1 / 10

A Denial-of-Service Resistant DHT

A Denial-of-Service Resistant DHT. Christian Scheideler Technische Universität München Joint work with Baruch Awerbuch, JHU. Motivation. On Feb 6, a major DoS attack was launched against the root servers of the DNS system. d. d. Internet. d. d. d. d.

vinson
Download Presentation

A Denial-of-Service Resistant DHT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Denial-of-Service Resistant DHT Christian Scheideler Technische Universität München Joint work with Baruch Awerbuch, JHU

  2. Motivation On Feb 6, a major DoS attack was launched against the root servers of the DNS system d d Internet d d d d

  3. DoS-resistant Information System Problem: DNS-approach of full replication not feasible in large information systems off-the-shelfservers Internet

  4. DoS-resistant Information System Scalable information system: storage over-head limited to logarithmic factor d Internet d d

  5. Fundamental Dilemma • Scalability: minimize replication of information • Robustness: maximize resources needed by attacker d Internet d d

  6. Fundamental Dilemma • Limitation to „legal“ attacks / information hiding • Information hiding difficult under insider attacks d Internet d d

  7. You are fired! DoS-resistent Information System Past-Insider-Attack: Attacker knows every-thing about system till (unknown) time t0 Goal:scalable information system so that everything that was inserted or updated aftert0 is safe (w.h.p.) against any past-insider DoS attack that can shut down any -fraction of the servers, for some >0, and create any legal set of requests

  8. Past Insider DoS Attack Dilemma: • Explicit data structure: problems with consistency and robustness • Fixed hash function: consistency much easier to maintain, but easy to attack • Random placement: difficult to attack, but also difficult to search for data Combine hashing with random placement!!

  9. DoS-resistant DHT Our solution is a DHT-based system on • n completely interconnected, reliable servers • with O(log n) data redundancy (coding) Theorem: Under any -bounded past-insider attack (for some constant >0), our lookup protocol can serve any set of requests (one per server) in polylog time s.t. every request to a data item inserted or updated aftert0 is served correctly, w.h.p.

  10. Conclusion Application: DoS-resistant platform for e-commerce or critical information services (Akamai) Regular paper: DISC 2007. Any questions?

More Related