you
can
just
go
to
sleep
after
the
working
group
last
call
there's
much
more
to
be
done.
You've
got
to
be
responsive
as
all
these
other
reviewers
come
through
with
comments,
because
often
some
more
comments
simply
well.
I
Why
did
you
decide
this
I
think
you
could
have
better
have
done
that
and
only
the
authors
really
know
the
history,
especially
the
early
days
of
the
document,
and
why
those
choices
remain
dues
read
your
document,
make
sure
you
have
double-checked
ik,
because
softened
sections
and
figures
have
changed
and
where
they
are
see.
If
it's
it's
been.
I
I
I
There's
a
RFC
style
guide
which
y'all
should
be
familiar
with
and
something
else
that's
been
coming
up
is
there's
make
sure
you
have
that
you
check
your
abbreviations
acronyms
on
first
use,
you're
supposed
to
have
them
spelled
out
and
you
may
think
they're
very
common.
Why
do
you
have
to
spell
it
out?
But
that's
not
necessarily
true
that
there's
a
list
and
there's
only
a
few
actually
then
have
an
asterisk
that
don't
require
expansion,
so
the
best
is
to
be
on
the
safe
side,
expand
everything
and
something
that
just
came
up
in
their
debt.
I
Networking
group
make
sure
you
do
the
reverse
every
we
all
love
our
acronyms
and
abbreviations,
make
sure
when
you
come
up
with
what
you
think
is
a
new
one
check
this
list,
because
you
may
be
surprised
it's
already
in
use,
and
it's
not
a
good
idea
to
to
come
up
with
your
own
that
duplicates
or
triplicate
something
else.
Okay,
it's
I
mean
they
came
up
when
it
was
unbelievable,
they
had
one
song
CPE
and
they
didn't
catch
it
and,
like
we
said,
wait
a
minute.
I
You
can't
use
CPE
as
an
acronym
for
what
you
think
from
something
controller,
a
platform
some
entity
or
something
like
that.
So,
okay,
so
make
sure
you
check
in
this
list
check
it
twice
ensure
and
then
y'all
should
know
that,
there's
not
only
you
reference
2119,
you
need
to
reference
8174.
So
this
is
the
phrase
you
should
be
putting
in
your
documents
and
in
the
routing
area
we've
been
pulled
on
a
couple
of
times.
General
reviews
and
stuff
will
come
up
with
this.
I
They
love
there's
something
to
come
up
with
on
our
documents
and
there's
a
lot
of
our
documents
going
through
that
we
don't
use
the
newest
phrase
here
so
make
sure
you
use
it
make
sure
you
put
something
in
your
security
consideration
section,
and
we
all
know
this
one.
You
know
we
can
put
any
no,
nothing
new,
no
worries,
but
the
security
Directorate
won't
go
by
that
make
sure
you
put
something
then
to
say
well.
I
They
click
that
you
put
some
thought
into
it
and
then
another
one
that
can't
come
out
on
one
of
our
documents
but
in
another
area,
make
sure
you're
using
a
neutral
point
of
view,
and
if
you
go
to
Wikipedia
there,
graz
of
tutorials
on
it
and
suggestions
and
make
sure
you're
checking
you
know
focusing
on
technical
language
versus
marketing.
You
don't
have
to
your
document
has
got
it's
now
working
group
document.
It's
going
all
the
way
to
the
publication
process.
I
You
don't
have
to
rationalize
and
bash,
you
know
other
IETF
technologies
or
why
your
document
is
the
most
important
thing
on
earth
and
you
should
go
forward.
You
know
so
make
sure
you,
during
neutral
language,
focusing
on
technical
and,
of
course,
make
sure
you
do
your
ID
myths
and
that's
it
so.
Okay,
so
most
important
is
ask
for
help.
Just
ask
for
help.
B
So
as
some
years
now,
the
IRT
F
together
something
called
the
A&R
P
every
year,
the
applied
networking
research
price
and
regularly.
There
are
winners
of
that
prize
that
have
research
that
is
related
to
radicals.
So
we
have
in
writing
the
tune
that
were
awarded
price
this
time
to
come
talk
here
in
the
routing
area,
meaning
Maria
is
going
to
come
and
talk
to
you
from
ETH
in
Zurich.
She
has
a
presentation
about
hijacking
Bitcoin
how
to
use
rallying
to
do
that.
I
J
So
hello,
everyone,
my
name,
is
Maria
pasta-like
and
I'm.
A
PhD
student
at
EPA's
I
would
like
to
thank
you
for
welcoming
in
this
meeting
and
inviting
me
to
talk
here
so
I
will
present
our
work
on
routing
attacks
in
Bitcoin.
This
is
joint
work
with
my
adviser,
LaRon
van
beaver
and
evade
so
hard
means
also,
professor
at
the
Hebrew
University
routing
attacks.
Quite
often,
this
is.
J
Recently
there
was
another
able
to
be
hijacked
begins
my
ether
wallet
that
also
caused
multiple
thousands
of
dollars,
but
and
that's
only
the
tip
of
the
iceberg
in
routing
manipulations,
by
analyzing
six
month
of
b2b
advertisements,
we
actually
found
that
routing
attacks
happen
much
more
toughening
the
internet
that
we
could
have
imagined
in
the
y-axis
of
us
graph.
You
can
see
the
number
of
monthly
prefix
hijacks
that
we
detected
in
which
of
the
month
that
you
see
in
the
x-axis,
as
you
can
see,
multiple
thousands
of
hijacks
happen
every
month.
J
Of
course,
not
all
of
them
are
malicious.
In
fact,
most
of
them
are
miss
configurations,
but
in
any
case,
they
happen
in
the
defect
internet
traffic.
