►
From YouTube: IETF108-ANRW-20200730-1100
Description
ANRW meeting session at IETF108
2020/07/30 1100
https://datatracker.ietf.org/meeting/108/proceedings/
A
Good
day,
everyone
welcome
to
a
rw
and
we
are
about
to
start
within
a
minute
or
so.
I
would
like
to
welcome
you
on
behalf
of
miria
and
myself,
and
we
will
start
it
exactly
now,
exactly
because
my
clock
says
it's
11
utc.
A
We
will
kick
off
with
a
couple
of
slides
from
us
as
chairs
to
welcome
you
to
the
workshop
and
then
we'll
start.
The
first
presentation
so
welcome
everyone.
This
is
the
applied
networking
research
workshop
in
case
you
hadn't,
noticed
2020.
A
My
co-chair
miriah
is
also
online.
I
hope
you
can
see
her
video
she's
waving,
say
hello,
everybody,
hello
better.
So
we
would
like
to
start
off
by
expressing
our
thanks
to
the
program
committee,
who
did
all
the
hard
work
of
reviewing
the
papers
they're
shown
here
on
the
slide,
they're
also
up
on
the
website.
So
a
big
thank
you
to
all
of
them
for
reviewing
the
the
papers
that
were
submitted
to
the
workshop.
A
A
Some
logistics
for
you
in
case
you
would
like
to
have
a
sort
of
second
screen
to
chat
with
other
participants
or
to
talk
to
the
speakers
later
on.
We
have
a
slack
channel
on
the
sick
com
workspace.
So
if
you
and
anybody
can
join,
you
don't
have
to
be
a
sicko
member
to
join
that.
The
link
is
up
on
the
slide
here.
The
slides
are
also
in
the
itf
data
tracker
and
on
the
a
rw
website.
A
The
program
and
the
papers
for
this
session
and
all
of
the
other
sessions
are
also
up
on
the
website
and
acm
has
enabled
access
to
the
papers
in
the
digital
library.
Today,
one
important
note
is
that
all
sessions
are
being
recorded
and
the
recordings
will
be
made
available
on
youtube
after
the
workshop.
A
So
in
case
you
are
participating
in
the
q,
a
q,
a
please
note
that
your
voice
may
be
recorded
and
if
you
decide
to
share
your
video
that
will
be
recorded
as
well
and,
like
I
said,
the
slides
are
in
the
data
tracker,
a
couple
of
notes
on
meat
echo.
I
guess
the
itf
108
participants
are
familiar
with
that
by
now,
but
people
that
are
joining
specifically
for
the
workshop.
A
You
may
want
to
know
that
we
work
with
a
queuing
system
for
the
question
and
answer
after
each
presentation
and
you
can
click
on
the
the
microphone
icon
with
the
hand
to
join
the
q,
a
queue
and
the
session
chair,
so
that
will
either
be
miriah
or
myself
will
then
give
you
access
to
the
microphone
to
ask
your
question.
A
There
is
more
information
on
the
use
of
media
echo
on
the
url
shown
on
the
slide
and
again,
the
slides
are,
in
the
data
tracker,
a
quick
overview
of
our
program
today
and
tomorrow.
So
we
have
three
sessions
today.
This
is
the
first
session
on
dns
and
bgp.
Then,
starting
from
one
o'clock
utc,
we
will
have
protocol
testing
and
validation
from
ten
past
two
utc.
We
will
have
transport
protocols
and
traffic
engineering,
and
tomorrow
from
one
o'clock
utc,
we
will
have
the
final
session,
which
is
on
monitoring
and
logging.
A
And,
let
me
see,
oh,
those
are
the
other
sessions,
so
I'm
not
going
to
show
this
and
with
that
I
think
we
are
ready
for
our
first
presentation,
so
I'd
like
to
ask
alessandro
from
meet
echo
if
he
can
start
sharing
the
video.
B
B
B
Requests
are
relayed
via
various
intermediary
recursive
dns
servers.
This
service
could
either
be
local
recursive,
dns
servers
or
open
resolvers.
The
special
characteristic
of
the
dns
quarter,
torture
attack
is
that
dns
requests
are
crafted
in
a
random
manner.
The
attacker
ensures
that
the
fqdn
included
in
the
question
section
of
this
request
is
invalid.
That
is
not
included
in
the
runs
of
the
authoritative
dns
server.
Thus
a
name
is
never
repeated.
B
B
Dds
attacks
are
typically
mitigated
more
efficiently
close
to
their
origins
in
our
dns
use
case.
This
could
happen
in
scrubbing
services
or
appropriately
deployed
filters
on
the
recursive
dns
server.
To
that
end,
a
list
of
the
valid
names,
including
the
authoritative
dns
server
zones,
should
be
exchanged.
B
B
We
impose
the
following
design
requirements
for
our
schema.
Firstly,
the
desired
system
should
map
the
third
led
and
server
zone
names,
not
in
their
actual
form,
but
hast.
Thus,
electricity
in
the
servers
or
scrubbing
services
could
receive
a
complete
list
of
the
valid
fpdns
without
inferring
the
zone
contents.
B
B
Finally,
support
for
incremental
updates
the
selected
data
structure
should
support
flexible
element
updates
in
order
to
fulfill
these
requirements.
We
relent
probabilistic
data
structures
as
data
stores
for
the
valid
names
of
the
authoritative
dna
zones.
This
paper
extends
our
previous
work
that
was
presented
in
ieee
cloudnet
the
previous
year.
In
that
work,
we
demonstrated
that
bloom
filters
may
be
used
to
map
the
names
of
large
dna
zones
efficiently
in
terms
of
time
and
space
and
filter
suspicious
traffic
in
cloud
infrastructures.
B
B
B
B
In
order
to
look
up
for
a
word
in
the
blue
filter,
I
have
to
check
if
all
the
corresponding
bits
have
been
set
one.
Thus
for
the
negatives.
This
means
item
in
the
filter,
but
lookup
says
it
is
not
are
impossible,
because
if
I
have
inserted
an
element
in
the
filter,
I
cannot
see
in
one
of
the
corresponding
positions.
A
zero,
but
full
positives
are
possible
because
bits
are
served
among
items
pill.
