RFL: Robust fault localization on unreliable communication channels

Abstract

The current Internet is vulnerable to various attacks, e.g., source spoofing and flow hijacking attacks, which are incurred by misconfigurations or attacks. Either users or network operators are unable to easily localize these faults. Existing fault localization mechanisms can detect such attacks under an assumption that localization is performed upon reliable communication channels. Unfortunately, the assumption does not always hold. The forwarding paths of localization are not always reliable. Packets are usually dropped for some reasons. In particular, adversaries can interfere with fault localization by maliciously dropping packets. In this paper, we relax the assumption and propose a robust data-plane fault localization protocol named RFL that can localize faults and achieve source authenticity and path compliance even if communication channels in the network are not reliable. RFL samples and verifies packets in each network entity so that the packet source can efficiently localize faults of packet forwarding by verifying the sampled packets. By leveraging packet acknowledgment, packet sampling based fault localization is not impacted by packet loss in the communication channels. In particular, RFL leverages a symmetric key distribution scheme to implement robust key distribution among different entities, which ensures that packet sources can always correctly fresh their keys to perform correct localization. Our security and theoretical analysis demonstrates the robustness of RFL protocol. We implement the RFL prototype on Click routers. The experiment results with the prototype demonstrate that RFL achieves more than 99.5% localization accuracy while incurring only 10% throughput degradation.