| Internet-Draft | Computing Resource Authenticity Evaluati | November 2024 |
| Ma, et al. | Expires 10 May 2025 | [Page] |
This draft introduces an evaluation scheme for computing resource authenticity. The scheme aims to verify and evaluate the authenticity of computing resources in the network using application layer method. This draft describes the basic principle of the scheme and authentication mechanism.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 10 May 2025.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Computing resources play an important role in Computing-Aware Traffic Steering. Attackers may publish false computing resources advertisements for profit or malicious purposes, which will cause security issues.¶
This security issue was also mentioned in [I-D.ietf-cats-usecases-requirements]:¶
The behavior of the network can be adversely affected by modifying or interfering with advertisements of computing resource availability. Such attacks could deprive users of the services they desire, and might be used to divert traffic to interception points. Therefore,¶
R23: secure advertisements are REQUIRED to prevent rogue nodes from participating in the network.¶
Many security requirements are also mentioned in [I-D.wang-cats-security-considerations]. The security mechanism needs to be able to address the anonymity and uniqueness issues of service identification.¶
In traditional networks, routing information is commonly regarded as a publicly verifiable resource, which can enable rapid detection. However, the false advertisements of computing resource are difficult to detect.¶
Considering the particularity of CATS work scenarios and requirements, this scheme chooses to use application layer technology to solve this security issue. This scheme proposed in this draft aims to solve this problem by coming up with a bilateral evaluation mechanism in the network. The main steps of this scheme are node registration, task allocation and bilateral evaluation.¶
The structural design is shown in Figure 1.¶
+---------+ +---------+
| Client | | Client |
+----+----+ +----+----+
| |
+---+---------+---------+-----+---------+---------+---+
| | CATS Path Selector| | CATS Path Selector| |
| +-------------------+ +-------------------+ |
| |
| |
| Underlay |
| Infrastructure |
| |
| |
| +-------------------+ +-------------------+ |
| | CATS Path Selector| | CATS Path Selector| |
+---+---------+---------+-----+---------+---------+---+
| |
+--------+--------+ +--------+--------+
| Service site 1 | | Service site 2 |
+-----------------+ +-----------------+
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document makes use of the following terms. The terminology echoes what is in [I-D.ietf-cats-framework]:¶
Computing-Aware Traffic Steering (CATS): A traffic engineering approach [I-D.ietf-teas-rfc3272bis] that takes into account the dynamic nature of computing resources and network state to optimize service-specific traffic forwarding towards a given service contact instance. Various relevant metrics may be used to enforce such computing-aware traffic steering policies.¶
Client: An endpoint that is connected to a service provider network.¶
Service instance: An instance of running resources according to a given service logic. Many such instances can be enabled by a provider. Instances that adhere to the same service logic provide the same service. An instance is typically running in a service site. Clients' requests are serviced by one of these instances.¶
Service site: A location that hosts the resources that are required to offer a service. A service site may be a node or a set of nodes. A CATS-serviced site is a service site that is connected to a CATS-Forwarder.¶
CATS Path Selector (C-PS): CATS Path Selectors (C-PSes) use information to select where to forward traffic for a given service request. C-PSes also determine the best paths (possibly using tunnels) to forward traffic, according to various criteria that include network state and traffic congestion conditions. There might be one or more C-PSes used to compute CATS paths in a CATS infrastructure.¶
Trust Value: a parameter to quantify the trust of clients and service sites.¶
When a client node connects to the network, to protect the privacy of users, the scheme employs a hashing algorithm to generate unique anonymous identity identifiers for each client during the registration process.¶
When updating task states information, only anonymous identity identifiers are used and the real identity information of clients is not disclosed.¶
The client node that has completed registration will be assigned an initialized trust value.¶
When the service site node connects to the network, in order to verify the computing resources owned by the service site, the service site will be required to complete a set of valid tasks.¶
After receiving the valid task results from the service site, the computing resources of the service site are validated based on the valid task execution time and the correctness of the computation results.¶
In order to protect the privacy of service site, this scheme will use a hash algorithm to generate a unique anonymous identity identifier for each verified service site node during the registration process.¶
The service site node that has completed registration will be assigned an initialized trust value. Afterwards, the service site node can be assigned computing tasks.¶
According to client requirements, computing resource information of service sites and trust values, the service instance will be assigned.¶
The entire process of service instance publishing, allocation, completion, and feedback is recorded, which will be used for resolving business disputes and tracing attacks.¶
When service site provides feedback on service instance completion, this scheme can verify whether the task has been completed within the specified time interval and obtain service site's evaluation of the client.¶
After client s receive feedback, they are required to evaluate the service site that completed the service instance.¶
Following the bilateral evaluation by the client and assuming the service instance was completed on time, the scheme can calculate the trust value of both the client and service site based on that evaluation information.¶
After each service instance is completed, the scheme will update the trust values of all participating clients and service sites in record.¶
The magnitude of the trust value will affect service instance allocation priority, motivating clients and service sites to provide highly accurate computing resource information to maximize their rewards.¶
TBD¶
Traffic sniffing: Attackers may use computing resource information to analyze network traffic patterns to infer sensitive information.¶
Identity impersonation: Attackers may impersonate trusted nodes and launch denial of service or man in the middle attacks.¶
Information tampering: Attackers may tamper with information in records for malicious purposes such as traffic hijacking.¶
Encryption: Deploying encryption technology to ensure that only authorized network entities can parse and use this information.¶
Access control: Deploy access control mechanism, only requests from registered clients and service sites will be responded to by the network.¶
Identity authentication: Using public key infrastructure and digital signatures for identity authentication.¶
Integrity protection: Using hash functions, block chain and other methods to ensure the integrity of information.¶
Monitoring and auditing: Implement monitoring systems to detect and record for tracking and responding to security incidents as they occur.¶