Filters
have
been
used
in
various
applications
related
to
dns.
B
B
B
Next,
I
will
provide
brief
background
on
cuckoo
filters.
Cuckoo
filters
may
be
perceived
as
two
dimensional
arrays
elements
are
accepted
in
the
entries
of
these
arrays
as
fingerprints.
These
fingerprints
of
size,
f,
bits
are
calculated
using
the
function.
Fdp
as
two
dimensional
arrays
cuckoo
filters,
characterized
by
the
number
of
available
buckets
m,
the
fingerprint
enter
is
b
per
bucket
each
element
x.
B
B
B
B
One
of
the
two
buckets
of
y
is
the
same
with
one
of
x's
buckets
assume
that
we
select
the
first
packet
of
the
cucu
filter
to
insert
the
fingerprint.
However,
the
bucket
is
full.
This
will
result
in
evicting
one
of
x's
fingerprint
2x's
alternate
bucket
and
a
certain
quiet
fingerprint
in
this
position.
B
C
B
B
B
The
privacy
workzone
manager
recovers
a
list
on
the
entire
plaintext
resource
records,
enhances
their
corresponding
names
to
create
the
has
dna
zones
next
recently
modified
resource
records,
along
with
details
pertaining
to
them,
are
description.
Zone
updates,
log,
sensitive
information,
for
example,
names
is
hast
and
there
is
one
metadata
and
including
an
incremental
dna
zone.
This
one
reflects
recent
drone
changes.
B
Recursive
dns
servers
that
wish
to
filter
malicious
dns
requests
within
their
premises
may
get
the
necessary
zone
names
in
the
privacy
overall
format
from
the
authoritative
dna
server.
This
is
accomplished
by
getting
a
full
copy
of
has
dna
zone,
along
with
its
recent
modifications
from
the
corresponding
incremental
dna
zone
regularly.
Recursive
dns
servers
may
use
incremental
dna
zone
contents
to
update
their
filtering
modules
flexibly.
B
As
mentioned
in
the
previous
slide.
The
privacy
ware
zone
manager
builds
and
maintains
the
cuckoo
filters
whose
fingerprints
are
used
to
create
and
revise
the
contents
of
the
privacy
aware
dna
zones,
specifically
the
actions
of
the
privacy
version
manager,
include
retrieving
the
resource
records
to
the
plaintext
dna
zones
extracting
their
fqdns
and
hashing
them
into
figure
prints,
creating
the
cook
filters
and
subsequently
creating
the
hasdine
zones.
B
B
There
is
special
treatment
for
resource
records,
sharing
fqdns
with
others,
but
differ
in
the
source,
record
type
and
door
value.
To
that
end,
we
use
frequency
counters
to
distinguish
names
introduced
for
the
first
time
or
finally
deleted
from
the
zones.
Moreover,
the
privacy
over
zone
manager
is
implemented
in
python.
3
and
utilizes,
the
murmur
has
three
function
for
fingerprint
and
has
calculations.
B
B
Information
is
encapsulated
within
txt
type,
resource
records
lines,
3
up
to
7
are
related
to
cuckoo
filter
parameters
and
utilized
algorithms.
Specifically,
the
hash
dna
zones
provide
information
on
the
cuckoo
filter,
total
buckets
on
the
sides
of
the
fingerprints
and
the
number
of
possible
fingerprint
entries
per
bucket.
B
Through
an
example,
we
elaborated
this
slide
on
the
method
of
mapping
fqdns
in
the
hass
dna
zones.
In
the
following
figure,
we
depict
the
first
82
fqdn
fingerprints
of
our
combo
zone,
ntua.jr
mapped
in
a
filter.
This
cuckoo
filter
has
fingerprints
of
size,
12
bits
and
its
bucket
may
accommodate
up
to
four
fingerprints.
B
In
our
example,
we
have
a
fingerprint
size
of
12
bits
and
thus
3
bytes
of
hexadecimal
digits
are
utilized
for
its
fingerprint.
This
size
leaves
a
false
positive
probability
of
0.3
percent.
Two
fingerprints
requiring
less
bytes
are
prepared
with
zeros.
In
our
example,
fingerprints
requiring
one
or
two
hexadecimal
digits
are
accordingly
prepared
with
zeros
until
the
size
of
the
fingerprint
representation
is
three
bytes.
Three.
The
figures
of
multiple
coco
filter
buckets
are
mapped.
Sequentially
within
a
single
txt
type
resource
record.
B
B
Thus
the
first
bracket
includes
a
trailing
dot,
as
we
cannot
be
sure
what
are
the
boundaries
of
this
bucket?
In
contrast,
the
second
bucket
is
full,
as
it
contains
four
fingerprints.
Therefore,
a
trailing
dot
is
not
needed.
This
method
further
conserves
memory
in
the
above
figure.
The
first
fingerprint
of
its
bucket
is
underlined
for
clarity.
B
B
The
purpose
of
the
incremental
dna
zones
is
to
map
recent
name
changes
of
the
plaintext
dna
zones.
Their
contents
are
retrieved
via
ixfr
type,
dns
requests
in
the
following
figure.
We
depict
the
information,
serialization
format
of
the
incremental
dna
zones.
The
rules
of
mapping
are
the
following
one.
The
last
serial
parameter
indicates.
The
changes
prior
to
this
value
are
incorporated
in
the
has-dino
zones.
Consequently,
is
the
starting
point
for
recursive
dna
servers
to
begin
retrieving
data
from
an
incremental
dns
zone.
B
Two
the
sequence
parameter
defines
if
a
has
dinner
zone
is
tail
and
must
be
downloaded
again.
For
example,
this
is
required
when
the
parameters
of
the
filter
has
changed,
because
the
filter
is
full.
Three.
The
update
section
marked
the
fingerprints
of
the
names
that
changed
the
action
associated
with
them,
that
is
whether
the
name
was
added
or
deleted,
and
finally,
the
buckets
and
grids
the
fingerprint
is
mapped
in
the
cuckoo
filter.
B
B
B
B
These
included
latin
letters
digits
and
the
hyphen
note
that
names
cannot
start
with
a
hyphen
based
on
the
results
of
our
experiments.
