1 / 33

Deployable DDoS Mitigation Mechanisms

Deployable DDoS Mitigation Mechanisms. Khor Soon Hin. Outline. Definition of DDoS Issues with existing research Overview of two of our proposals sPoW and Overfort Current and future work. Distributed Denial-of-Service (DDoS). Congestion. Internet. Network Bottleneck.

ava-bradshaw
Download Presentation

Deployable DDoS Mitigation Mechanisms

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Deployable DDoS Mitigation Mechanisms Khor Soon Hin

  2. Outline • Definition of DDoS • Issues with existing research • Overview of two of our proposals • sPoW and Overfort • Current and future work

  3. Distributed Denial-of-Service (DDoS) Congestion Internet Network Bottleneck Server Bottleneck

  4. Research to Mitigate DDoS • Analysis of 10 years of DDoS research: • 2000: CenterTrack, Blackhole routing • 2001: DPF, Traceback ICMP, Algebraic traceback, Various traceback • 2002: D-WARD, SOS, Pushback • 2003: HCF, Capabilities, Mayday • 2004: SIFF • 2005: WebSOS, AITF, TVA, Route & Tunnel • 2006: Speak-Up, Flow-Cookies (CAT) • 2007: Portcullis • 2008: Phalanx • 2009: StopIt

  5. Existing Research But fails to address 2 issues… A New Threat: Economic DDoS (eDDoS) Deployability

  6. Existing Research But fails to address 2 issues… A New Threat: Economic DDoS (eDDoS) Deployability

  7. A Recently Published DDoS Defense 1/2 Connection request R1 R3 Internet R2 R4 Approval token dissemination Request flow R1,R2,R3,R4 DDoS defense adopters ISP A Approval token creation ISP B 正 正 正 正 正 正 ISP C

  8. A Recently Published DDoS Defense 2/2 No approval token DDoS packet Stolen or forged token DDoS packet R1 Packet R3 Internet R2 R4 = Server approval of route and packet Approved route in token differs No congestion Assistance from routers DDoS defense adopters ISP A ISP B Server traffic control 正 正 正 正 正 正 正 正 ISP C

  9. Advance≠Deployable • Reliant of disinterested parties • Unilaterally deployable • Difficult to amass resource • Deployable with own resources • Depend on ISP to change ossified Internet routers • Easy-to-introduce and modify edge-node usage 3 parties 10 locations

  10. Existing Research But fails to address 2 issues… A New Threat: Economic DDoS (eDDoS) Deployability

  11. A New Threat: Economic DDoS (eDDoS) Internet Service deployed on the cloud platform to handle on-demand traffic Cloud

  12. A New Threat: Economic DDoS (eDDoS) Cloud Pay-per-use resource Economic DDoS DDoS attack to ramp up resource usage Internet Pay for DDoS usage $$$$ No congestion Network and server are not targets of attack eDDoS Cloud DDoS usage > Budget = Server offline On-demand resource

  13. Existing Research But fails to address 2 issues… A New Threat: Economic DDoS (eDDoS) Deployability

  14. Existing Research Our Research Goals But fails to address 2 issues… A New Threat: Economic DDoS (eDDoS) Deployability Effective against DDoS, includingeDDoS Goals Unilateral deployment End-user empowerment Ease of modification

  15. DDoS Winning Strategy Amass more resources than attackers OR Find attackers before resources are exhausted

  16. DDoS Winning Strategy Amass more resources than attackers OR Find attackers before resources are exhausted

  17. sPoW: DDoS Defense With Cloud Server Traffic Control Accept/Reject Traffic Amazon EC2 Cloud Intermediary Accepted Traffic Rejected Traffic No direct connectivity sPoW server-side sPoW client-side Server Client All traffic go through cloud Cloud resource > Attacker resouce WIN! Google AppEngine Intermediary

  18. A fact… Cloud Pay-per-use resource Economic DDoS DDoS attack to ramp up resource usage Pay for all DDoS traffic Change the billing mechanism