Today,
the
purpose
of
our
work
is
to
shed
light
on
the
impact
of
routing
attacks
in
Bitcoin.
Intuitively
Bitcoin
should
be
robust
against
routing
attacks
right.
After
all,
it's
a
highly
decentralized
network
of
nodes
that
are
scattered
around
the
globe.
They
establish
random
connections
and
the
avenues
multihoming
and
additional
really
networks
interconnect.
J
J
Power
as
computational
power
that
is
used
and
is
dedicated
to
Bitcoin
such
that
it
works
and
networks
are
simple,
a
space
I
space.
So
clearly
you
can
see
that
my
new
power
is
very
centralized.
For
example,
only
three
myspace
hosts
68%
of
mining
power,
and
it's
not
only
about
the
mining
power
in
this
graph
you'll
see
the
cumulative
percentage
of
Bitcoin
clients
as
a
function
of
the
network's
hosting
them
again.
J
You'll
see
that
there
are
centralized,
for
example,
30
myspace
hosts
30
%
of
the
different
clients
and
understand
how
rare
this
is
to
run
a
Bitcoin
client.
He
don't
need
much
like
you,
don't
need
much
CPU
need,
don't
need
specialized
hard
work,
so
it
will
be
counter
intuitive.
Finally,
if
we
look
at
the
cumulative
respect
percentage
of
connections
as
a
function
of
the
transit
network,
intercepting
it
we
didn't
see
that
traffic
is
very
centralized.
J
For
example,
in
this
case
we
see
that
3
ISPs
intercept
63%
of
the
Bitcoin
traffic
because
of
the
centralization
there
are
actually
2
attacks
that
are,
in
fact,
practical
and
effective.
Today,
the
partition
attack
in
which
the
attacker
tries
to
split
the
network
into
half
and
the
Dini
attack
in
which
the
attacker
relays
the
block
propagation,
the
partition
attack,
is
very
visible,
as
the
attacker
needs
to
hijack
traffic.
First,
however,
it
is
very
effective
even
against
the
Bitcoin
network
as
a
whole.
J
J
So
that's
the
outline
of
my
talk.
I'll
first
give
you
some
background
information
and
then
I'll
talk
about
each
of
the
two
attacks
in
detail.
I'll
finish
the
talk
with
countermeasures,
including
some
of
our
follow-up
work.
So,
let's
turn
to
the
background.
Bitcoin
is
a
distributed
network
of
nodes
that
establish
random
connections.
Each
of
the
Bitcoin
clients
keeps
a
ledger
of
phone
transactions
ever
done
in
Bitcoin.
This
we
call
the
blockchain
and
the
blockchain
is
just
a
chain
of
blocks
that
contain
transactions.
J
This
same
is
extended
by
miners
and
use
a
lot
of
computational
power
through
this,
so
they're
compensated
for
their
effort
with
block
rewards
bitcoins
is
mining
is
a
very
risky
process.
You
can
mine
for
years
and
years
and
still
not
get
anything
out
of
it.
So
my
understand
to
collaborate
forming
my
nipples
and
my
nipples
need
actually
become
clients
to
interconnect
to
the
actual
Bitcoin
network.
This
special
friends
we
call
gateways
and
oftentimes
mining
phones
have
multiple
of
them.
J
J
Bit
calm
traffic
travels
around
the
internet
and
the
Internet,
as
we
know,
R
is
composed
of
all
VA
yeses
and
BGP
is
responsible
for
computing.
The
forwarding
path
across
them.
The
interesting
part
here
is
that
all
the
Bitcoin
traffic
is
unencrypted
and
it
doesn't
have
any
integrity
guarantee.
That
means
that
anything
else
in
the
forwarding
path
can
actually
instruct
drop,
delay
or
even
modify.
J
The
messages
know
that,
even
if
the
contradict
was
encrypted,
an
attacker
in
various
paths
would
still
be
able
to
drop
this
traffic
I'll
note
to
you
about
the
first
out
of
the
two
attacks
that
we
can
see
the
remote
work,
so
the
partition
attack
in
the
partition
attack.
The
goal
of
the
attacker
is
to
split
the
network
into
two
components
such
that
no
information
can
be
exchanged
between
them.
J
If
I
had
to
explain
you
why
this
is
worrying
for
Bitcoin
with
one
sending
I
would
say
that
bitcoin
is
a
consensus
protocol
and
preventing
the
Bitcoin
clients
were
talking
to
each
other,
makes
them
not
be
able
to
get
to
consensus,
but
in
a
more
precise
way,
a
partition
attack
is
an
effective
denial
of
service
attack,
as
transactions
cannot
be
propagated
from
one
component
to
the
other.
It
can
cause
revenue
loss
as
all
blocks
that
are
mined
within
one
of
the
two
components.
J
The
one
with
a
loose
mining
power
will
be
eventually
discarded
and
by
discarding
I
mean
that
the
miners
that
they
have
raised
their
computational
power
to
find
these
blocks
do
not
get
anywhere
in
the
back.
Finally,
a
traditional
attack
can
basically
allows
double
spending,
so
I
can
use
my
same
bitcoins
to
buy
goats
in
both
of
the
two
components,
so
rather
I
hope
I
have
persuaded.
J
This
is
bad
I'll
tell
you
how
this
works.
So
imagine
we
have.
This
is
topology.
This
Bitcoin
would
work
and
he
is
in
the
middle
wants
to
partition
the
network
as
denoted
by
the
red
lining,
so
intuitively.
What
the
attacker
would
do
is
that
she
would
attract
on
traffic
destined
to
known
in
the
right
and
she
would
drop
the
connections
crossing.
The
partition
don't
understand
little
bit
better.