We
observed
that
fqdns
with
first
label
longer
than
five
characters
are
protected
with
high
certainty,
as
they
result
into
a
large
number
of
false
positives,
notably
as
the
prefix
grows.
Brute
force
attacks
require
exponentially
longer
time,
since
the
total
number
of
required
hashing
operations
is
prohibitively
large.
B
Indicatively
100
billion
operations
are
required
in
total
for
first
available
lengths
of
sharing
heart
rate
characters
in
the
sql.
We
determine
the
applicability
of
diverse
data
serialization
formats
for
mapping
zone
names
into
has
dna
zones.
We
consider
the
following
serialization
formats
for
our
has
dna
zones.
The
first
was
a
cook
filter
with
multiple
buckets
mapped
within
each
resource
record.
The
second
was
a
cuckoo
filter
with
a
single
bucket
map
within
its
resource
record.
The
third
was
a
bloom
filter
with
multiple
bytes
mapped
within
its
resource
record.
B
We
considered
cuckoo
filters
with
ninety
percent
field
entries
and
the
false
positive
probability
of
zero
point
three
percent.
We
observed
the
data
serialization
format
using
a
cuckoo
filter
with
multiple
buckets
mapped
within
each
resource
record.
This
is
the
first
option
clearly
outperforms
the
others,
including
the
bloom
filter,
the
choice
of
using
a
cuckoo
filter
with
a
single
bucket
mapped
within
its
resource
record.
This
is
the
second
option
proves
inefficient,
as
fqdn
suffices.
Ttl
values
and
type
parameters
included
within
its
resource
record
introduce
unnecessary
overheating.
B
Now
has
dinner
zones,
in
contrast,
using
cuckoo
filter
with
multiple
buckets
mapped
within
its
resource
record.
First
option
proves
more
efficient,
as
it
reduces
the
overall
number
of
required
resource
records.
Finally,
the
table
also
includes
the
actual
size
of
the
cuckoo
filter.
That
is,
the
bytes
required
to
maintain
the
cook
filter
in
memory.
This
is
the
last
column
we
observed
that
the
consumed
bandwidth
with
our
best
serialization
format.
First
option
is
almost
twice
compared
to
that
of
the
in-memory
cuckoo
filter.
B
B
The
privacy
version
manager
performs
various
operations
for
managing
the
haas
dna
zones.
In
our
last
experiment,
we
compared
the
latest
sophisticated
actions
using
both
bloom
filters
and
cuckoo
filters.
Our
results
are
depicted
in
the
following
chart.
The
considered
actions
include
1
the
initial
creation
of
the
respective
data
structure
in
memory
for
both
blue
filters
cook
filters
by
hashing
and
inserting
all
the
plaintext
dna
zone
fqdns.
B
B
On
the
contrary,
coco
filters
rapidly
incorporate
updates
compared
to
bloom
filters,
which
is
an
important
property
for
dns.
That
involves
frequent
updates.
Unlike
filters
directly
support
deletions,
bloom
filters
need
to
be
rebuilt,
excluding
the
removed
data.
As
a
conclusion,
our
approach
proves
promising
for
distributing
authoritative,
dns
server
zone
names
efficiently,
while
preserving
privacy
as
a
future
work.
B
A
Okay,
thank
you,
nicos,
and
I
forgot
to
introduce
him,
which
is
my
mistake,
so
I'm
going
to
do
that
anyway.
Nicos
holds
a
diploma
in
electrical
and
computer
engineering
from
the
national
technical
university
of
athens
in
greece,
and
he
is
currently
a
third
year
phd
student
at
ntua.
His
research
focuses
on
network
security
tailored
to
the
dns,
and
with
that
we
have
five
minutes
for
q
a
and
nikos.
If
you
could
share
your
video,
then
people
can
see
you
and
also
your
audio,
and
I
see
a
question
from
stuart.
So
short,
I'm
gonna!
D
Interesting
presentation,
thank
you.
Actually,
I
have
a
comment
with
a
question.
You
talked
about
encoding
the
data
using
hexadecimal
and
it
doubles
the
size
and
bytes.
I
just
had
a
quick
comment
for
you.
It's
a
common
misunderstanding
that
a
txt
record
has
to
be
ascii
text
and
in
fact
it
doesn't.
It's
widely
used
containing
arbitrary
8-bit
values
and
also
a
txt
record
is
not
limited
to
255
bytes.
A
txt
record
is
one
or
more
blocks
of
data,
each
of
which
is
up
to
255
bytes.
So.
B
Yes,
of
course,
of
course,
I
am
aware
of
that
that
you
can
split
your.
You
can
split
the
txt
record
into
multiple
strings,
but
I
wanted
to
to
reduce
the
the
complexity
of
my
mapping
scheme,
but
maybe
in
the
future.
C
D
D
The
other
type
that's
commonly
been
used
is
just
a
null
record
and
a
null
record
is
an
arbitrary
unspecified
bank
of
bytes
with
no
boundaries
and,
of
course,
the
third
choice
is
to
define
a
new
dns
record
type,
which
I
know
this
is
research
right
now.
If
it
was
going
before
a
product,
getting
a
new
type
would
apply.
But
if
you
are
concerned
about
doubling
the
space
requirement
of
hexadecimal,
I
just
wanted
to
comment
that
that's
not
actually
required.
B
E
Thank
you.
Everybody
very
interesting
presentation,
very
interesting
work.
I
actually
have
one
comment,
which
is
that
there
is.
There
is
previous
work
in
the
field
of
dns
with
bloom
filters,
which
is
what
we
tried
a
couple
of
years
ago.
We
tried
to
create
a
bloom
filter,
so
that
registrars
could
actually
identify
whether
or
not
the
domain
name
was
taken
offline
sort
of
because
so
so
as
a
domain
name,
availability
check
and
unfortunately
there
was
little
interest
from
registers,
but
that
was
a
very
similar
idea.
E
B
B
A
F
F
But
the
other
question
is:
there's
an
rfc
8198
that
has
an
approach
to
using
nsec3
a
dnssec
tool
to
do
something
similar
to
to
what
you
propose
and
it'd
be
interesting
to
see
a
comparison
of
that
in
future,
with
your
work
and
also
maybe
ways
that
your
work
could
amplify
the
approach.
