Mutual Trust Networks: Rise of a Society
By: Ruchir Jha
This article first appeared over at our affiliate site eBCVG.com. The original article can be found here.
A million years ago, as its public knowledge by now, man lived in caves, had primitive, brute and uncivilized ways of going around one complicated process called life. Well, then what possibly do you think changed that brute to this contemporary creature that he is today.
The main reason behind this may be just one, and that is, the evolution of society. Man started realizing, the concept of a civilization. He configured, the ideal of co existence. And this in turn, brought into existence, many human passions namely jealousy, snobbery, love, caring, but most important of it all man understood the meaning of trust.
This aspect of the human psyche, perhaps became one of the most important ones in the building of great communities and ‘societies’, chiefly because, any form of transaction between two individuals was based upon the trust quotient they shared. Many things have changed, since a millions years, but one thing hasn’t, and that is no matter what transaction it is, the trust quotient is something which matters to the two individuals involved in the transaction, while making it.
November 2, 1988. Wasn’t too good a day for firms relying on computer networks across the USA, chiefly because one man called Robert Morris, let out a worm, now referred to as the “Morris Worm”, which I should say was less of a worm, and more of an epidemic. This worm, spread in a way, infecting mostly SUN and VAX workstations on its path, as it continued its catastrophic picnic. Mr. Morris ended up in federal prison serving a three years imprisonment and some hours of community service. Today its 2003, the world of computer security, has seen many upheavals ever since, or in other words, has become increasingly insecure. In other terms, Mr. Morris ended up inducing the minds of millions with an aspect of insecurity, which has grown exponentially over the years. It’s human to think of solutions, and so did we. We came up with many impressive developments, like anti virus systems, newer and stronger firewalls, but cyber crime has not been deterred, by any of these. Crime still continues, in quite a rampant form, which eventually proves, that our defense has not been suffice, but its ok, as to err is human, but probably in this case it may not be divine to forgive.
Today, one of the major concerns, ruling the minds of many is, how is it
possible to actually stop a malicious code from spreading itself. Worms
inherently master the art of reproduction, especially when it comes to
‘shared’ or LAN networks. This is basically because, computers tend to trust
the data transfers on an intra-network basis, using many available services like
the FTP, etc. Citing an example here let me tell you about, one incident, which
happened in my own organization. My organization is something spread in 2 square
kilometers, with about 2500 machines connected with each other, using vivid
topologies. One day as I was working on one of the workstations, my Norton
informed me that I was infected by the NIMDA (another malicious worm). I asked
the person sitting just next to me, to run a similar check, and he too found the
same infection. I reported this matter to the administrator, and to our sheer
shock, we found that 60% of our entire network suffered from a NIMDA infection.
NIMDA is a worm, but that doesn’t mean it crawled its way on the cable,
connecting computers. In other words, it used vehicles, and what could be more
convenient than the heavy FTP traffic our network undergoes all throughout the
day. History stands witness, that no matter how powerful were our vaccines; they
hardly come through, when an epidemic hits.
Our solutions are now perhaps beginning to wear off, and at this point, I would
like to advertise about a concept of Mutual Trust Networks. As I discussed in
the first paragraph, like man, computers have been under steady evolution over
the years now. And now its time, we had a society. A society in which computers
on a LAN dealt with each other like individuals in a community, on the basis of
mutual trust. A society of computers, where a machine relied on some machines
fully and was “biased” for some others. A society of computers in which,
machines “felt” for other machines, and the way in which they felt, depended
solely upon the form of previous conduct of those respective machines. Well I
know all this what I am proposing now, may sound very weird, at the moment, but
now let me go into the details of implementing such a Mutual Trust Network or
MTN (as I will now refer to it, for simplicity) and I may call the
implementation as the MTN algorithm.
The MTN Algorithm
The MTN algorithm may not actually make a network, but it may help every machine
on the network calculate the amount of trust it can put on other machines on the
network, and in general make a community of mutually trusting machines. In order
to implement the MTN, we assume that all the machines on the network are
strangers, or in other words have had minimal interactions till yet. Now, in
order to explain myself more explicitly, let me give you the example of “proxy
ARP”(reference-RFC 1027). One chief reason behind using Proxy ARP in here is
that, it is actually advised to use this protocol, when network construction is
in its transitive phases as it is with our MTN. Thus now I will make a
step-by-step analogy, between the Proxy ARP mechanism and the MTN, as I go ahead
with the formers implementation. Well, to start with, we can see that machines
X, Y, Z, W, in the figure, are on a network, with mask 255.0.0.0, and their
respective addresses have been stated. Now let us examine the types of
interactions possible
Between the machines.
Router Interface X:72.8.13.99 Router Interface Y: 72.8.197.6
Router Interface Z:72.0.1.4
Mask: 255.0.0.0 W: 72.57.3.181
TYPE -1
Machine X wants to communicate with machine Y. Well so all it can do is send an
ARP request to ROUTER 1, which has an inherent knowledge of the fact that, both
the machines, that is the source and the destination are on the same physical
network. One chief reason for this is because ROUTER 1 has the capability to
analyze, that the mask for both the machines is the same. Well, so what happens
now, is, the source’s ARP request is basically converted into an IP/MAC
mapping, and sent to the destination. The destination realizes, that the request
was made from its neighbor, and replies with its own IP/MAC mapping, which is
then cached in the ROUTER 1’s cache, if such a cache entry was not made
formerly. After this the communication between both of them initializes.
MTN Analogy
Even if we talk about a human society, we tend to be friendlier with our
immediate neighbor, and trust him/her more, rather than with those, who lived
two or three blocks away except if he was a clumsy one, and it was really very
difficult to put up with him. Similarly here, on the basis of ROUTER 1’s
intelligence, machine X does discover, that its immediate neighbor is Y. And
hence their communication inherently tends to include more amounts of
‘directness’ and ‘mutual trust’. But as I stated before, just being a
next-door neighbor doesn’t mean that we put up with him/ her no matter how
their conduct with us was. At this I would say, that before starting a
communication, what if we had a mechanism, which looked up the routing table
held by ROUTER 1 to check if both X and Y, have had any communication before,
and simultaneously also looks for all those interactions X had with the machines
on the other networks (namely W, Z) which ROUTER 1 may tend to know because it
has one of its individual interfaces with X (see figure).
If they have not had any, then, ROUTER 1 while forwarding X’s request to Y,
also informs Y that “This is your new neighbor telling you a hi, be cautious
with him/her, before you started a friendship, and this is a list of people, Mr.
X was friendly with”. Such a message, doesn’t actually deter Y from replying
to the request made by X. But before it does so, it implicitly creates a data
structure called as the MUTUAL TRUST TABLE (MTT), recording the data about X’s
relationships that were sent to it by ROUTER 1.
In other terms, ROUTER 1 is being someone whose known the ‘social’ aspect of
machine X, previously and now is telling this to Y before it initiated a
‘relationship’ with X. This data actually warns Y, and it becomes very
cautious in receiving any form of data from X. And on receipt of any data, it
makes security checks using, various security mechanisms (anti viruses viz.). If
the data is found to be ‘clean’, machine Y has no problems accepting it, and
it actually sends a response to X, saying ‘Thanks, I think we can make good
pals”. But Y doesn’t want to stop at that; it broadcasts an ARP packet of
friendliness to all those machines, listed in its MTT, which might be like “I
got your reference from Mr. X, a good friend of mine, and I think we can make
good friends too, after all we are people living in the same society” But if
the data received from X doesn’t seem to be clean to Y, it sends a response
which is of course not its IP/MAC mapping, but instead the packet has the IP/MAC
of router 1 as its destination, telling it “I wont prefer any kind of
friendship with Mr. X”. At the same time, Y implicitly notes the addresses of
machines listed in its MTT, or in other terms “these are the guys whom I have
to be careful of”. The human sentiment says, “Who said, if X was a bad guy,
all its friends might be bad guys too?” but after all no harm being cautious!
Type 2
Type 1 chiefly described the relationship, between two machines on the same
physical network. But what if we wanted a communication between two machines
lying on different networks, though being interfaced with common routers. So
lets first analyze a transaction like this, and then see the MTN analogy, which
can be derived. Say machine X wanted to communicate with W. It initiates an ARP
request to the ROUTER 1, through its attached interface. Note that, machine X
does things solely with the spirit of communication, without realizing the
‘foreignness’ of W. Router 1 however, does know, that getting X’s request
to W, might need some hard work. It first of all watches for the mask. The mask
if not similar say for example, if W was /16 and X was /24, then router 1 takes
for granted that W is /24. After this it initiates a request to W, through the
individual interface it has with it. But here is where, comes the most important
aspect of ‘Proxy ARP’. ROUTER 1, is smart enough not to inform X’s
unsubnetted counterpart W, about X’s IP/MAC mapping. It lies to W, telling it,
“This is the IP/MAC mapping of the machine which wants to communicate with
you” when in reality, it has forwarded its own. They say, we normally tend to
believe the lies told to us by prominent people. After all who could be more
prominent to W, than ROUTER 1. The router then forwards the IP/MAC mapping of W
to X, and the communication may then initiate.
MTN Analogy
First of all a TYPE 2 transaction may not initiate as easily, if the machine X
wants to communicate is an enlisted ‘bad guy’ in X’s MTT. As I have
mentioned before, we can give a benefit of doubt to W, but do note that this
must be done much cautiously. Anyway, as mentioned above, once router 1 has lied
to W (that is in the case, that W is not an enlisted bad guy on X’s MTT),
router 1 informs X, about the response it had received from Y, on the basis of
the lies it told to W. X at this point of time, asks ROUTER 1 “Do you think if
I did this, it is going to be trustworthy and reliable”. Here comes the
inclusion of a global MTT, held by every ROUTER on the network. So basically,
when ROUTER 1 receives a request like this, it looks up its own MTT, which in
turn holds all those addresses, which were most frequently appearing in its
ROUTING TABLE, which in turn indicates, that those machines were one of the most
trustworthy members of the existing community. If the address of W does show up
in its MTT, router 1 replies to X, by saying “Its ok, I think he is a good
guy, but then too be cautious”. On receipt of such a message, X again checks
for any malicious code in the data as received from W, and makes corresponding
entries in its own MTT.
Conclusion
I think I just made my proposition of inducing the human sentiment of trust
between computer networks. I would like to say, that such a proposition does
have some disadvantages, like the time dependency of the MTN routing algorithm,
and creating fundamental changes to the existing protocol structures and some
others. But I would also like to state, that if a proposition like this induced
even a 0.1 percent increase in securing networks, then it’s more than worth it.
Ruchir Jha
1.) A Guide To A New Generation of Phreaking - Part 1 - decimalz
2.) MBSA: Microsoft Baseline Security Analyzer - adrenaline
3.) Scanning Networks - Krishna
4.) Mutual Trust Networks: Rise of a Society - Ruchir Jha
5.) Review of Yellow Dog Linux 3.0 - L33tdawg
6.) Camouflaging Nmap Scans - Whistler
7.) When your server ends up a Warez site - Obscure
