To “establish a neighbor,” the peers “exchange their GPS coordinates—precise locations would be a violation of the users’ privacy,” so city or even country-level GPS coordinates are used. “The peers establish a shared symmetric key, which they use to compute and verify MACs on the packets they forward for one another. This same process applies when establishing a connection between a source node and an alibi peer.”
“Alibi Routing assumes that nodes outside the forbidden region are trustworthy in reporting their geographic locations and in vouching for neighbors that are too nearby to be in the forbidden region,” the paper states. “It leverages this assumption to direct relay discovery queries toward a target region in which alibis might reside.”
Alibi Routing has an 85%- 95% success rate
The University of Maryland research team simulated a 20,000-user network, defining China, Iran, PR Korea, Syria, and Saudi Arabia as “enemies of the Internet” and India, Japan and USA as having the most Internet users. Alibi Routing “successfully found an alibi more than 85% of the time. With a small safety parameter, the success rate rose to 95%. The results suggest that users can typically avoid the part of the world they wish to route around.”
Failures occurred if “the target region is too small or non-existent.” Proximity could also result in failure when the “source or destination are very close to the forbidden region.”
Routes through alibis incur little increase in latency…sometimes even lower latencies. Another big plus is that Alibi Routing “is immediately deployable and does not require knowledge of—or modifications to—the Internet’s routing hardware or policies.” In other words, the system works at a user – not ISP – level. “Provable avoidance is possible safely and efficiently.”
Security analysis of Alibi Routing
Alibi Routing “derives its security and proofs of avoidance from a ‘clock and a map’: local measurements of round-trip times and a rough knowledge of one’s own (and one’s attacker’s) GPS coordinates.”
The team analyzed the security of Alibi Routing; attacks on safety don’t work since “one cannot trick a trusted peer into thinking that an unsafe peer is safe.” The Alibi Routing protocol “is not susceptible to packet manipulation by nodes within a forbidden region;” packets from an attacker within a forbidden region are ignored altogether.
Attacks on progress, however, are a different story. The researchers wrote, “An adversary could launch an eclipse attack by attempting to populate a victim’s neighbor set with all attackers. Note that such an attack would require an attacker to be very close to the victim.”
Potential “non-attacks” such as “laundering attack traffic,” meaning using the “overlay routing system for reflecting attack traffic” and “sending copies of data to attackers” could be solved by combining Alibi Routing with a more traditional system. The team used Tor in their examples.
Sign up for CIO Asia eNewsletters.