That
was
the
the
the
desire
of
rfc
8198.
F
I
don't
know
if
you
had
a
chance
to
look
at
that
rfc,
that's
my
question:
did
you
have
a
chance
to
look
at
that
rfc
8198
in
comparison?
Yes,.
B
Thank
you.
First
of
all,
thank
you
for
your
detailed
review.
Yes,
I
have
synthetic
rc
and
we
included
in
the
in
our
future
work
section.
It
is
definitely
one
thing
that
we'll
do
on
a
more
advanced
version.
One
good
thing
of
our
version
of
our
schema
is
that
you
proactively
get
the
zone
file
and
you
may
filter
as
soon
as
possible
the
malicious
domain
names.
B
A
Thank
you,
okay.
Thank
you
nichols.
Thank
you
alison
as
well.
I'm
going
to
take
away
controls
from
both
of
you
because
we're
going
on
to
the
next
speaker,
so
the
next
speaker
is
nozick.
I
hope
I
pronounced
that
correctly.
She
is
a
researcher
at
the
university
of
grenoble
alp
in
france,
where
she
works
on
dns
and
network
security
from
a
large
scale,
measurements
point
of
view
and
alessandro.
Can
you
start
the
video.
G
G
G
They
were
flooded
with
memcache
responses
coming
from
numerous
public
instances.
Such
an
attack
was
possible
due
to
ip
address.
Pushing
this
problem
was
addressed
back
in
2000
on
a
standard
call
source
address,
validation
was
released,
the
irc
suggests
examining
packets
arriving
at
the
network
edge
and
droppings
also
spot
ap
addresses.
This
can
be
done
in
two
directions.
G
G
There
are
several
ways
to
check
the
sav
compliance,
but
with
the
emphasis
on
outbound
filtering,
some
of
the
methods
require
a
vantage
point
inside
the
tested
network,
such
as
a
spoofer
project.
Others
are
remote
but
assume
networks
to
be
misconfigured
in
some
ways.
For
example,
one
method
relies
on
misconfigured
dns
forwarders,
while
the
other
examines
traceroute
loops.
G
G
There
is
a
group
of
attacks
such
as
recently
discovered
an
xms
attack,
microsoft,
cigarette
or
zone
poisoning
that
target
open
services
and,
in
this
case
dns
when
we
close,
is
dns
servers
and
making
them
serve
local
clients.
Only.
However,
if
there
is
no
inbound
filtering
and
outside
there
is
a
spoofed
source
address
from
within
the
range
of
the
destination
network,
you
can
still
misuse
the
dns
server.
G
G
G
G
G
If
a
given
resolver
resolves
a
non-spot
query,
but
not
a
sports
one,
we
infer
the
presence
of
sav
at
the
network
edge
or
in
transit
the
presented
method
while
having
its
limitations,
overcomes
the
major
challenges
of
existing
work.
We
also
make
sure
to
follow
ethical
scanning
guidelines
while
performing
other
measurements.
G
G
G
G
If
it
did
not,
we
assume
this
resolver
to
be
from
a
network
that
deploys
inbound
source,
other
validation
in
general.
We
see
that
there
are
more
networks
without
inbound
source
address
validation,
rather
than
filtered
ones.
The
interesting
case
is
when,
for
a
single
network,
we
have
at
least
two
measurements
with
different
outcomes.
G
G
We
then
contacted
several
administrators
operating
such
networks.
One
claimed
to
be
responsible
only
for
a
subset
of
slash
24
and
had
no
control
of
the
entire
network.
In
the
other
case,
the
network
was
logically
divided
into
several
parts.
Each
of
those
requiring
different
packet
filtering
policies.
G
So
far
we
discussed
inbound
source
address.
Validation
networks
must
deploy
it
so
that
outsiders
cannot
access
resources
otherwise
available
for
local
clients
such
as
dns
resolvers
in
case
of
outer
bound
sources
resolution.
There
is
a
problem
of
misaligned
economic
incentives.
A
network
deploying
outbound
filtering
cannot
be
an
attack
source,
but
can
still
be
an
attack
target.
G
G
G
G
G
G
A
Thank
you
for
the
presentation
I'm
going
to
let
yefenia
in.
If
there
are
questions
for
her,
you
can
join
the
queue
and
so
the
queue
is
open.
Let
me
share
my
screen
as
well.
Yes,
so
that
we
can
see
the
program
here
we
go
if
there
are
no
questions
from
people
at
the
moment.
I
I
do
have
a
question
you
looked.
I
assume
that
you
looked
at
at
ipv4
for
for
this
particular
research
and,
of
course,
scanning
on
ipv6
is
a
little
bit
trickier.
G
Yes,
yes,
so
this
has
been
done
in
our
follow-up
work
that
I
mentioned
in
the
presentation.
What
was
it
for
ipv6
is
that
we
scanned
an
ipv6
hit
list
which
has
around
the
300
million
entries
and
those
are
responsive
artistic
addresses
gathered
by
other
researchers
from
different
sources,
including
dns
zone
files
and
etc.
A
A
Okay,
in
the
mid,
if
you
happen
to
have
questions
after
the
session
ends,
you
could
consider
joining
the
slack
channel
on
the
second
community
slack
or
you
can
send
yephenya
an
email.
Thank
you
for
your
presentation.
You
have
enya
and
then
we
can
go
to
the
next
speaker,
and
the
next
speaker
is
chris
schweck
and
chris
is
a
phd
candidate
at
tu
darmstadt
in
germany.
A
His
research
interests
are
broadly
in
applied,
cryptography
privacy,
enhancing
technologies
and
network
security.
His
current
focus
is
on
cryptographic
protocols
and,
in
particular,
practical
aspects
of
secure,
multi-party
computation
and
new
applications
of
mpc
and
alessandra.
If
you
could
start
the.
A
H
H
H
H
H
Unfortunately,
there
have
been
many
instances
where
roots
have
been
leaked
or
hijacked.