How
this
is
done.
We'll
focus
on
node
equity
degree
know
that
the
right
end
of
this
life,
so
I,
don't
get
that
like
now.
J
I
want
to
explain
how
this
will
happen,
but
I
understand
that
this
might
be
boring
for
most
of
you,
so
I'll
try
to
do
it
as
quickly
as
possible.
So
no
there
is
nice
IP
and
in
year
six
is
responsible
for
advertising
the
prefix
for
creating
ability,
prefix
that
covers
the
IP.
So
this
advertisement
will
be
propagated
any
espen
areas
until
all
of
them
knows
how
to
reach
any
six.
So,
for
example,
in
this
one
will
reach
any
six-by-eight
cell
now.
J
The
problem
is
that
the
TP
doesn't
take
the
validity
of
advertisement
as
like
folks
know,
and
such
any
years
in
the
internet
can
actually
advertise
any
prefix.
Now,
let's
assume
that
the
attacker
actually
advertised
the
critics
that
covers
the
idea
of
the
green
node
and
it's
in
fact
a
longer
prefix
done
with
benign
advertisement.
That
means
that
and
because
routers
would
always
choose
the
more
specific
prefix
they
will
all
choose.
J
The
attackers
of
the
heisman
versus
the
benign
not
exactly
effective,
will
gain
access
to
the
traffic
that
is
going
to
be
flowing
at
the
kono
death
and
that's
exactly
what
the
attacker
will
do
to
attract
all
traffic
destined
to
note
in
a
live
notes
in
the
right
see
will
hijack
the
prefixes
pertaining
to
notes
in
the
right,
so
you
will
drop
the
connection
crossing
the
partition
and
boom.
The
partition
is
created.
J
There
are
three
types
of
such
connections:
corrections
within
an
ax
connections
within
a
my
nipple
and
fry
the
connections
between
my
nipples,
so
connections
within
an
agency.
They
don't
use
BGP,
so
the
attacker
cannot
hijack
those
for
for
the
other
two
types.
The
reason
why
the
attacker
cannot
do
it
is
that
she
might
not
know
the
exact
topology
of
of
the
mining
pool
or
she
might
be
unaware
of
a
private
connection.
So
she
might
not
know
its
exact
prefixes
to
advertise
person
might
not
be
able
to
distinguish
the
traffic
that
is
exchanged
because
of
this.
J
So
to
give
you
an
intuition,
is
the
same.
Attacker
wants
to
create
this
partition.
What
she
will
do
is
that
single,
again
Heydrich-
and
we
also
assume
that
there
is
this
phone
in
the
highest
apology.
And
what
we
talked
about
during
this
case
is
that
she
will
hijack
all
nodes
in
the
light.
So
she
will
hijack
the
prefixes
of
all
notes
pertaining
in
the
notes
in
the
right.
J
So
you
will
drop
the
connection
crossing
the
partition
and
the
partition
is
created,
but
it's
not
effective,
and
that's
because
there
is
this
connection
with
the
sanction
is
not
connection
that
crosses
the
partition.
So
in
fact
the
partition
was
infeasible
to
be
creative,
because
there
is
no
way
for
the
attacker
to
know
the
exact
folds
of
truth
and
being
able
to
cap
with
connection.
But
in
this
case
what
the
attacker
can
do
is
actually
monitor
the
connections
that
she
already
hijacked
and
notice
that
there
is
information
leakage
between
the
two
components.
For
example.
J
It
might
be
that
the
block
that
is
mined
by
the
black
nodes
is
advertised
by
knowledge
by
via
longer
binding
Orangemen,
and
she
can
even
understand
that
the
stealth
connection
is
in
OB,
for
example,
in
this
case,
because
that's
the
first
note
that
will
advertise
it
knock
that
should
not
be
in
this
component
once
he
understands
that
she
can
change
slightly
the
partition
she
wants
to
create
in
a
similar
infeasible
one,
the
paper.
We
actually
prove
that
if
the
attacker
produce
is
algorithm,
then
she
can
always
find
the
maximum.
J
So
we
evaluated
our
partition
apart
in
terms
of
practicality
and
times
business,
to
evaluate
their
attack
in
terms
of
practicality,
we
have
to
first
infer
the
Bitcoin
topology,
which
we
implemented
with
browsing
information,
and
using
this
we
thank
found
out
that
the
attacker
is
able
to
split
the
network
into
half,
which
is
the
worst
case
scenario
forbid
crawling
by
hijacking
100,
prefixes
and
100.
Prefixes
is
recognizable
compared
to
the
Hydra
happen
immediately
orphan.
J
As
an
illustration
in
this
graph,
you
can
see
in
the
y-axis
the
maximum
number
of
prefixes
that
were
hijacked
at
once
in
each
of
the
months
that
are
shown
in
the
x-axis.
So
you
can
see
that
hijacks
of
one
thousand
three
fixes,
which
is
one
order
of
magnitude
more
than
where
the
attacker
would
actually
read
happen,
often
happened
every
month.
We
also
evaluate
with
our
attack
in
terms
of
Phi
matrices,
and
to
do
that
we
actually
had
to
run
with
the
attack
in
the
wild,
so
we
attack
their
own
notes
using
the
following
setup.
J
So
we
had
a
bunch
of
nodes,
a
DTS.
They
were
connected
to
the
live
with
for
network
and
we
were
advertising
their
prefix
by
a
vigil
appear
in
Amsterdam.
As
that
all
traffic
destined
to
our
nodes
was
routed
by
Amsterdam,
then
we
attacked
our
notes
by
hijacking
their
prefix
via
Crennel,
and
then
we
measure
the
time
then
takes
for
all
the
traffic
to
be
redirected
by
the
attackers
network.
