research-article

Free access

NetWarden: mitigating network covert channels while preserving performance

AUTHORs:

Ang ChenAuthors Info & Claims

SEC'20: Proceedings of the 29th USENIX Conference on Security Symposium

Article No.: 115, Pages 2039 - 2056

Published: 12 August 2020 Publication History

PDF eReader Publisher Site

Abstract

Network covert channels are an advanced threat to the security of distributed systems. Existing defenses all come at the cost of performance, so they present significant barriers to a practical deployment in high-speed networks. We propose NetWarden, a novel defense whose key design goal is to preserve TCP performance while mitigating covert channels. The use of programmable data planes makes it possible for NetWarden to adapt defenses that were only demonstrated before as proof of concept, and apply them at linespeed. Moreover, NetWarden uses a set of performance boosting techniques to temporarily increase the performance of connections that have been affected by covert channel mitigation, with the ultimate goal of neutralizing the overall performance impact. NetWarden also uses a fastpath/slowpath architecture to combine the generality of software and the efficiency of hardware for effective defense. Our evaluation shows that NetWarden works smoothly with complex applications and workloads, and that it can mitigate covert timing and storage channels with little performance disturbance.

References

[1]

Barefoot Tofino. https://www.barefootnetworks.com/technology/#tofino.

[2]

Broadcom Trident 4 delivers disruptive economics for enterprise data center and campus networks. https://www.globenewswire.com/news-release/2019/06/11/1866927/0/en/Broadcom-Trident-4-Delivers-Disruptive-Economics-for-Enterprise-Data-Center-and-Campus-Networks.html.

[3]

Common Criteria for IT security evaluation (ISO/IEC 15408). https://csrc.nist.gov/glossary/term/Common-Criteria-for-IT-Security-Evaluation.

[4]

Information Technology Security Evaluation Criteria (ITSEC). http://www.iwar.org.uk/comsec/resources/standards/itsec.htm.

[5]

Intel FlexPipe. https://www.intel.com/content/www/us/en/products/network-io/ethernet/switches.html.

[6]

Netronome Agilio. https://www.netronome.com/products/agilio-cx/.

[7]

The NetWarden code repository. https://github.com/jiarong0907/NetWarden.

[8]

NTT service level agreement (SLA). https://www.us.ntt.net/support/sla/network.cfm.

[9]

The P4 language repositories. https://github.com/p4lang.

[10]

TCP SYN cookies. https://etherealmind.com/tcp-syn-cookies-ddos-defence/.

[11]

C. Abad. IP checksum covert channels and selected hash collision. Technical report, iUniversity of California, Los Angeles, 2001.

[12]

M. Alizadeh, T. Edsall, S. Dharmapurikar, R. Vaidyanathan, K. Chu, A. Fingerhut, V. T. Lam, F. Matus, R. Pan, N. Yadav, and G. Varghese. Conga: Distributed congestion-aware load balancing for datacenters. In Proc. SIGCOMM, 2014.

Digital Library

[13]

M. Alizadeh, A. Greenberg, D. A. Maltz, J. Padhye, P. Patel, B. Prabhakar, S. Sengupta, and M. Sridharan. Data center TCP (DCTCP). In Proc. SIGCOMM, 2010.

Digital Library

[14]

M. Allman, V. Paxson, and E. Blanton. TCP congestion control. RFC 5681, 2009.

[15]

E. Anderson. Capture, conversion, and analysis of an intense NFS workload. In Proc. FAST, 2009.

[16]

A. Aviram, S.-C. Weng, S. Hu, and B. Ford. Efficient systemen-forced deterministic parallelism. In Proc. OSDI, 2010.

[17]

A. Belozubova, A. Epishkina, and K. Kogos. Random delays to limit timing covert channel. In Proc. EISIC, 2016.

[18]

J. Border, M. Kojo, J. Griner, G. Montenegro, and Z. Shelby. Performance enhancing proxies intended to mitigate link-related degradations. RFC 3135, 2001.

