]> China Telecom

Beijing China maxt3@chinatelecom.cn

Beijing Jiaotong University

Beijing China shgao@bjtu.edu.cn

Beijing Jiaotong University

Beijing China zixuanlei@bjtu.edu.cn

China Telecom

Beijing China xuzh24@chinatelecom.cn

routing cats Internet-Draft This draft introduces an evaluation scheme for computing resource authenticity. The scheme aims to verify and evaluate the authenticity of computing resources in the network using application layer method. This draft describes the basic principle of the scheme and authentication mechanism.

Introduction Computing resources play an important role in Computing-Aware Traffic Steering. Attackers may publish false computing resources advertisements for profit or malicious purposes, which will cause security issues. This security issue was also mentioned in : The behavior of the network can be adversely affected by modifying or interfering with advertisements of computing resource availability. Such attacks could deprive users of the services they desire, and might be used to divert traffic to interception points. Therefore, R23: secure advertisements are REQUIRED to prevent rogue nodes from participating in the network. Many security requirements are also mentioned in . The security mechanism needs to be able to address the anonymity and uniqueness issues of service identification. In traditional networks, routing information is commonly regarded as a publicly verifiable resource, which can enable rapid detection. However, the false advertisements of computing resource are difficult to detect. Considering the particularity of CATS work scenarios and requirements, this scheme chooses to use application layer technology to solve this security issue. This scheme proposed in this draft aims to solve this problem by coming up with a bilateral evaluation mechanism in the network. The main steps of this scheme are node registration, task allocation and bilateral evaluation. The structural design is shown in Figure 1.

Structural Design

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

The Definition of Terms This document makes use of the following terms. The terminology echoes what is in : Computing-Aware Traffic Steering (CATS): A traffic engineering approach [I-D.ietf-teas-rfc3272bis] that takes into account the dynamic nature of computing resources and network state to optimize service-specific traffic forwarding towards a given service contact instance. Various relevant metrics may be used to enforce such computing-aware traffic steering policies. Client: An endpoint that is connected to a service provider network. Service instance: An instance of running resources according to a given service logic. Many such instances can be enabled by a provider. Instances that adhere to the same service logic provide the same service. An instance is typically running in a service site. Clients' requests are serviced by one of these instances. Service site: A location that hosts the resources that are required to offer a service. A service site may be a node or a set of nodes. A CATS-serviced site is a service site that is connected to a CATS-Forwarder. CATS Path Selector (C-PS): CATS Path Selectors (C-PSes) use information to select where to forward traffic for a given service request. C-PSes also determine the best paths (possibly using tunnels) to forward traffic, according to various criteria that include network state and traffic congestion conditions. There might be one or more C-PSes used to compute CATS paths in a CATS infrastructure. Trust Value: a parameter to quantify the trust of clients and service sites.

Node Registration

Client Node Registration When a client node connects to the network, to protect the privacy of users, the scheme employs a hashing algorithm to generate unique anonymous identity identifiers for each client during the registration process. When updating task states information, only anonymous identity identifiers are used and the real identity information of clients is not disclosed. The client node that has completed registration will be assigned an initialized trust value.

Service Site Node Registration When the service site node connects to the network, in order to verify the computing resources owned by the service site, the service site will be required to complete a set of valid tasks. After receiving the valid task results from the service site, the computing resources of the service site are validated based on the valid task execution time and the correctness of the computation results. In order to protect the privacy of service site, this scheme will use a hash algorithm to generate a unique anonymous identity identifier for each verified service site node during the registration process. The service site node that has completed registration will be assigned an initialized trust value. Afterwards, the service site node can be assigned computing tasks.

Service Instance Allocation According to client requirements, computing resource information of service sites and trust values, the service instance will be assigned. The entire process of service instance publishing, allocation, completion, and feedback is recorded, which will be used for resolving business disputes and tracing attacks.

Bilateral Evaluation Mechanism

Bilateral Evaluation When service site provides feedback on service instance completion, this scheme can verify whether the task has been completed within the specified time interval and obtain service site's evaluation of the client. After client s receive feedback, they are required to evaluate the service site that completed the service instance. Following the bilateral evaluation by the client and assuming the service instance was completed on time, the scheme can calculate the trust value of both the client and service site based on that evaluation information.

Data Updating After each service instance is completed, the scheme will update the trust values of all participating clients and service sites in record. The magnitude of the trust value will affect service instance allocation priority, motivating clients and service sites to provide highly accurate computing resource information to maximize their rewards.

Unresolved Issues TBD

Security Considerations

Security Risk Traffic sniffing: Attackers may use computing resource information to analyze network traffic patterns to infer sensitive information. Identity impersonation: Attackers may impersonate trusted nodes and launch denial of service or man in the middle attacks. Information tampering: Attackers may tamper with information in records for malicious purposes such as traffic hijacking.

Response Encryption: Deploying encryption technology to ensure that only authorized network entities can parse and use this information. Access control: Deploy access control mechanism, only requests from registered clients and service sites will be responded to by the network. Identity authentication: Using public key infrastructure and digital signatures for identity authentication. Integrity protection: Using hash functions, block chain and other methods to ensure the integrity of information. Monitoring and auditing: Implement monitoring systems to detect and record for tracking and responding to security incidents as they occur.

References Normative References In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Informative References China Mobile Huawei Technologies Telefonica Huawei Technologies Huawei Technologies China Unicom Alibaba Group Distributed computing is a tool that service providers can use to achieve better service response time and optimized energy consumption. In such a distributed computing environment, providing services by utilizing computing resources hosted in various computing facilities aids support of services such as computationally intensive and delay sensitive services. Ideally, compute services are balanced across servers and network resources to enable higher throughput and lower response times. To achieve this, the choice of server and network resources should consider metrics that are oriented towards compute capabilities and resources instead of simply dispatching the service requests in a static way or optimizing solely on connectivity metrics. The process of selecting servers or service instance locations, and of directing traffic to them on chosen network resources is called "Computing-Aware Traffic Steering" (CATS). This document provides the problem statement and the typical scenarios for CATS, which shows the necessity of considering more factors when steering traffic to the appropriate computing resource to best meet the customer's expectations and deliver the requested service. Huawei Technologies China Mobile Orange Telefonica Juniper Networks, Inc. This document describes a framework for Computing-Aware Traffic Steering (CATS). Particularly, the document identifies a set of CATS components, describes their interactions, and exemplifies the workflow of the control and data planes. China Unicom China Unicom Computing-Aware Traffic Steering (CATS) inherits potential security vulnerabilities from the network, computing nodes as well as workflows of CATS procedures. This document describes various threats and security concerns related to CATS and existing approaches to solve these threats.

Acknowledgements TBD