1 / 20

CS563.16 P2P Technology for Availability Under DDoS Attacks

CS563.16 P2P Technology for Availability Under DDoS Attacks. Presented by: Ramses Morales University of Illinois Spring 2006. Motivation. Brute force DDoS attacks will disrupt service availability. Several methods to combat DDoS have been proposed, e.g., Pushback.

ostinmannual
Download Presentation

CS563.16 P2P Technology for Availability Under DDoS Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS563.16P2P Technology for Availability Under DDoS Attacks Presented by: Ramses Morales University of Illinois Spring 2006

  2. Motivation • Brute force DDoS attacks will disrupt service availability. • Several methods to combat DDoS have been proposed, e.g., Pushback. • Can we provide access to a service, while a DDoS attack is underway, without directly addressing the attack?

  3. General Approach • Service / Data Replication. • Issues: • Replicas must not be geographically correlated. • Replication should be proactive and should adapt to the severity of the attack. • How can a replica be efficiently located? • The location mechanism can be targeted as well as the service we try to provide.

  4. Current Systems • XenoService • SOS • BitTorrent • Distributed Tracker • WebTorrent • Query-Flood Avoidance • Folklore

  5. XenoService • Provision servers across multiple ISPs, and charge a service fee. • Servers are capable of running a replicated service. • When an attack is detected, massive and rapid replication starts. • Location mechanism is not discussed. • Actual replication mechanism is not proposed.

  6. SOS: Secure Overlay Service (Announce beacon if its existance) Client beacon Overlay nodes Secret servlet Secret servlet Secret servlet Secure overlay Access point Randomly determines servlets DHT (Chord) service Filtered region

  7. SOS: disadvantages • Is a closed architecture. • Clients require authentication at SOAP. • Intended for services that can’t be easily replicated. • Assumes that overlay nodes are not malicious.

  8. BitTorrent tracker (single point of failure) -Large file is divided in chunks. -Clients perform “chunk” exchange. -Tracker knows where are the chunks. -File chunks are downloaded in arbitrary order. -The overlay is made up by nodes not geographically correlated. -”Seeder” nodes have a full copy of the file. -If tracker dies the file can’t be downloaded.

  9. BitTorrent: Distributed Tracker • Implementation is not standard. • Azureus is most popular one. • Relies on Kademlia DHT. Overlay nodes: (Messages routed through the overlay using chunk’s global ID.) Where is chunk x? I have chunk y Bittorrent client

  10. WebTorrent • Augment web browser with bittorrent client. • Augment web server with bittorrent tracker. • After a load threshold is passed, asks clients to download the webpage using bittorrent. • Extended HTTP messages. • Is highly effective in decreasing web server load.

  11. Query Flood Avoidance • Structured (DHT) and unstructured (Gnutella) P2P overlays are subject to application level query floods. • Incoming Allocation Strategy: • Weighted: likelihood that a query from a link will be accepted is proportional to the number of queries arriving on that link. • Fractional: allocate a rate to each peer based on 1/k (k = number of peers).

  12. Query Flood Avoidance • Drop Strategy: • Proportional: the higher the query rate, higher the drop rate. • Equal: all peers have queries drop uniformly. • OrderByTTL: drop queries from peers with highest/lowest TTL.

  13. Folklore: Endemic Migratory Replication • Goals: • Provide probabilistic security: data untraceability. • Scalable replication. • Data availability. • Low BW.

  14. Folklore: Endemic Migratory Replication • States with respect to an object: Stash, Averse, Receptive. • T, endemic protocol period. (5min). • , probability of moving a replica from Stash to Averse. (0.4). • , probability of moving a replica from Averse to Receptive. (0.05) • , number of periodic contacts. (10). 1 1 2 2

  15. Folklore: Endemic Migratory Replication • Fraction of nodes in [receptive, stash, averse] state when the protocol stabilizes: • Optimization: don’t delete a replica when it reaches receptive state.

  16. Phase Portrait of the Endemic Protocol

  17. Message Interchange • ANUPDATE message used for partial update transfers if version difference is 1. • Theoretical bw: • (2 * averageFileSize) / T. • Experimental bw: 3.38 kBps with 128kB files (21% lower).

  18. Advantages • Self-organizing replication mechanism. • Works with local information. • Protocol Period can be adjusted depending on DDoS severity.

  19. How to efficiently locate a replica? • …And not lose data untraceability? • A fraction of replicas can send a HB to a predetermined location every T. • A DHT can be used for location purposes. • It would serve to locate one of the replicas, keeping the others hidden. • DHT node can be subject to attack. • Use multiple DHT nodes to locate a single replica, hashing multiple times the ID of the replica.

  20. References • N. Daswani, H. Garcia-Molina. Query-Flood DoS Attacks in Gnutella. • A. Keromytis, et al. SOS: An Architecture for Mitigating DDoS Attacks. • G. Sivek, et al. WebTorrent: a BitTorrent Extension for High Availability Servers. • http://azureus.sf.net • http://kepler.cs.uiuc.edu

More Related