Digital Library

[19]

L. S. Brakmo, S. W. O'Malley, and L. L. Peterson. TCP Vegas: New techniques for congestion detection and avoidance. In Proc. SIGCOMM, 1994.

Digital Library

[20]

S. Cabuk. Network covert channels: Design, analysis, detection, and elimination. PhD thesis, Purdue University, 2006.

[21]

S. Cabuk, C. E. Brodley, and C. Shields. IP covert timing channels: Design and detection. In Proc. CCS, 2004.

Digital Library

[22]

A. Chen, W. B. Moore, H. Xiao, A. Haeberlen, M. Sherr, C. Shields, and W. Zhou. Detecting covert timing channels with time-deterministic replay. In Proc. OSDI, 2014.

Digital Library

[23]

G. Cormode and S. Muthukrishnan. An improved data stream summary: The count-min sketch and its applications. J. Algorithms, 55(1):58-75, Apr. 2005.

Digital Library

[24]

D. M. Dakhane and P. R. Deshmukh. Active warden for TCP sequence number base covert channel. In Proc. ICPC, 2015.

[25]

H. T. Dang, D. Sciascia, M. Canini, F. Pedone, and R. Soulé. NetPaxos: Consensus at network speed. In Proc. SOSR, 2015.

Digital Library

[26]

Department of Defense. Trusted Computer System Evaluation Criteria (TCSEC). (DoD 5200.28-STD), 1985.

[27]

G. Fisk, M. Fisk, C. Papadopoulos, and J. Neil. Eliminating steganography in Internet traffic with active wardens. In Proc. IH, 2002.

Digital Library

[28]

S. Floyd, T. R. Henderson, and A. V. Gurtov. The NewReno modification to TCP's fast recovery algorithm. RFC 3782, 2004.

[29]

Y. Geng, S. Liu, Z. Yin, A. Naik, B. Prabhakar, M. Rosenblum, and A. Vahdat. Exploiting a natural network effect for scalable, fine-grained clock synchronization. In Proc. NSDI, 2018.

[30]

M. Ghasemi, T. Benson, and J. Rexford. Dapper: Data plane performance diagnosis of TCP. In Proc. SOSR, 2017.

Digital Library

[31]

S. Gianvecchio and H. Wang. Detecting covert timing channels: An entropy-based approach. In Proc. CCS, 2007.

Digital Library

[32]

S. Gianvecchio, H. Wang, D. Wijesekera, and S. Jajodia. Model-based covert timing channels: Automated modeling and evasion. In Proc. RAID, 2008.

Digital Library

[33]

J. Giffin, R. Greenstadt, P. Litwack, and R. Tibbetts. Covert messaging through TCP timestamps. In Proc. PET, 2002.

[34]

M. P. Grosvenor, M. Schwarzkopf, I. Gog, R. N. M. Watson, A. W. Moore, S. Hand, and J. Crowcroft. Queues don't matter when you can jump them! In Proc. NSDI, 2015.

[35]

M. Handley, C. Kreibich, and V. Paxson. Network intrusion detection: Evasion, traffic normalization and end-to-end protocol semantics. In Proc. USENIX Security, 2001.

[36]

K. He, E. Rozner, K. Agarwal, Y. Gu, W. Felter, J. Carter, and A. Akella. AC/DC TCP: Virtual congestion control enforcement for datacenter networks. In Proc. SIGCOMM, 2016.

Digital Library

[37]

A. Hintz. Covert channels in TCP and IP headers. Presentation at DEFCON, 2002.

[38]

K.-F. Hsu, R. Beckett, A. Chen, J. Rexford, P. Tammana, and D. Walker. Contra: A programmable system for performance-aware routing. In Proc. NSDI, 2020.

[39]

S. Jero, E. Hoque, D. Choffnes, A. Mislove, and C. Nita-Rotaru. Automated attack discovery in TCP congestion control using a model-guided approach. In Proc. NDSS, 2018.