The
prime,
this
time
that
we
measure
is
from
this
time
we
can
infer
how
much
time
it
will
take
for
the
attacker
to
create
a
partition.
J
So
we
summarize
there
are
results
in
this
graph,
where
you
can
see
the
cumulative
percentage
of
connections
that
were
intercepted
by
the
attacker
as
a
function
of
the
time
listed.
You
can
see
that
it
will
be
linked
to
the
attacker
less
than
100
seconds
to
intercept
all
traffic,
so
that
might
mean
that
it
will
take
for
an
attacker
less
than
100
seconds
to
create
the
partition.
J
So
the
second
type
of
attacks
that
we
consider
in
our
work,
the
purpose
of
daily
attacks,
is
to
keep
the
victim
uninformed
of
the
latest
mind
block
the
reason
why
these
attacks
are
worrying
depends
on
the
actual
victim
that
is
deprive
this
information
and
allenford
nation
is
susceptible
to
double.
Spending
cuts
and
on
foreign
mining
pool
is
destined
to
line
to
waste
its
running
power
on
something
that
is
destined
to
be
discarded,
while
learning
from
regular
node
is
not
able
to
contribute
to
the
peer-to-peer
network.
J
So,
let's
see
how
this
works
in
this
knife,
you
can
see
three
Bitcoin
clients
notes
a
and
B
are
connected
to
the
victim
and
have
an
attacker
that
intercepts
the
connections
from
node
a
to
the
victim.
Now
a
new
block
is
mined
in
the
Bitcoin
network
and
notes
a
and
B
learn
about
this
new
block
and
advertise
it
to
the
victim.
Using
an
inventory
list.
The
victim
will
really
request
the
block
from
the
first
Bitcoin
client
that
advertised
it
so
in
this
case
from
node
a
using
the
get
data
message.
J
However,
both
of
these
attack
would
fail
because
Bitcoin
runs
on
top
of
TCP
and
disappear
will
abort
the
connection
in
this
case.
What
the
attacker
can
do,
though,
is
that
she
can
change
the
content
of
the
block
methods
set
of
the
KPA
dementia
said
that
a
different
love
is
requested
in
this
case
now
they
will
happily
deliver
the
old
block.
The
victim
will
ignore
it
and
will
in
fact,
wait
for
20
minutes
by
default
until
it
request
it
from
another.
J
Bitcoin
client
and
20
minutes
is
a
huge
time
interval
for
Bitcoin,
as
you
have
to
remember
that
blocks
are
mind
every
approximately
10
minutes.
If
the
tiger
stops
there,
she
would
have
managed
to
keep
the
victim
and
inform
for
20
minutes,
but
after
the
20
minutes
timeout
the
victim
will
actually
consider
no
day
as
malicious
and
go
disconnect.
J
If
the
attacker
wants
to
avoid
this
because
she
want
to
stay
under
the
radar
or
because
she
wants
to
keep
this
connection,
what
she
can
do
is
the
reverse
operation,
so
civil
chains
and
navigating
the
methods
of
the
transaction
this
time,
such
that
it
requests
the
initial
block.
If
the
block
is
delivered
within
the
20
minute
time
out.
The
attack
is
completely
under
the
rather
and
the
victim
at
the
connection,
scared
and
the
victim
stays
uninformed
for
graphical
convenience.
J
We
have
ugly,
there
are
tax
in
terms
of
effectiveness
and
practicality,
evaluate
the
effectiveness
of
artifact.
We
actually
had
to
perform
it
in
the
run
against
our
own
notes.
So
we
host
some
Bitcoin
clients,
a
tv8
which
were
connected
to
the
live
Bitcoin
network,
and
we
had
an
attacker
that
were
intercepting
part
of
where
of
of
the
victims
connection
configurable
percentage
of
the
victims
connections.
J
Using
this
setup,
we
found
that
the
attacker
can
keep
the
victim
uninformed
for
most
of
its
up
time
and
that's
correct,
even
if
the
attacker
intercepts
only
a
fraction
of
the
victims
connections
to
give
you
an
iteration
of
our
findings.
If
the
attacker
intercepts
roughly
50%
of
the
victims
connections,
she
can
keep
it
uninformed
for
63
percent
of
its
app
time
and
and
if
you
think
that
doesn't
often
happen,
that
filmer
tell
you
that
almost
70%
of
the
Bitcoin
clients
would
have
an
ISP
that
would
intercept
more
than
50%
of
their
connections.
J
K
J
J
So
basically
they
give
Danko
has
this?
Has
one
format
with
the
same
for
transactions
and
for
blogs,
and
we
need
to
specify
which
block
we
actually
are
asking
for
in?
This
was
specify
with
the
hash
of
the
block,
if
you
think
the
hassle
to
vlog
to
something
that
is
no,
there
has
here
basically
asking
for
a
different
look.
K
D
K
With
you
know,
but
the
difference
there
being
when
you
re
sign
with
your
new
hash,
you
still
need
to
create
a
valid
hash.
According
to
your
hashing
algorithm,
which
would
you
need
to
modify
the
timestamp
right
there
and
you
do
have
it
it's
slightly
different.
It's
one
one
unit
of
time
difference
but
yeah,
that's
dunker,
just
the
clarification
there
when
you're
modifying
the
block
header
to
create
this
kind
of
attack,
which
we
also
just
had
happen
to
us,
and
we
found
a
solution
for
stuff.
J
Okay,
so
I
will
not
talk
about
countermeasures
like
any
countermeasures
exists
for
both
of
our
attacks.
For
example,
we
can
deal
with
melee
attacks
by
adopting
encryption
in
Bitcoin,
or
we
can
at
least
include
unmarked
units.
