a critical analysis of the transaction internet protocol tim kempster ([email protected]) university...
TRANSCRIPT
![Page 1: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/1.jpg)
A Critical Analysis of the Transaction Internet Protocol
Tim Kempster ([email protected]) University of Edinburgh Scotland
www.dcs.ed.ac.uk
![Page 2: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/2.jpg)
Overview of the Talk
• What is TIP and what kind of services does it provide.
• How do Internet applications enlist in Internet transactions.
• How can we model these transactions.
• Discussion of problems/features of TIP within this model.
![Page 3: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/3.jpg)
What Is TIP?• TIP is an IETF standard proposed by
Microsoft and Tandem and supported by other vendors.
• It provides transactional semantics to a
group of actions carried out by E-Commerce
style Internet applications.• TIP provides Atomicity.
![Page 4: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/4.jpg)
Changing Style of E-Commerce
Traditional E-Commerce• Involve a Customer
and a single Merchant.• Shopping by visiting
one Merchant at a time.
Multi-Party E-Commerce• Involve a customer and
two or more Merchants.• Merchants come
together on an ad hoc basis to provide a package of goods.
• These may be transient relationships.
![Page 5: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/5.jpg)
E-Commerce Example I
Browser
Travel Agency
Hotel Reservation System
Airline ReservationSystem
I Only need aflight if I can
get a Hotel Room
![Page 6: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/6.jpg)
E-Commerce Example II
Packaged financialproduct available
from a WWW broker
GovernmentBonds Broker
DOW FuturesBroker
Equities Broker
Futures Trader
![Page 7: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/7.jpg)
The Participants In a Transaction
Application
TM
Application
TM
Application
TM
Application
TMTwo pipe connection based model.
![Page 8: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/8.jpg)
Growing a Transaction
R
D
B C
E F
HG
I
PULL
PUSH
![Page 9: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/9.jpg)
Push Enlistment
TM X
Application A Application B
TM Y
tip_open()
tip_push()
PUSH
TID
PUSHEDTID
TID
do_some_work(TID)
done
![Page 10: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/10.jpg)
Pull Enlistment
TM X
Application A Application B
TM Y
PULLED
PULL(TID)
do_some_work(TID)
done
tip_open() TID
tip_pull(TID
)
![Page 11: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/11.jpg)
e
Terminating Transaction I
Re
e = Enlistedp = prepared
Ae e
C
B
D
e
e e
e
PREPARE PREPARE
PREPARED
p
p
PREPAREPREPAREPREPARED
pp
p
pp
p
![Page 12: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/12.jpg)
p
Terminating Transactions II
Rp
p = preparedc= committed
Ap p
C
B
D
p
p p
p
COMMIT COMMIT
COMMITED
c
c
COMMITCOMMITCOMMITED
cc
c
cc
c
A
![Page 13: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/13.jpg)
p
Terminating Transactions III
Ra
p = prepareda= aborted
Ap p
C
B
D
p
p p
a
ABORT
ABORTABORTABORTED
aa
a
aa
a
A
ABORTED
![Page 14: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/14.jpg)
e
Failure Before Preparation
eR
e
Be
Bp p
C D
e
a
a
ee pp
a
a
aa
a a
![Page 15: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/15.jpg)
Failure After Preparation
pR
p
Bp
Bp p
C D
e
pp
QUERY
RECONNECT
RECONNECTED
![Page 16: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/16.jpg)
Failure Tends to Cause Aborts
• If connections are lost between enlisted TMs this will cause the transaction to abort.
• TMs connections will often be in the enlisted state.
• Therefore the unreliability of the Internet will cause many transactions to abort.
• An enhancement to TIP should allow enlisted TMs to reconnect.
![Page 17: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/17.jpg)
Blocking In TIP
pR
ep
pp
p p
e
Prepared transactions cannot terminate and must hold resources.
![Page 18: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/18.jpg)
Why is Blocking Such a Problem?
• Resources (database locks) will need to be held until failure in some part of the Internet is repaired.
• A application has little control of who or where a transaction is pushed. Its resources therefore are vulnerable.
• Connection failure is common over the Internet.• Commit protocols which are less blocking exist.
![Page 19: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/19.jpg)
Jamming a Transaction
Pension Fund
Gold Futures
GovernmentBonds
PREPARE
PREPARED
PREPARE
Government bonds dealer waits for news. If it is favorable she replies PREPARED otherwise she aborts the transaction. Thus gaining a competitive advantage. She could also fake failure to cause the abort.
![Page 20: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/20.jpg)
Security in TIP• If A with local TM X enlists B with local
TM Y, then no other transaction can be mistakenly enlisted. Furthermore A’s identity is authenticated to B and vice versa.
• No outside parties can detect that the messages exchanged pertain to a TIP transaction.
• TIP Specification says use TLS but how ?
![Page 21: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/21.jpg)
Secure Pull
TM X
Application A Application B
TM Y
PULLED
PULL(TID)
do_some_work(TID)
done
tip_pull(TID
)TID
Pull m
ust come from
Y
Associate TID with TM Y’s public key
Secure authenticated pipe
TM X Only Replies PULLED if PULL came from TM Y.
![Page 22: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/22.jpg)
TM X
A
tip_pull(TID
)TID
Pull m
ust come from
Y
Associate TID with TM Y’s public key
Why Must the Application Pipe be Secure?
B
Bogus TM
TM X
Man in the Middle
MIM replaces TID with a bogus TID to hijack the transaction
ABORT
![Page 23: A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland](https://reader030.vdocuments.mx/reader030/viewer/2022032607/56649eba5503460f94bc1eef/html5/thumbnails/23.jpg)
Conclusions
• TIP provides transaction atomicity across Internet applications.
• Transactions are grown dynamically and terminated using a hierarchical 2PC.
• TIP behaves badly if connections fail.• Security issues arise during transaction enlistment.• There are issues when applications are not
cooperative.