[40]

C. Jin, D. X. Wei, and S. Low. FAST TCP: Motivation, architecture, algorithms, performance. IEEE/ACM Trans. on Networking, 14:1246-1259, 2006.

Digital Library

[41]

E. Jones, O. Le Moigne, and J.-M. Robert. IP traceback solutions based on time to live covert channel. In Proc. ICON, 2004.

[42]

Q. Kang, L. Xue, A. Morrison, Y. Tang, A. Chen, and X. Luo. Programmable in-network security for context-aware BYOD policies. In Proc. USENIX Security, 2020.

[43]

D. Kim, Y. Zhu, C. Kim, J. Lee, and S. Seshan. Generic external memory for switch data planes. In Proc. HotNets, 2018.

Digital Library

[44]

R. Krösche, K. Thimmaraju, L. Schiff, and S. Schmid. I DPID it my way!: A covert timing channel in software-defined networks. In Proc. Networking, 2018.

[45]

B. Lampson. A note on the confinement problem. Communications of the ACM, 16:613-615, 1973.

Digital Library

[46]

K. S. Lee, H. Wang, and H. Weatherspoon. PHY covert channels: Can you see the idles? In Proc. NSDI, 2014.

Digital Library

[47]

G. Lewandowski, N. B. Lucena, and S. J. Chapin. Analyzing network-aware active wardens in IPv6. In Proc. IH, 2006.

[48]

Y. Li, R. Miao, C. Kim, and M. Yu. FlowRadar: A better netflow for data centers. In Proc. NSDI, 2016.

[49]

X. Luo, E. W. W. Chan, and R. K. C. Chang. TCP covert timing channels: Design and detection. In Proc. DSN, 2008.

[50]

X. Luo, E. W. W. Chan, and R. K. C. Chang. CLACK: A network covert channel based on partial acknowledgment encoding. In Proc. ICC, 2009.

[51]

X. Luo, E. W. W. Chan, R. K. C. Chang, and W. Lee. A combinatorial approach to network covert communications with applications in web leaks. In Proc. DSN, 2011.

Digital Library

[52]

G. R. Malan, D. Watson, F. Jahanian, and P. Howell. Transport and application protocol scrubbing. In Proc. INFOCOM, 2000.

[53]

R. Meier, P. Tsankov, V. Lenders, L. Vanbever, and M. Vechev. NetHide: Secure and practical network topology obfuscation. In Proc. USENIX Security, 2018.

[54]

R. Miao, H. Zeng, C. Kim, J. Lee, and M. Yu. SilkRoad: Making stateful layer-4 load balancing fast and cheap using switching ASICs. In Proc. SIGCOMM, 2017.

Digital Library

[55]

B. Montazeri, Y. Li, M. Alizadeh, and J. Ousterhout. Homa: A receiver-driven low-latency transport protocol using network priorities. In Proc. SIGCOMM, 2018.

Digital Library

[56]

S. Narayana, A. Sivaraman, V. Nathan, P. Goyal, V. Arun, M. Alizadeh, V. Jeyakumar, and C. Kim. Language-directed hardware design for network performance monitoring. In Proc. SIGCOMM, 2017.

Digital Library

[57]

P. Peng, P. Ning, and D. S. Reeves. On the secrecy of timing-based active watermarking trace-back techniques. In Proc. SP, 2006.

Digital Library

[58]

I. Rhee, L. Xu, S. Ha, A. Zimmermann, L. Eggert, and R. Scheffenegger. CUBIC for fast long-distance networks. RFC 8312, 2018.

[59]

C. H. Rowland. Covert channels in the TCP/IP protocol suite. First Monday, 2(5), 1997.

[60]

A. Roy, H. Zeng, J. Bagga, G. Porter, and A. C. Snoeren. Inside the social network's (datacenter) network. In Proc. SIGCOMM, 2015.