Bitcoin
message
such
that
were
sure
that
nobody
can
modify
our
messages,
at
least
without
the
receiver
noticing
and
wizard
to
be
deployed.
Countermeasure
would
be
to
let
a
Bitcoin
find
choose
their
peers
in
a
more
smart
way,
so
more
routing,
aware
manner
such
that
there
was
no
single
I
speak.
That
intercept
intercept
most
of
its
connections.
J
J
However,
these
are
nice
solutions,
but
we're
not
practical
like
yes,
of
course,
if
we
slash
if
we
host
all
Bitcoin
clients
as
fast
on
the
floor,
it
would
be
nice,
but
we
would
increase
our
routing
tables
and
it
would
be
also
mean
we
have
acknowledged
secure
routing
protocols,
but
but
we're
not
there
yet,
and
it
might
be
that
we're
and
and
for
sure
won't
be
there
just
will
be
kind.
So
our
follow-up
work
is
on
building
and
secure
channel
the
rich
Bitcoin
clients
can
actually
communicate
and
exchange
their
blocks.
J
And
I
can
tell
you
now
what
is
special
about
our
Sabre
only
network?
What's
special
about
our
nodes,
so
first
they
are
located
in
the
internet
in
a
strategic
way
such
that
when
you
use
the
chances
that
an
attacker
can
intercept
traffic
among
the
remain
nodes
or
between
the
relay
nodes
and
the
actual,
become
clients
and
ii.
Think
that
our
nodes
are
special
about
is
that
they
have
particularly
robust
design
and
that
because
we
actually
use
a
hybrid
design
for
them,
which
is
also
both
for
hardware
and
in
software.
J
Ok,
so
now,
I
will
sleep
some
slides,
because
I
don't
hit
that
pattern
much
time
and
I
will
actually
go
to
the
end
and
I
will
tell
you
what
what
I
would
want
people
to
remember
after
this
talk
and
that's
that
deep
coin
is
vulnerable
to
routing
attacks
both
to
the
network
and
to
the
note
level
and
the
potential
impact
is
roaring,
because
we
can
cause
denial
of
service
attack.
They
can
cause
double
spending
and
who
knows
of
revenue.
J
J
Okay,
so
deploy
and
soft
with
hard
core
design,
so
we
use
the
software
only
to
validate
our
blocks
and
to
update
the
Suites
as
if
it
was
a
class
in
the
Suites.
We
actually
keep
the
block
the
latest
mind
block,
and
then
the
suite
is
responsible
to
answer
to
all
bitcoin
finds
that
it
is
connected
to
now.
There
are
few
things
about.
J
The
suite
that
are
like
very
important
to
note
first
is
that
this
new
programmable
sweetie
they
are
able
to
process
terabits
per
seconds
of
time
at
line
rate,
so
that
means
that
can
keep
up
with
high
demand
and
also
with
another
service
attack,
and
the
second
thing
is
that
we
can
deploy
defenses
in
the
switch
itself.
For
example,
we
can
be
very
right
list
like
lists
and
spoofing
detection
and
detection
of
amplification
attacks,
so
we
can
basically
deal
with
the
network
attacks
in
the
network.
H
D
J
Do
that
simple,
send
a
lot
of
requests,
and
this
is
the
the
switch
is
able
to
deal
with
that,
because
every
request
doesn't
have
to
go
through
the
whole
stack,
so
it
might
answer
right
away,
or
it
might
be
that
it
can
much
more
quickly
come
up
with
the
solution
like
a
filter.
That
would
would
stop
this
back
there.
Thank.
H
K
J
J
K
Yeah,
the
one,
the
one
where
you
had
the
mining
pool
on
the
left-hand
side
and
the
good
and
the
bad
actor,
not
the
one
with
that.
So
basically,
this
is
also
an
attack
bacteria
on
cryptocurrencies
that
I've
seen
and
it's
the
fact
that
that
mining
pool
is
actually
centralized
as
well
meaning
they
can
specifically
be
creating
blocks
on
purpose
and
shutting
out
smaller
miners,
which
may
be
able
to
do
in
this
situation.
Just
saying,
okay!
Well,
we
want
to
blow
away
all
these
people
who
are
mining
on
the
right-hand
side.
J
So,
okay,
two
things
there
I
totally
agree
with
the
fact
that,
basically,
the
partition
that
I
could
be
used
as
by
a
mining
pool
that
wants
to
win
over
another.
So
it
basically
removes
it
from
the
network.
But
yes,
like
the
main
reason
why
this
attack
works
is
that
mining
power
is
centralized.
So
if
we,
if
we
can
somehow
recent,
realize
it
yes,
it
will
be
better.
On
the
other
hand,
oh,
but
if
not,
this
is
that
mining
pools
because
me
like
they
would
lose
a
lot
of
revenue.
Something
goes
bad.
J
There
are
multi-home,
so
they're
trying
to
be
better,
so
there
is
also
an
opportunity
there
if
we
assume
that
my
nipples
are
benign,
which
I'm
not
this
person
to
say
that
but
like
what
I
want
to
say
is
that
it
might
be
easier
to
persuade
mining
folks
to
deploy
a
better
network
rather
than
everyone
before
you
better
network.
So
this
is
a
trade-off.
I
believe
yeah.
I
I
L
L
Yes,
Zurich
is
a
nice
City
I
mean
now.
Coincidentally,
secure
routing
is
a
topic.
It
is
very
close
to
my
heart
and
I
have
done
a
lot
of
work
and
it's
in
the
past.
Nonetheless,
the
topic
of
today's
talk
is
totally
different.