One
such
instance
is
the
russian
telco
incident
from
april
this
year,
where
routes
for
our
google,
aws
and
cloud
fire,
for
instance,
were
sent
to
the
ros
telecom
rpki
was
introduced
to
address
this
issue
by
authenticating
root.
Origins.
H
So
an
root
routing
certificate
binds
iprefix
to
a
public
key
while
an
roa
binds
the
prefix
to
an
autonomous
system
or,
as
the
roa
is
signed
by
the
public
key
associated
with
the
rc
and
rov
validates
the
origin
of
bgb
root.
Announcements
and
rpki
is
a
prerequisite
for
pgp
sec
that
provides
path,
validation,.
H
H
H
Can
rework
and
allocate
resources
and
rpg
authorities
can
unilaterally
take
down
ip
prefixes
based
on
law
enforcement
requests
and
asses
not-ness,
and
we
should
also
note
that
asses
are
not
necessarily
in
the
same
country
as
the
rir.
Hence
they
may
not
have
mechanisms
to
appeal.
H
H
The
second
object
proposal
has
been
with
respect
by
using
blockchain.
Blockchain
itself
has
issues
with
respect
to
scalability,
and
there
are
also
deployment
issues
such
as
consensus,
algorithm
and
the
incentive
for
the
nodes
to
run
the
blockchain.
If
proof
of
stake
is
used,
large
providers
will
become
powerful
players
and
it
will
create
another
form
of
power
imbalance.
H
In
this
work,
we
propose
to
use
multiple,
secure,
multi-party
computation,
so,
first,
what
is
secure?
Multi-Party
computation?
H
Let's
assume
there
are
three
entities
which
have
private
inputs
and
one
way
that
they
can
compute
on
this
private
input.
Without
sending
this
private
input
to
the
others
could
be
to
use
a
trusted
third
party.
But
if
there
is
no
such
thing
as
a
third
party,
we
can
use
multiparty
computation
protocol.
It
is
an
interactive
protocol
where,
based
on
the
private
inputs,
they
can
compute
on
a
function
privately
without
linking
the
private
inputs
to
the
other
and
be
assured
that
the
output
is
correct.
H
H
The
different
entities
have
shares
of
keys
instead
of
having
the
complete
key
and
use
a
multi-party
computation
protocol
to
generate
a
signature.
An
important
aspect
here
is
that
the
signature
is
indistinguishable
from
traditional
signatures,
which
means
we
can
use
existing
verification
mechanisms
to
verify
the
signature.
H
In
this
work,
we
consider
a
stronger
threat
model
than
one
that
exists
in
the
existing
rpki.
We
do
not.
We
consider
that
individual
areas
are
not
entirely
trusted
and
in
particular,
we
described
adversarial
model
where
we
consider
passive
as
well
as
active
adversaries.
A
passive
adversary
is
one
that
follows
the
protocol,
but
might
save
the
protocol
transcript.
H
This
adversarial
model
is
satisfactory
if
the
key
needs
to
be
secured
against
internal
adversaries.
In
the
case
of
active
adversaries,
the
adversary
may
act
arbitrarily
here.
The
operational
integrity
of
aryas
is
not
assumed.
H
Furthermore,
we
consider
the
number
of
parties
which
could
be
corrupt,
whether
a
minority
of
parties
are
corrupt
or
a
majority
of
parties
are
corrupt
and
these
models
will
be
called
discernments
majority
and
honest
majority
models,
and
in
this
work
we
consider
four
protocols
which
are
a
combination
of
active
and
passive
adversaries
and
honest
and
dishonest
majority
protocols.
H
Our
system
setup
has
two
two
components,
so
that
is
a
trust,
anchor
and
hosted
rpki
each
with
a
ca
and
a
threshold
signature
module.
The
rirca
is
the
top
level
ca
that
acts
as
a
trust
anchor
in
the
rpk
rirca
issues,
the
ca
certificates
to
its
members
and
issues
manifests
and
crl's
voice
members.
H
H
H
H
H
H
In
the
first
pre-processing
phase,
we
use
member
independent
preprocessing.
So
in
this
case
we
do
not
require
the
private
key
shares.
Nor
do
we
require
the
message
to
be
available
in
the
second
pre-processing
phase.
We
do
require
the
private
key
shares
to
be
already
generated.
However,
we
don't
need
the
message
to
be
available
at
this
point.
H
H
H
H
We
do
perform
evaluations
of
our
design
and
we
perform
the
evaluations
using
aws
servers
and
five
locations
where
we've
chosen
the
location
such
that
they
are
as
close
to
existing
rar
locations.
H
We
run
these,
and
in
this
we
run
these
protocols
on
both
the
van
using
the
five
five
aws
servers,
as
well
as
on
lan.
To
just
show
the
efficiency
of
our
protocols
from
this
table
below.
You
can
see
that
the
protocol
that
we
call
semioti
has
the
highest
pre-processing
throughput
in
lan.
H
H
H
So
in
the
one
setting
we
observe
that
mascot,
which
is
in
the
dishonest
majority,
setting
and
active,
secure,
produces
about
0.95
signatures
per
second
and
which
roughly
amounts
to
82
000
signatures
per
day
and
chamine,
which
is
our
honest
majority
protocol
uses
about
3.53
signatures
per
second
or
about
300
more
than
300
000
signatures
per
day.
So
what
this
means
is
even
our
slowest
protocol
is
able
to
satisfy
the
requirements
on
an
average
day
and
our
other
protocols
are
able
to
generate
enough
signatures
even
on
peak
days.
H
H
A
Okay,
thank
you
chris
for
the
presentation
I'm
going
to,
let
you
in
so
you
can
answer
questions
in
the
meantime,
I
put
a
reminder
on
the
chat
as
well.
If
you
would
like
to
join
the
q
a
view,
you
just
have
to
push
the
little
microphone
with
hand
icon
and
let
me
share
this
program
again.
I
see
a
question
from
tom
hilton
I'm
going
to
let
you
in
go
ahead
and
ask
your
question.
I
Hi
there.
Thank
you
chris.
It's
a
very,
very
interesting
piece
of
research
that
you're
doing.
I
think
it's
quite
quite
cool.
