1 / 19

Tolerating Denial-of-Service Attacks Using Overlay Networks – Impact of Topology

Tolerating Denial-of-Service Attacks Using Overlay Networks – Impact of Topology. Ju Wang 1 , Linyuan Lu 2 and Andrew A. Chien 1 1 CSE Department, UCSD 2 Math Department, UCSD. Outline. Background System Model Analytical Results Summary & Future Work. Motivation.

jenette-mclaughlin
Download Presentation

Tolerating Denial-of-Service Attacks Using Overlay Networks – Impact of Topology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tolerating Denial-of-Service Attacks Using Overlay Networks – Impact of Topology Ju Wang1, Linyuan Lu2 and Andrew A. Chien1 1CSE Department, UCSD 2Math Department, UCSD ACM SSRS'03

  2. Outline • Background • System Model • Analytical Results • Summary & Future Work ACM SSRS'03

  3. Motivation • DoS attacks compromise important websites • “Code Red” worm attack on Whitehouse website • Yahoo, Amazon, eBay • DoS is a critical security problem • Global corporations lost over $1.39 trillion (2000) • 60% due to viruses and DoS attacks. • FBI reports DoS attacks are on the rise • => DoS an important problem ACM SSRS'03

  4. Denial-of-Service Attacks Application Service • Attackers prevent legitimate users from receiving service • Application level (large workload) • Infrastructure level Internet Service Infrastructure Legitimate User ACM SSRS'03

  5. Denial-of-Service Attacks Application Service • Attackers prevent legitimate users from receiving service • Application level • Infrastructure level (traffic flood) – require IP addr Internet Service Infrastructure Legitimate User ACM SSRS'03

  6. App attackers Use Overlay Network to Resist Infrastructure DoS Attack Internet Overlay Network • Applications hide behind proxy network (location-hiding)  this talk • Proxy network DoS-resilient – shielding applications • Need to tolerate massive proxy failures due to DoS attacks • Addressed in on-going research Legitimate User 132.233.202.13 where? ACM SSRS'03

  7. B A Proxy Network Topology & Location Hiding Overlay Network • Proxy node: software component run on a host • Proxy nodes adjacent iff IP addresses are mutually known • Compromising one reveals IP addresses of adjacent nodes • Topology = structure of node adjacency  how hard to penetrate, effectiveness of location-hiding Adjacent ACM SSRS'03

  8. Problem Statement • Focus on location-hiding problem • Impact of topology on location-hiding • Good or robusttopologies: hard to penetrate and defenders can easily defeat attackers • Bad or vulnerable topologies: attackers can quickly propagate and remain side the proxy network Vulnerable (unfavorable) Robust (favorable) topologies ACM SSRS'03

  9. Attack: Compromise and Expose  Overlay Network  • Attackers: steal location information using host compromise attacks • A proxy node is: • Compromised: attackers can see all its neighbors’ IP addresses • Exposed: IP addresses known to attackers • Intact: otherwise Compromised!! intact exposed compromised ACM SSRS'03

  10. Overlay Network intact exposed compromised Defense: Recover and Reconfigure • Resource Recovery: compromised  exposed/intact • Proactive (periodic clean system reload) • Reactive (IDS triggered system cleaning) • Proxy network reconfiguration: exposed/compromised  intact • Proxy migration – move proxy to a different host Recovered! ACM SSRS'03

  11. Defense: Recover and Reconfigure Overlay Network • Resource Recovery: compromised  exposed/intact • Proactive (periodic clean system reload) • Reactive (IDS triggered system cleaning) • Proxy network reconfiguration: exposed/compromised  intact • Proxy migration – move proxy to a different host Move to new location! intact exposed compromised ACM SSRS'03

  12. Defense: Recover and Reconfigure Overlay Network • Resource recovery + Proxy network reconfiguration • Exposed Intact (at certain probability ) • Compromised Intact (at certain probability ) Move to new location! intact exposed compromised ACM SSRS'03

  13. Analytical Model • Model M(G, , , ) • G: topology graph of the proxy network • : speed of attack (at prob , exp  com) • : speed of defense (at prob , com  intact) • : speed of defense (at prob , exp  intact) • Nodes adjacent to a compromised node is exposed  intact  exposed compromised  ACM SSRS'03

  14. , ,    ,   , bad good , Theorem I(Robust Topologies) • Average degree 1of G is smaller than the ratio of speed between defenders and attackers: (+)/ > 1 • Even if many nodes are initially compromised, attackers’ impact can be quickly removed in O(logN) steps • Defenders are quick enough to suppress attackers’ propagation • Low average degrees are favorable ACM SSRS'03

  15. Theorem II (Vulnerable Topologies) • Neighborhood expansion property  of G is larger than the ratio of speed between defenders and attackers:  > / • Even if only one node is initially exposed, attackers’ impact quickly propagate, and will linger forever • Applies to all sub-graphs • Large clusters (tightly connected sub-graphs) are unfavorable hard to beat attackers inside the cluster ACM SSRS'03

  16. Case Study: existing overlays N-Chord: N node Chord K-D CAN: k-dimensional Cartesian space torus RR-k: random regular graph, degree = k ACM SSRS'03

  17. Related Work • Secure Overlay Services (SOS) [Keromytis02] • Use Chord to provide anonymity to hide location of secret “servlets” • Internet Indirection Infrastructure (i3) [Stoica02] • Uses Chord for location-hiding • Didn’t analyze how secure their location-hiding schemes are • We showed that Chord is not a favorable topology • Our previous work [Wang03] • Studied feasibility of location-hiding using proxy networks • Assumed favorable topology; focused on impact of defensive mechanisms, such as resource recovery and proxy reconfiguration • This work focus on impact of topology ACM SSRS'03

  18. Summary & Future Work • Summary • Studied impact of topology on location-hiding and presented two theorems to characterize robust and vulnerable topologies • Derived design principles on proxy networks for location-hiding • Found popular overlays (such as Chord) not favorable • Future Work • Impact of correlated host vulnerabilities (,  and  non-constant) • Design proxy networks to tolerate massive failures due to DoS attacks • Performance implications and resource requirement for proxy networks ACM SSRS'03

  19. References • [Wang03] J. Wang and A. A. Chien, “Using Overlay Networks to Resist Denial-of-Service Attacks”, Technical report, CSE UCSD, 2003. • [Keromytis02] A. D. Keromytis, V. Misra, and D. Rubenstein, “SOS: Secure Overlay Services”, In ACM SIGCOMM’02, Pittsburgh, PA, 2002. • [Stoica02] I. Stoica, D. Adkins, S. Zhuang, S. Shenker, and S. Surana, “Internet Indirection Infrastructure”, In SIGCOMM, Pittsburge, Pennsylvania USA, 2002. ACM SSRS'03

More Related