So
what
I'll
try
to
do
is
that
I'll
quickly
go
through
the
very
first
part
of
the
tour
introduce
the
problem.
L
So
the
idea
is
that
we
have
this
upcoming
type
of
systems,
regular
communication
systems.
You
do
additional
computation
and
communication
capabilities,
all
the
vehicles,
these
you
know
words
that
allow
them
to
communicate
and
with
roadside
infrastructure.
So
basically
they
inform
the
driver
about
anything
that
is
happening.
The
driver
cannot
see
or
hear,
and
the
purpose
is
to
enhance
those
profession,
safety
and
transportation
efficiency
and
by
the
same
purpose,
lots
of
service
providers
are
interested
in.
You
know
throwing
in
some
infotainment
right
the
good
things
that
people
are
also,
let's
say,
getting
free
bandwidth.
L
Now
the
problem
is,
if
you
have
such
a
system,
you
might
be
opening
the
door
for
additional
types
of
misbehavior,
so
things
could
go
wrong
in
in
unpredictable
ways,
especially
even
if
you
move
from
a
driver,
assisted
monotony,
driving
mode.
Where
you
have
this
communication,
gonna
rely
only
on
sensors
onboard,
and
here
is
an
example
where,
let's
say
you
have
an
application
that
in
foreign
field,
there's
an.
L
That
you,
you
know,
slows
down
on
you
and
then
one
could
go
and
buy
the
box
that
basically
fakes
the
ambulance,
traffic
and
finds
the
way
open
right.
Then
it
could
be
even
more
serious
attacks
that
would
basically
bring
down
the
default
system.
Essentially,
Dropper
dies.
The
safety
of
the
drivers
and
the
cars
put
their
lives
in
danger.
So
there's
have
been
a
lot
of
work
on
how
you
should
be
dealing
with
regular
communication.
L
One
thing
that
basically
distinguishes
beyond
that
different
requirements
of
security
is
the
need
to
have
both
security
for
all
networking
but
at
the
same
time
have
privacy.
Why?
Because
in
each
of
those,
we
have
people
and
they
care
to
know,
disclose
their
whereabouts.
Now
you
might
say
why
on
earth
do
they
care
when
the
mobile
phone
does
that
for
them?
Well,
if
you
need
to
basically
deploy
a
new
technology-
and
you
say
that
by
default
the
target
privacy,
you
might
hit
the
world
of
some
sort
of
regulation.
L
So
we've
been
working
this
for
many
years
and
our
let's
say
taken
this
as
researchers
and
also
what
we
say,
for
example,
the
European
Commission,
etc.
Is
that
it
should
be
deployed
with
privacy
in
place
and
they
looking
at
the
very
simple
way
of
doing
this?
Well,
assuming
you're
digitally
signing
messages,
you're
sending
you're
using
public
key
cryptography
every
time
you
do
so
1
2
3
n
messages
can
be
trivially
linked
as
no
against
someone
is
verifying
these.
L
The
certificates
can
be
saying
everything
about
you
know
you
can
anonymize
this,
but
if,
even
if
you
do
so
still
the
signature
wants,
we
will
give
you
away
so
what
the
proposal
there
is
to
basically
utilize
multiple
shortening
of
credentials
and
public
private
key
pairs
and
essentially
change
from
one
persona
from
one
pseudonym
to
another.
As
you
move,
and
then
you
were
really
linkable
for
a
short
period
as
short
or
as
long
as
they
overarching
enabled
applications
needed.
L
For
example,
a
collision
avoidance
application
is
trying
to
figure
out
if
someone
is
actually
coming
in
your
lane,
but
short
enough
to
make
sure
that
your
privacy
is
not
at
stake,
and
here
I'm,
just
showing
you
pictures
of
how
basically,
these
systems
on
the
research
front
have
developed.
Since
our
first
engagement
in
the
thing
demonstration
from
2008.
G
L
L
We
have
seen
so
far,
so
we
speed
the
system
in
two
domains
and
we
say
that
the
duties
should
be
separated
in
a
sense
that
there
is
a
one
entity,
this
long
term
certification
authority
that
maintains
the
long
term
identities
of
anyone
registered
in
the
system
and
pseudonym
certification
authorities
also
provide
the
the
short
term
credentials
right.
And
why
do
we
do
this
so
that,
essentially
we
put
a
barrier
and
we
make
things
new
versa
means.
Should
there
be
and
that's
a
legacy
requirement?
L
Should
there
be
some
sort
of
accident
or
some
other
investigation,
you
can
go
back
and
look
at
these
anonymous
and
pseudonymous
key
authenticating
transmissions
and
figure
out
which
week
they
correspond
to,
but
otherwise
you
cannot
and
what
we
actually
care
to
do
is
to
consider
the
security
infrastructure
being
not
fully
trustworthy.
Essentially,
we
care
to
have
a
system
that
provides
all
the
guarantees,
the
security,
the
privacy,
the
performances
I'm
sure
in
a
while,
but
at
the
same
time
it
assumes
the
PCA
and
the
MPCA
entities
I
showed
you
have,
you
are
honest,
but
huge.
D
L
That's
the
focus
here
yeah
and
that's
exactly
what
we
do
with
this
design
and
we
care
how
it
would
scale
and
in
the
end
the
message
will
be
that
well,
it's
not
such
a
big
impediment.
You
can
do
it
with
reasonably
modest
equipment
for
tens
of
thousands
of
cars.
You
still
don't
have
any
system
really
deployed,
but
we
are
coming
forward
towards
that.
So
that's
how
it
looks.
Well,
it
reminds
me
for
those
of
you
who
well
versed
in
security
protocols.
It
could
remind
you
of
the
Kerberos
like
infrastructure.