Digital Library

[61]

G. Shah, A. Molina, M. Blaze, et al. Keyboards and covert channels. In Proc. USENIX Security, 2006.

Digital Library

[62]

U. Shankar and V. Paxson. Active mapping: Resisting NIDS evasion without altering traffic. In Proc. SP, 2003.

[63]

J. Sonchack, O. Michel, A. J. Aviv, E. Keller, and J. M. Smith. Scaling hardware accelerated network monitoring to concurrent and dynamic queries with *flow. In Proc. ATC, 2018.

[64]

E. Vanini, R. Pan, M. Alizadeh, P. Taheri, and T. Edsall. Let it flow: Resilient asymmetric load balancing with flowlet switching. In Proc. NSDI, 2017.

[65]

G. Varghese, J. A. Fingerhut, and F. Bonomi. Detecting evasion attacks at high speeds without reassembly. In Proc. SIGCOMM, 2006.

Digital Library

[66]

M. Vutukuru, H. Balakrishnan, and V. Paxson. Efficient and robust TCP stream normalization. In Proc. SP, 2008.

Digital Library

[67]

X. Wang and D. S. Reeves. Robust correlation of encrypted attack traffic through stepping stones by manipulation of inter-packet delays. In Proc. CCS, 2003.

Digital Library

[68]

W. Wu and B. Ford. Deterministically deterring timing attacks in deterland. In Proc. TRIOS, 2015.

[69]

J. Xing, A. Morrison, and A. Chen. NetWarden: Mitigating network covert channels without performance loss. In Proc. HotCloud, 2019.

[70]

N. Yaseen, J. Sonchack, and V. Liu. Synchronized network snapshots. In Proc. SIGCOMM, 2018.

Digital Library

[71]

M. Zhang, G. Li, L. Xu, J. Bi, G. Gu, and J. Bai. Control plane reflection attacks in SDNs: New attacks and countermeasures. In Proc. RAID, 2017.

Cited By

Xing JQiu YHsu KLiu HKadosh MLo AAkella AAnderson TKrishnamurthy ANg TChen A(2021)A Vision for Runtime Programmable NetworksProceedings of the Twentieth ACM Workshop on Hot Topics in Networks10.1145/3484266.3487377(91-98)Online publication date: 10-Nov-2021
https://dl.acm.org/doi/10.1145/3484266.3487377

Index Terms

NetWarden: mitigating network covert channels while preserving performance

Index terms have been assigned to the content through auto-classification.

Recommendations

NetWarden: mitigating network covert channels without performance loss
HotCloud'19: Proceedings of the 11th USENIX Conference on Hot Topics in Cloud Computing

Network covert channels are an advanced threat to the security and privacy of cloud systems. One common limitation of existing defenses is that they all come at the cost of performance. This presents significant barriers to their practical deployment in ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
Abstract
Side-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
D-ward: source-end defense against distributed denial-of-service attacks

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

SEC'20: Proceedings of the 29th USENIX Conference on Security Symposium

August 2020

2809 pages

ISBN:978-1-939133-17-5

Program Chairss:
Srdjan Capkun
ETH Zurich
,
Franziska Roesner
University of Washington

Copyright © 2020.

Sponsors

Facebook
Microsoft
IBM
ByteDance
Google Inc.

Publisher

USENIX Association

United States

Publication History

Published: 12 August 2020

Qualifiers

Research-article

Acceptance Rates

Overall Acceptance Rate 40 of 100 submissions, 40%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
69
Total Downloads

Downloads (Last 12 months)35
Downloads (Last 6 weeks)3

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Xing JQiu YHsu KLiu HKadosh MLo AAkella AAnderson TKrishnamurthy ANg TChen A(2021)A Vision for Runtime Programmable NetworksProceedings of the Twentieth ACM Workshop on Hot Topics in Networks10.1145/3484266.3487377(91-98)Online publication date: 10-Nov-2021
https://dl.acm.org/doi/10.1145/3484266.3487377

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten