Njira yatsopano yozembera imathetsa vuto la "network jitter", yomwe ingakhudze kupambana kwa kuwukira kwapambali.
Njira yatsopano yopangidwa ndi ofufuza a University of Leuven (Belgium) ndi New York University ku Abu Dhabi yawonetsa kuti owukira amatha kugwiritsa ntchito zida zapaintaneti kutulutsa zinsinsi.
Njira imeneyi amatchedwa , zomwe zasonyezedwa pamsonkhano wa chaka chino wa Usenix, zimagwiritsa ntchito momwe ma protocol a intaneti amachitira zopempha nthawi imodzi kuti athetse vuto limodzi lachiwonetsero chakutali chochokera kumbali.
Mavuto ndi kuukira kwakutali
Polimbana ndi nthawi, owukira amayesa kusiyana kwa nthawi yoperekera malamulo osiyanasiyana poyesa kulambalala chitetezo chachinsinsi ndikupeza zambiri zachinsinsi, monga makiyi obisala, mauthenga achinsinsi, ndi machitidwe ogwiritsira ntchito mafunde.
Koma kuti agwiritse ntchito bwino ziwopsezo zotengera nthawi, wowukirayo amafunikira chidziwitso chanthawi yomwe pulogalamuyo ikuwukiridwa kuti ikwaniritse pempholo.
Izi zimakhala zovuta mukalimbana ndi machitidwe akutali monga ma seva a pa intaneti, chifukwa network latency (jitter) imayambitsa nthawi zoyankha mosiyanasiyana, zomwe zimapangitsa kuti zikhale zovuta kuwerengera nthawi.
Pachiwopsezo cha nthawi yakutali, owukira nthawi zambiri amatumiza lamulo lililonse kangapo ndikusanthula nthawi yoyankha kuti achepetse kukhudzidwa kwa netiweki jitter. Koma njirayi ndi yothandiza pamlingo winawake.
"Kusiyana kwa nthawi kumakhala kochepa kwambiri, mafunso ambiri amafunikira, ndipo panthawi inayake kuwerengera kumakhala kosatheka," Tom Van Goethem, wofufuza za chitetezo cha deta komanso wolemba mapepala okhudza mtundu watsopano wa kuukira, akutiuza.
"Timeless" nthawi kuukira
Njira yopangidwa ndi Goethem ndi anzake imachita kuukira kwakutali m'nthawi yake yomwe imatsutsa zotsatira za network jitter.
Mfundo yomwe imayambitsa kuwononga nthawi kwanthawi yayitali ndi yosavuta: muyenera kuwonetsetsa kuti zopempha zimafika pa seva nthawi yomweyo, m'malo motumizidwa motsatizana.
Concurrency imawonetsetsa kuti zopempha zonse zili pamikhalidwe yofanana ya netiweki komanso kuti kukonza kwawo sikukhudzidwa ndi njira yapakati pa wowukirayo ndi seva. Ndondomeko yomwe mayankho amalandilidwa ipatsa wowukirayo chidziwitso chonse chofunikira kuti afananize nthawi zophedwa.
"Ubwino waukulu wakuukira kosatha ndikuti ndi zolondola kwambiri, ndiye kuti mafunso ochepa amafunikira. Izi zimalola wowukirayo kuzindikira kusiyana kwa nthawi yophedwa mpaka 100 ns, "akutero Van Goethem.
Ofufuza apakati pa nthawi yocheperako omwe adawona pakuwukira kwanthawi yapaintaneti anali ma 10 ma microseconds, omwe ndiakuluakulu ka 100 kuposa pakufunsidwa nthawi imodzi.
Kodi nthawi imodzi imatheka bwanji?
"Timaonetsetsa nthawi imodzi mwa kuyika zopempha zonse ziwiri pakiti imodzi," akufotokoza Van Goethem. "Pochita, kukhazikitsa nthawi zambiri kumadalira pa network protocol."
Kuti atumize zopempha nthawi imodzi, ofufuza amagwiritsa ntchito mphamvu zama protocol osiyanasiyana.
Mwachitsanzo, HTTP/2, yomwe ikuyamba kukhala muyezo wapaintaneti, imathandizira "kupempha kuchulukitsa," gawo lomwe limalola kasitomala kutumiza zopempha zingapo mofananira pa kulumikizana kumodzi kwa TCP.
"Pankhani ya HTTP / 2, timangofunika kuonetsetsa kuti zopempha zonse ziwirizi zikuyikidwa mu paketi imodzi (mwachitsanzo, polemba zonse ku socket nthawi imodzi)." Komabe, njira iyi ili ndi zovuta zake. Mwachitsanzo, m'maukonde ambiri operekera zinthu monga Cloudflare, omwe amapereka zambiri pa intaneti, kugwirizana pakati pa ma seva am'mphepete ndi malowa kumachitika pogwiritsa ntchito protocol ya HTTP/1.1, yomwe sigwirizana ndi pempho la multiplexing.
Ngakhale izi zimachepetsa mphamvu yakuukira kosatha, zimakhala zolondola kwambiri kuposa zida zakutali zakutali chifukwa zimachotsa jitter pakati pa wowukirayo ndi seva yam'mphepete ya CDN.