L
Then
you
can
talk
to
your
NTC,
a
get
a
ticket
that
you
can
present
to
the
foreign
embassy
a
and
then
get
a
new
set
of
credentials
that
anyone
else
in
that
domain
is
actually
using.
Why
would
you
care
so
that
when
you
digitally
sign
messages
about
yourself,
your
whereabouts
and
anything
else,
the
reboost
are
exchanging
each
other?
You
don't
look
this
way.
You're
coming
from
outside
the
system
outside
the
domain,
there
may
be
a
three-wheel,
it's
a
very
small
and
limited
sets
if
you
wish
I'm
skipping
parts
of
the
policy.
L
So
basically
we
worked
out
all
the
protocols
we
have
a
system.
The
protocol
basically
can
kick
out
entities
that
are
found
to
be
misbehaving,
so
you
have
revocation
and
we
did
a
lot
of
experimentation.
Of
course
we
had
to
come
up
with
some
sort
of
synthetic
node
for
through
this
public
infrastructure
he
took
actual
mobility
places
from
the
city
and
the
whole
country,
small
country,
and
we
look
at
different
policies
according
to
which
we
could
basically
refill
with
credentials
these
pseudonyms,
and
you
can
think
of
this
as
some
sort
of
fuel
right.
L
I'm
speaking
the
part
about
the
pharmacy,
so
one
thing
that
matters
is
that
you
basically
get
to
utilize
all
these
reasonings
you
get
mostly
I,
mean
high
degree
of
utilization.
That's
a
good
message
to
not
waste
computation
and
not
generate
large
sets
of
certificates.
That
will
never
be
of
any
use
to
anyone,
and
then
we
look
at
basically
how
long
it
takes
here.
We
stripped
away
networking
delays
because
the
full
thing
is
in
a
lab
and
then
the
demand
is
a
virtual
machine
that
emulates
the
entrance.
L
Essentially
you
get
your
credentials
in
the
order
of
less
than
hundred
milliseconds,
and
that's
essentially
the
message.
I
was
talking
about
it's
a
complex
system.
It
will
get
large
and
into
complex
deployment.
Nonetheless,
the
point
you
are
trying
to
make
there
is
that
not
only
we
crank
up
the
I
mean
the
security
and
protection
level.
L
By
allowing
honestly
curious,
you
show
that
this
can
be
done
with
a
very
modest
hardware
requirements,
and
we
continue
working
on
is
improving,
of
course,
the
system,
and
we
are
looking
into
how
we
could
deploy
it
in
the
cloud
environment
so
that
we
can
scale
in
and
out
depending
on
the
other
demand.
Oh,
that's,
that's
a
different
question:
we're
looking
at
how
to
distribute
verification
information,
that's
a
problem
that
is
in
general,
say
difficult
in
any
in
classic.
You
know
internet
proper
itself.
E
L
So
since
I
I
did
this
within
a
15,
16
minutes
or
whatever
so
maybe
I'll
take
2-3
minutes
were
the
other
two
three
topics,
just
as
a
teaser,
if
you
wish,
but
then
there
is
there's
a
commonality
as
a
common
denominator
there,
and
then
we
can
have
any
any
sort
of
discussion
you
want.
So
let's
look
at
the
certificate
revocation
list
right
so
typically
why
they
say
this
is
sets
of
of
serial
numbers
in
English
of
certificate
which
are
no
longer
volumes.
L
Now
here
you
are
having
many
more
certificates
than
pseudonyms
is
a
female
or
certificates,
and
many
of
them
will
expire
your
honor,
but
then,
depending
on
for
how
long
you
are
provisioning,
the
the
vehicles
with
certificates,
you
might
have
very
large
numbers,
it
depends
when
the
revocation
happens
and
how
many
you've
gained
to
the
vehicle.
So
you
can
have
a
a
large
revocation
list
and
of
course
now,
since
we
care
about
privacy,
but
we
don't
want
and
I
will.
L
L
And
the
question
is
now:
if
you
have
a
large-scale
system
with
very
diverse
connectivity,
how
do
you
get
this
certificate?
Revocation
list
information?
You
can
always
have
online
access,
but
there
we
are
talking
about
systems
where
safety
humans,
their
well-being,
is
at
stake.
So
we
are
not.
You
might
not
want
to
tolerate
it.
Let's
say
long
delays
and
you
know
what
I
want
to
push
eventually,
the
the
information
to
their
vehicles
and
one
other
feature
that
is
fundamentally
different.
L
That
typically,
you
interact,
let's
say
with
a
website
server
and
you
check
the
status
of
their
certificate.
In
this
case
you
are
in
a
neighborhood
of
previously
not
saying
vehicles
which
do
have
a
certificates,
but
this
neighborhood
keeps
changing.
So
if
you
were
to
think
of
some
sort
of
OCSP
type
of
approach,
you
might
be
hitting
a
wall
there
exactly
because
you
have
been.
You
need
to
run
this
over
and
again.
So,
what's
the
deal
here,
a
simple
idea:
we
call
this
vehicle
centric
CLS,
the
bution
and
essentially
we
say
well
get
to
any
vehicle.
L
Introduced
some
sort
of
cheap
Authenticator
in
other
credentials
in
a
subset
of
those
or
broadcast
this
at
a
very
low
rate
in
what
in
what
way
or
for
what
reason,
so
that
essentially,
that
CRL
that
you
need
to
distribute
if
you
chop
it
into
pieces.
Essentially,
you
use
these
authenticators
to
basically
facilitate
validation
of
those
pieces.
Why?
Because
someone
could
actually
fake
that
information
if
there
were
no
security
in
place,
even
basically
claimed
that
someone
is
revoked
while
they're?