You
made
a
point
in
regards
to
a
two-layered
solution
that
was
compatible
with
delegated
rpi
and
multi-party
computation,
but
it
was
still
at
risk
of
state
coercion
or
still
possibly
capable
of
being
close
by
by
a
single
state.
I
presume.
Could
you
expand
on
on
how
you
believe
that
to
be
the
case.
H
So
if
I
understood
your
question
was,
why
is
it
that
in
the
two-layered
setting
state
question
is
still
possible?
Is
that
right.
I
H
Right
so
in
the
two-layer
setting
the
way
you
see
it,
you
would
still
have
the
trust
banker
and
which
means
that
if,
for
example,
the
hosted
ca
certificate
is
revoked
using
the
trust
anchor
and
then
that
would
essentially,
basically
anyway,
anyone
below
in
the
chain
can
be
revoked
right.
So
that
was
the
idea
there.
I
Okay,
I
will
I'll
do
some
more
reading
of
that.
Thank
you.
J
J
Res
number
resources;
well,
okay,
that
you
are
not
making
any
discussion
of
what
security
imp,
what
security
implications
your
system
requires
for
the
integrity
of
stuff
happening
there
and
kind
of
one
should
have
in
mind
that
the
rpki
has
the
goal
of
representing
a
verifiable
mapping
of
the
resource
allocations
and
the
related
authorizations
of
the
number
of
the
number
resources.
J
And
if
the
system
for
managing
that
house
has
problems
well
having
a
very
secure.
J
System
of
mapping
that
underlying
domain
well-
okay,
actually
that
security
is
kind
of
not
really.
J
A
Did
you
stop
asking
rigor
or
or
did
the
audio
cut
out.
H
I
think
I
missed
the
question.
I
got
the
initial
part
of
the
comments,
but
I
think
the
question
got
blossomed.
J
J
J
You
are
only
looking
at
the
security
aspect
of
a
cryptographic
system
and
saying
the
management
of
the
underlying
resource
system
will
be
will
be
pushed
into
a
secure
communication
system
between
the
rirs
and
the
security
questions
for
exactly
that.
Management
seem
not
to
be
covered
by
your
fiddling
with
the
cryptographic
system.
H
Yeah
so
so
I
mean
part
of
the
reason
we
didn't
describe
that
in
this
paper.
Also
is
we
basically
had
only
six
pages,
but
yes,
that's
a
good
point
and
we
actually
do
address
that
in
the
upcoming
full
version,
so
yeah
that
will
be
covered
yeah
thanks.
J
A
I'm
I'm
going
to,
I
think,
I'm
going
to
end
the
q
a
because
otherwise
we
run
out
of
time.
Chris.
Thank
you
for
your
presentation
for
answering
questions.
If
anybody
has
questions
for
chris
later
on,
you
can
always
email
him
right.
So
that
means
we
are
going
to
our
fourth
speaker
of
this
session,
which
is
by
stephen
strauss
from
the
ripen.
Tc
steven
is
a
senior
researcher
in
the
r
d
team,
at
the
ripe
ncc
he's
interested
in
network
protocol
behavior
and
ipv6
deployment
prior
to
working
at
the
ripentc.
A
C
Video
symptoms
and
the
filtering
of
announcements
from
a
right
collector
system
is
a
short
position
paper.
Looking
at
a
particular
operational
quirk
of
the
data
collected
by
the
rape,
writing
information
service,
ie
ris,
the
context
for
us
paying
attention
to
this
was
that
back
in
january,
we
were
studying
the
debuggingization
of
2a10
12..
That,
for
context,
is
the
first
slash
12,
that's
been
issued
from
the
ayana
to
any
of
the
registries
in
many
years,
and
we
were
in
a
position
where
we
wanted
to
start
issuing
it
to
membership.
C
In
order
to
do
that
cleanly,
we
wanted
to
make
sure
that
the
space
was
usable,
that
there
were
no
particular
threats
or
hotspots
in
the
space,
and
so
we
ran
a
study
to
deborganize
this
and
to
collect
a
traffic
that
was
arriving
in
that
space.
We
have
written
about
this
extensively
and
you
can
go
dig
out
our
tma
paper
or
the
video
version
where
you
can
continue
listening
to
me
talking
about
this
particular
study.
C
The
short
version
of
this
is
that
we
announced
nine
prefixes
into
bgp
and
those
were
all
configured
slightly
differently.
We
had
four
slash
32s.
We
had
four
slash
48s
each
of
those
had
a
responsive,
pingable
address,
so
we
were
running
rape
atlas
measurements
into
that
space
to
test
active
reachability.
C
C
In
addition
to
those
nine
prefixes,
there
are
stable
anchors
and
predictable
beacons
that
originate
from
rc-03.
There
is
a
page
which
describes
the
beacons
and
anchors
for
the
entire
fleet,
but
the
prefixes
that
we
care
about
are
the
two
prefixes
that
are
listed
there.
One
core
aspect
of
the
larger
study
was
that
we
wanted
to
understand.
If
we
announced
the
new
prefixes,
how
far
would
they
apparently
propagate
across
bgp?
C
So,
given
that
this
is
new
address
space,
it
is
difficult
to
arrive
at
a
preconceived
notion
of
precisely
how
many
peers
is
the
correct
number
of
peers
that
should
see
the
space,
although
what
we
would
anticipate
is
that
most
of
the
peers
should
see
the
space
in
order
for
us
to
be
happy
that
it
was
reasonable
for
members
to
use
this
was
in
the
paper
correlated
with
ripe
atlas
measurements.
They
show
pretty
good
visibility
across
the
board.
C
The
key
part
that
leads
us
on
to
this
short
paper
for
a
nrw
is
that
on
withdrawal,
we
observe
a
spike
at
the
end
right
here,
so
we
spend
a
little
bit
more
time
looking
at
what
actually
happens
in
those
few
moments
at
withdrawal
that
exposes
additional
peers
to
the
recollector
system,
I'm
going
to
quickly
cover
a
mental
model
for
how
the
route
collector
system
actually
works
and
what
people
may
expect
to
fall
out
of
that.
In
this
example,
we
have
rrc
0
3,
which
exists
inside
sn12654
on
the
left.