  19. sPoW: Unilaterally Alter Billing Mechanism Build DDoS defense using existing cloud mechanisms Without sPoW With sPoW Adopter can unilaterally modify billing mechanism $ $ $ $ $ Billing Mechanism Billing Mechanism eDDoS$$$$ Cloud eDDoSmitigated Cloud DDoS defense Server DDoSmitigated Server

  20. eDDoS Defense Q:Is sPoW really different from existing research? A1:If you search Google using the keywords “mitigation eDoS”sPoW is in the Top20 results NOTE#1:The keyword “eDoS” was not used at all in the sPoW paper NOTE#2:“eDoS” and “eDDoS” are totally different words A2: If you search Google using the keywords “mitigation eDDoS” sPoW is No #1 in the results returned My point: eDDoS is a relatively new research area sPoW is not a minor tweak of an existing research

  21. DDoS Winning Strategy Amass more resources than attackers OR Find attackers before resources are exhausted

  22. Attacker Traceback From the source field, we can identify the attacker dest source contents $8&@ User Attacker contents dest source $8&@

  23. Traceback: Problem #1 – Weak Accountability Spoof Source field is a weak accountability evidence dest source contents $8&@ User Attacker contents dest source $8&@

  24. Traceback:Problem #2 – Manual shutdown Shutdown is manual thus difficult to enforce Traceback may be automatic but… Please help shut down these attackers

  25. Overfort: Proposal • Problem #1 • Source field is weak accountability proof • Problem #2 • No automated punishment system Use un-spoofabledestination fieldas strong proof Do not reveal server location to bad clients

  26. Overfort:Strong Accountability Evidence 1/2 Server Hidden IP Hidden IP enforces indirect connectivity Server Z Server-chosen Channel IDs Mapping M Q G A Internet A Communication channels G Cloud Server Z M Q DNS Server Z? Server Z? Server Z? G M Q User X User W User Y Zombie PC: courtesy of crazy-vincent.com

  27. Overfort:Strong Accountability Evidence 2/2 Unspoofable Server Hidden IP Spoof Hidden IP enforces indirect connectivity dest source Q $8&@ Server Z Server-chosen IDs Attack packet Mapping Track Assignment M Q G A Internet A G User W Cloud Server Z M User X Q User Y DNS Server Z? Server Z? Server Z? G M Q User X User W User Y Zombie PC: courtesy of crazy-vincent.com

  28. Overfort:Auto Punishment with Black-list Server Hidden IP Hidden IP enforces indirect connectivity Server Z Channel is deactivated to stem attack Server-chosen IDs Available Mapping M Q G A Internet A G User W Cloud Server Z M User X Q User Y User is malicious Server Z? DNS Black-list:Server location request rejected Server Z? Server Z? Server Z? G M Q User X User W User Y Zombie PC: courtesy of crazy-vincent.com

  29. The best part… The black-list can be shared with the entire Internet community!!!

  30. DDoS Winning Strategy eDDoS defense Alter billing mechanism Use Cloud Amass more resources than attackers OR Find attackers before resources are exhausted Guard server location Assign clients unique destination IDs Internet clean-up

  31. Existing Research Our Research Goals Deployability A New Threat: Economic DDoS (eDDoS) Effective against DDoS, includingeDDoS Goals Unilateral deployment Overfort sPoW End-user empowerment Ease of modification Use Cloud DDoS, eDDoS, traceback Overfort sPoW

  32. Current sPoW Built-in Biling Amazon SQS (8K) Amazon S3 (5G) Ruby Server Application Decent performance Cloud Intermediary sPoW library Internet Ruby Client Application sPoW library Multi-channel transmission IRC Any system as intermediary I3 No Billing System

  33. sPoW for Web Built-in Billing shared Amazon SQS (8K) sPoW Server-side Amazon S3 (5G) sPoW library sPoW unaware Cloud Intermediary Web Server Internet web protocol Web Server Browser Browser sPoW applet Dynamic clients require Java library support sPoW applet understands web protocols Content Distribution Network

More Related