Not
so
you
kick
them
out
of
the
system
or
someone
are
these
revoked?
L
You
basically
modify
the
CL
and
you
let
them
basically
act
potentially
maliciously
as
part
of
our
system.
So
we
need
to
small
or
very
seemingly
simple
idea
that
no
one
has
proposed
before
sensually.
We
do
get
a
40
fold
improvement
in
terms
of
delay
to
distribute
the
Cyril
information.
Even
if
we,
though,
we're
using
around
25
kilobytes
per
second
like
a
minimum,
a
very,
very
low
rate
of
information-
and
this
is-
you
might
say:
well,
there
are
constraints
for
wireless
communication,
but
still
we're
talking
about
megabits
per
second
and.
L
Pays
it
pays
to
be
frugal
in
that
sense,
or
we
can
have
this
information
basically
distributed
over
kilometers
of
area
within
within
reason
of
very
reasonable
delays
and
extremely
faster
than
the
best
solution.
Well,
that's
less
a
1/1
problem
solved
furthering
that
in
that
direction.
Now,
why
would
it
be
useful,
not
the
CRL
distribution
but
overall,
having
such
privacy
preserving
and
security
enabling
ephemeral
credentials?
L
Well,
you
can
think
of
a
scenario
where
you're
submitting
queries
to
an
LPS
server
and
then
every
time
you
do
this,
you
disclose
where
you
are,
what
you
care
about
and
eventually
who
you
are
in
the
end
right.
So
there
were
solutions
in
the
literature
that
say
well
take
all
these
queries,
aggregate
them
give
them
to
an
anonymizer,
and
then
they
anonymizer
we're
getting
to
the
LPI
server
and
then
ship
them
back
to
you.
Fine
excellent
solution.
L
Nonetheless,
it
basically
said
tell
us
that
if
this
guy
is
honest
but
curious,
this
guy
is
fully
trust
worth
why
it's
not
clear.
So
what
we
proposed
is
basically
relying
on
your
peers
to
get
this
information
and
if
and
only
if,
they
cannot
provide
it.
Then
you
ask
me
lbs
so
essentially
your
exposure
to
the
honest
but
curious
entity
is
minimized.
But
then,
if
you
rely
on
peers,
you
could
be
basically
getting.
D
L
Try
to
solve
the
problem
of
how
basically
useful
up-to-date
information
could
be
made
available.
We
tried
initially
to
have
peer
to
peer
academic
distribution
of
this
information,
meaning
I
asked
a
question
to
the
server.
If
I
have
the
answer
you
asked
me
for
for
the
answer:
I'll
give
it
to
you.
If
I
have
it
right,
but
then
basically
the
convergence
in
the
delay
is
pretty
low.
Plus
it
opens
additional.
It
raises
additional
questions.
I
could
be
exposing
myself
to
my
peers
and
so
on
and
so
forth.
So
we
change
the
design
here.
L
We
said
that
there's
a
randomized
not
in
the
hands
of
the
adversary
approach
that
the
infrastructure
randomly
assign
someone
to
be
a
server
node,
a
serving
node,
let's
say
of
the
peers
for
a
short
period
of
time
and
I'm
skipping
here
that
essentially
we
reduce
dramatically
and
the
exposure
to
they'll
be
a
server
and
with
the
appropriate
design
we
we
reduce
the
exposure
to
peer.
So
this
is
something
it
wasn't
measured
before
every
everyone
is
usually
a
bit
idealist.
L
Idealistic
about
this
peer
to
peer
interactions,
but
well
you
never
know
what
are
the
motivations
would
say.
The
model-
and
we
basically
deal
with
the
problem
of
those
basically
trying
to
pollute
the
air,
the
distribution
of
information
and
for
the
last
minute
or
so
same
same
direction,
mobile
systems,
urban
sensing
system.
So
basically,
rather
than
deploying
a
year
sensing
infrastructure,
you
leverage
sensing
capabilities,
onboard
the
car
from
both
cellphones
and
then
you
basically
recruits
important
quotes
to
help
you.
L
The
question
is:
how
do
you
do
it
without
giving
them
the
opportunity
to
manipulate
your
data,
the
medicine
process?
How
do
you
do
it
without
harming
their
privacy
and
even
better?
How
do
you
provide
an
incentive,
or
do
you
remunerated
some
way
tangible
way
so
that
you
motivate
and
further
to
participate?
Now,
the
big
story?
We
have
quite
a
lot
of
work,
but
then,
here
you
see
again
the
same
idea,
separation
of
duty,
but
then
can
we
use
of
I'd,
say.
L
Authentication
for
one
of
the
entities
because
it
suits
us
better
if
you
wish,
we
are
not
subject
to
the
standard,
the
considerations
for
the
design,
considerations
and
so
on
so
forth,
and
we
address
a
broader
set
of
problems.
For
example,
you
participate
in
a
task.
The
infrastructure
doesn't
know
which
tasks
are
participating
with
the
only
one.
You
use
those
short-term
credentials
to
submit
your
data,
because
this
is
the
computational
and
communication
wise
most
efficient
way
to
do
it.
And
then
you
have
a
great
deal
of
guarantees
which
summarize
here
well
there.
L
We
also
did
some
formal
analysis
of
time
and
we
went
even
further
and
we
use
machine
learning
to
basically
D
sift
sift
SIF
T
I
mean
meaning.
They
basically
tried
to
figure
out
which
data
we
can
trust.
Even
if
someone
and
being
an
internal
adversary
is
trying
to
manipulate
the
contributed
data
towards
basically
AB.
You
mention
shifting
the
the
collected
data
a
in
a
way
that
it
should
and
that's.