B
C
C
C
The
distinction
is
that
in
the
peering
policy
that
we
set
up
for
people
who
choose
to
peer
with
risks,
we
request
that
those
peers
announce
all
of
their
ipv4
and
ipv6
pgp
rights
back
to
the
rrc.
So
there
is
a
reasonable
expectation
that,
having
announced
something
out
into
bgp
that
that
information
existing
in
the
peering
bgp
speaker
would
then
be
back
propagated
to
the
wreckage.
C
C
C
We
observe
only
one
other
two
hot
path
and
that's
via
as8218,
which
propagates
the
announcements
to
six
right
collectors,
but
not
back
to
rrc
03
itself,
and
that
scenario
can
look
a
little
bit
more
like
this,
where
rrc
three
announces
one
of
the
prefixes
to
one
of
his
peers
and
that
announcement
propagates
within
that
peer
network
and
out
via
another
bgp
session
and
another
location
to
another
route
collector,
but
not
back
along
the
initial
path.
Back
to
rc03.
C
C
C
It's
in
this
phase
that
rc03
observes
the
announcements
for
peers
that
were
previously
not
seen,
and
given
that
those
peers
are
not
filtering
the
announcements
they're
simply
not
propagating
the
announcements
back
along
the
links
they
were
originally
received.
This
picture
looks
a
little
bit
more
like
this.
C
If
rc03
had
a
peering
session
set
up
with
peers
one
and
three
and
the
announcement
goes
out
via
peer
one,
peer
one
decides
to
propagate
to
peer
three
and
peer
three
decides
to
properly
get
back
to
route
collector
three,
then
we
wind
up
with
a
three
hot
path
and
equally
the
reverse
path,
might
be
visible
in
the
data.
Also,
now
this
is
a
default
behavior
on
certain
vendor
hardware,
the
the
router
will
not
propagate
an
announcement
back
along
the
link
on
which
it
was
originally
received.
That's
a
reasonable
efficiency
game.
C
The
missing
information
on
risks
is
that
we
don't
necessarily
know
the
vendor
hardware.
That's
running
on
the
other
side
of
any
of
these
sessions
or
how
they
are
configured,
and
so
there
is
missing
information
for
researchers
who
are
looking
at
this
data
and
trying
to
interpret
this
data
and
in
particular,
perhaps
there
is
an
expectation
gap
between
what
the
recollector
system
is
showing
for
address
space
announced
elsewhere
versus
the
address
space
that
is
announced
from
the
right
letter
system
itself.
C
This
is,
in
a
sense,
an
operational
quirk
of
the
recollector
system,
but
many
people
in
the
community
use
this
data
and
the
beacons
and
anchors
that
are
announced
from
the
right
collectors
themselves
to
perform
analyses
of
how
the
internet
system
is
operating
today.
So,
if
you
are
using
these
announcements
from
any
of
the
rrcs,
it
may
be
that
that
rrc
simply
offers
a
purview
of
his
visibility.
It's
a
good
thing
to
be
aware
of
further
the
announcement
of
completely
fresh
address
space
that
had
never
been
used
before
may
be
insightful
for
writing.
C
A
Okay,
thank
you
steven.
I
should
have
looked
you
into
the
video,
although
I'm
not
there,
you
go
you're,
also
visible.
Now.
He
says
something
because
I
think
I
have
audio
for
you
exactly.
You
need
to
ask
for
audio
as
well
separately.
If
there
are
any
people
that
have
yes
good
there
you
are.
If
there
are
any
people
that
have
questions,
you
can
join
the
q,
a
q.
A
I
think
I
have
I
have
a
question,
so
the
the
the
request
that
you
do
as
right
for
the
for
the
route
collectors
is
that
people
reflect
the
route
back
to
you.
To
what
extent
are
you
actively
is
ripe
actively
chasing
down
this
particular
request,
and
are
you
going
out
to
to
peers
to
ask
them
to
do
this,
or
is
this
sort
of
something
that
you
ask
for,
but
then
leave
up
to
them
entirely
up
to
them?.
C
The
the
short
answer
is
that
we're
not
pursuing
especially
aggressively
at
all,
but
I
mean
if
we
heard
some
consensus,
that
people
are
people
have
these
expectations
from
risks,
then
I
think
that
we
could
put
a
bigger
effort
into
chasing
if
we
felt
like
it
was
a
reasonable
thing
to
do
the
the
this.
The
purpose
of
writing
some
of
this
down
is
a
little
bit
of
information
sharing
just
to
make
people
aware,
and
if
people
are
willing
to
tweak
their
filtering
policies,
then
that
would
be
awesome.
A
A
Well
and
he's
gone,
then
it's
foreign
all
rights
go
ahead.
J
J
J
J
Well,
okay,
kind
of,
in
fact,
you
would
expect
that
standard
policies
do
not
announce
routes
that
have
the
psas
in
the
air
in
the
as
path.
That's
it.
C
C
Some
bgp
speakers
will
simply
take
the
announcements
and
send
it
back
down
the
path
that
it
came
from,
and
some
vendors
will
definitely
not
do
that
in
the
default,
and
my
guess
is
that
in
many
cases
our
peers
are
not
deviating
far
from
default
configurations,
and
I
suspect
that
that
is
the
most
common
behavior
that
we're
seeing
rather
than
as
path
loop
prevention,
but
maybe
I'm
wrong.
There
could
be
there
could
be
the
part
of
the
prevention.
A
Okay,
we
have
another
question
from
words
marge:
you
have
the
might
go
ahead.
C
No,
but
that
is
a
great
question.
The
the
anchors
and
the
beacons
are
put
out
there
for
people
to
use
and
I'm
personally
not
up
to
speed
on
precisely
who's
been
using
this
recently,
but
that
would
be.
That
would
be
a
valuable
thing
to
go
and
do
in
case.
A
Right,
yes,
are
there
any
other
questions
from
people
that
are
in
the
room.
A
If
not,
then
thank
you,
stephen,
and
we
can
go
to
our
final
speaker
of
this
session.
Our
final
speaker
is.
A
Xiao
is
an
associate
research
scientist
in
the
department
of
computer
science
at
yale
university.
His
research
interests
include
software-defined
networking
resource
discovery
and
orchestration
in
collaborative
data
sciences,
inter-domain
routing
and
wireless
cyber
physical
systems
from
2014
to
2015.
He
was
a
postdoctoral
fellow
in
the
school
of
computer
science
at
mcgill
university.
He
received
his
master
and
phd
degrees
in
respectively,
sorry
in
computer
science
at
wayne
state
university
in
2012
and
2014
and
a
bachelor
degree
in
information
technology,
security
and
a
bachelor
degree
in
economics
from
nankai
university
in
2007
alessandro.
L
L
L
L
In
particular,
we
abstract
each
ais
as
a
virtual
switch
with
a
pipeline
of
match
action
tables
and
passports,
aka
expanse
and
expose
such
information
through
a
northbound
protocol
such
as
our
application
layer,
traffic
and
traffic
optimization
protocol
auto
with
this
attraction,
a
client
connects
to
sdns
to
control
paths
into
domain
network,
and
a
client
may
also
select
to
control
some.
Only
a
subset
of
sdns
to
simplify
management
and
business
arrangements.
L
If
ase
is
instructed
to
select
efd
and
but
asi
has
its
own
extra
policy
to
not
export
efd
to
b,
then
a's
passport
would
only
have
ac
efd
instead
of
two
as
passes
as
such
in
the
past.
Selection
at
sdns
must
be
consistent,
so
while
client
select
a
different
passport
downstream
passport
as
option
may
change,
causing
churns
and
disruption.
L
L
In
particular,
we
consider
the
scenario
where
a
client
connects
to
ksdns
and
wants
to
select
a
consistent
path
of
m
source
testing
flows
and
a
client
object.
Objective
is
defined
by
utility
function
c,
over
all
design
flows
and
with
these
settings
we
formulated
the
problem
as
the
optimization
problem
and
to
maximize
a
client's
utility
subject
to
the
routes
selected
in
all
ksdns
must
be
consistent.
L
We
proved
that
this
problem
is
on
behalf
through
reduction
from
seriously
problem
and
to
to
tackle
this
problem.
We
reformulated
this
problem
as
a
blackboard
organization
model.
In
particular,
we
lived
the
past
consistency
constrained
from
the
constraint
of
this
problem
to
the
object
objective
function
of
this
problem
by
introducing
binary
variable
to
indicate
the
past
consistency
of
different
paths,
and
with
this
reformulation,
we
are
able
to
leverage
a
black
black
box
organization
framework
which
used
the
primary
belief
to
direct
the
search
of
the
multiple
consistent
passes
and
use.
L
L
We
set
the
client
objective
to
find
the
shortest
as
pass
for
the
top
2000
as
pairs
in
terms
of
traffic
volumes
based
on
the
kind
of
internet
traffic
dataset
and
our
key
finding
is
that,
in
all
our
experiments,
the
sda
optimization
algorithm
can
find
an
optimal
policy
compliance
shortly
as
passed
and
in
over
in
95
percent
of
case.
This
can
be
found
by
sampling,
no
more
than
35
possible
passes
until
we
find
the
optimal
consistent
pass
in
the
network.
L
L
L
We
simply
considered
one
ais
to
expose
is
a
rib
and
selected
out,
and
this,
as
is
connected
to
a
varying
number
from
three
to
twenty
neighbor
axis,
and
it
implements
next
hub-based
local
preference
assignment
and
follow
the
standard
route
selection
procedure
of
bgp,
and
we
consider
a
small
number
of
samples
rip
circular
samples
from
200
to
a
large
or
a
fairly
large
one,
20
20
000
samples
per
dataset,
and
in
our
result
we
find
that
when
the
number
of
neighbor
ass
is
small,
for
example,
less
than
eight
asses
only
using
only
160
samples
in
a
simple
feed
forward,
neural
networks
with
certain
euros
would
provide
a
minimum
of
95
percent
accuracy
of
inferring
the
correct
php
selection
policy.
L
So,
to
conclude,
in
this
short
talk,
we
proposed
a
simple
novel:
software-defined
inter-domain
networking
sdn
model
extending
intra-dom
sdn
to
generic
internal
sdn.
We
designed
an
efficient,
optimization
problem
algorithm
to
solve
the
client,
sdi
control,
optimization
problem.
We
demonstrate
the
feasibility
benefits
and
potential
previous
concern
of
the
sdi
using
evaluation
result.
L
L
A
Are
there
any
questions
that
people
for
have
for
xiao?
We
have
a
few
minutes
for
q
a
before
the
session
ends.
A
While
people
are
thinking
about
questions,
I'm
just
gonna
share
the
program
for
the
rest
of
the
workshop.
There
we
go,
and
I
would
also
like
to
remind
everyone
that
if
you,
if
you
don't
have
any
questions
now,
but
you
have
them
later
on,
you
can
contact
all
of
our
speakers
because
their
papers
are
online
on
the
a
rw
website.
A
A
I
think
that
at
the
moment
there
aren't
any
questions.
Xiao
will
you
be
around
in
the
other
sessions,
because,
if
you're
on
the
chat,
people
can
still
ask
you
questions
later
on
yeah
I'll
try
to
be
around.
You
know
any
of
your
the
other
sessions.
Yes
excellent,
and
are
you
by
any
chance
also
on
the
sickom
slack
channel.
L
I
I'm
honestly
comes
select
channel,
but
is
that
the
sitcom
workspace
that's
like
yesterday?
Yes,
I.
L
Yes,
yeah
people.
A
500-
and
this
is
maybe
also
a
reminder
to
all
of
our
participants-
that
you
can
join
the
sitcom
slack
channel
if
you
have
questions
later
on,
there
are
currently
30
people
online
in
the
second
slack
channel,
and
I
see
120
participants
so
there's
room
for
more
people
there.
I
think
we
are.
We
are
out
of
time
almost
thank
you
for
for
your
presentation
show,
and
also
thank
you
for
for
your
video
I'm
going
to
close
this
session
soon.
A
This
is
a
reminder
that
the
workshop
can
has
three
more
sessions
coming
up.
We
have
session
two
on
protocol
testing
and
validation
coming
up
at
one
o'clock
utc.