Pama protocol omwe samathandizira kuchulukitsa, owukira atha kugwiritsa ntchito protocol yapakatikati yomwe imaphatikiza zopemphazo.
Ofufuza awonetsa momwe kuwukira kosatha kwanthawi kumagwirira ntchito pa netiweki ya Tor. Pankhaniyi, wowukirayo amaphatikiza zopempha zingapo mu cell ya Tor, paketi yobisika yomwe imatumizidwa pakati pa ma node a Tor network mumapaketi amodzi a TCP.
"Chifukwa unyolo wa Tor wa mautumiki a anyezi umapita ku seva, titha kutsimikizira kuti zopempha zimafika nthawi imodzi," akutero Van Goethem.
Kuukira kosatha muzochita
M'mapepala awo, ofufuzawo adaphunzira kuukira kosatha muzochitika zitatu zosiyana.
pa nthawi yachindunji kuukira wowukira amalumikizana mwachindunji ndi seva ndikuyesa kutulutsa zinsinsi zokhudzana ndi pulogalamuyi.
"Chifukwa chakuti mapulogalamu ambiri a pa intaneti saganiziranso kuti kuwononga nthawi kungakhale kothandiza komanso kolondola, tikukhulupirira kuti mawebusaiti ambiri ali pachiopsezo chotere," akutero Van Goeten.
pa kuwononga nthawi yodutsa malo Wowukirayo amafunsira mawebusayiti ena kuchokera pa msakatuli wa wozunzidwayo ndipo amangoyerekeza zomwe zili muzachinsinsi poyang'ana kutsatana kwa mayankho.
Owukirawo adagwiritsa ntchito chiwembuchi kuti agwiritse ntchito chiwopsezo mu pulogalamu ya HackerOne bug bounty ndikutulutsa zidziwitso monga mawu osakira omwe amagwiritsidwa ntchito m'malipoti achinsinsi azovuta zomwe sizinalembedwe.
"Ndinkayang'ana milandu yomwe zidachitika kale zidalembedwa koma sizinawoneke ngati zothandiza. Bug ya HackerOne idanenedwa kale katatu (ma ID a bug: , ΠΈ ), koma sichinathetsedwe chifukwa chiwonongekocho chinkaonedwa ngati chosagwiritsidwa ntchito. Chifukwa chake ndidapanga pulojekiti yosavuta yofufuzira mkati ndikuwukira kosatha nthawi.
Zinali zosakwanira kwambiri panthawiyo pamene tinkapitirizabe kulongosola tsatanetsatane wa chiwembucho, koma zinali zolondola (ndinatha kupeza zotsatira zolondola kwambiri pa intaneti yanga ya WiFi).
Ofufuzawo anayesanso Kuwukira kosatha pa protocol ya WPA3 WiFi.
M'modzi mwa omwe adalemba nawo nkhaniyi, Mati Vanhof, adapeza kale . Koma nthawiyo inali yochepa kwambiri kuti isagwiritsidwe ntchito pazida zapamwamba kapena kuti isagwiritsidwe ntchito motsutsana ndi ma seva.
"Pogwiritsa ntchito mtundu watsopano wa kuukira kosatha, tidawonetsa kuti ndizotheka kugwiritsa ntchito kutsimikizika kwapamanja (EAP-pwd) motsutsana ndi ma seva, ngakhale omwe ali ndi zida zamphamvu," Van Goethem akufotokoza.
Nthawi yabwino
M'mapepala awo, ochita kafukufukuwo adapereka malingaliro otetezera ma seva kuti asawononge nthawi, monga kuchepetsa kuphedwa kwa nthawi yokhazikika ndikuwonjezera kuchedwa kwachisawawa. Kafukufuku wowonjezereka akufunika kuti agwiritse ntchito zodzitchinjiriza zodzitchinjiriza motsutsana ndi kuwononga nthawi kwachindunji komwe sikungakhudze magwiridwe antchito amtaneti.
"Tikukhulupirira kuti kafukufukuyu ali kumayambiriro kwambiri ndipo amafuna kuphunzira mozama," akutero Van Goethem.
Kafukufuku wamtsogolo angayang'ane njira zina zomwe owukira angagwiritse ntchito kuti awononge nthawi imodzi, ma protocol ena ndi magulu apakatikati omwe angawukidwe, ndikuwunika kusatetezeka kwa mawebusayiti odziwika omwe amalola kafukufuku wotere motsatira ndondomeko ya pulogalamuyi. .
Dzina lakuti "losatha" linasankhidwa "chifukwa sitinagwiritse ntchito chidziwitso cha nthawi (mtheradi) pazochitikazi," Van Goethem akufotokoza.
"Kuphatikiza apo, amatha kuonedwa ngati 'osakhalitsa' chifukwa kuukira kwakutali (kutali) kwagwiritsidwa ntchito kwa nthawi yayitali, ndipo, kutengera kafukufuku wathu, zinthu zidzangoipiraipira."
Mawu onse a lipoti lochokera ku Usenix alipo .
Pa Ufulu Wotsatsa
ndi chitetezo ku DDoS ndi zida zaposachedwa. Zonse izi ndi zathu ma seva apamwamba. Kusintha kwakukulu - 128 CPU cores, 512 GB RAM, 4000 GB NVMe.
Source: www.habr.com