Presentation is loading. Please wait.

Presentation is loading. Please wait.

October 31st, 2003ACM SSRS'03 Tolerating Denial-of-Service Attacks Using Overlay Networks – Impact of Topology Ju Wang 1, Linyuan Lu 2 and Andrew A. Chien.

Similar presentations


Presentation on theme: "October 31st, 2003ACM SSRS'03 Tolerating Denial-of-Service Attacks Using Overlay Networks – Impact of Topology Ju Wang 1, Linyuan Lu 2 and Andrew A. Chien."— Presentation transcript:

1 October 31st, 2003ACM SSRS'03 Tolerating Denial-of-Service Attacks Using Overlay Networks – Impact of Topology Ju Wang 1, Linyuan Lu 2 and Andrew A. Chien 1 1 CSE Department, UCSD 2 Math Department, UCSD

2 October 31st, 2003ACM SSRS'03 Outline Background System Model Analytical Results Summary & Future Work

3 October 31st, 2003ACM SSRS'03 Motivation DoS attacks compromise important websites “Code Red” worm attack on Whitehouse website Yahoo, Amazon, eBay DoS is a critical security problem Global corporations lost over $1.39 trillion (2000) 60% due to viruses and DoS attacks. FBI reports DoS attacks are on the rise => DoS an important problem

4 October 31st, 2003ACM SSRS'03 Denial-of-Service Attacks Attackers prevent legitimate users from receiving service Application level (large workload) Infrastructure level Internet Application Service Service Infrastructure Legitimate User

5 October 31st, 2003ACM SSRS'03 Denial-of-Service Attacks Attackers prevent legitimate users from receiving service Application level Infrastructure level (traffic flood) – require IP addr Internet Application Service Service Infrastructure Legitimate User

6 October 31st, 2003ACM SSRS'03 Use Overlay Network to Resist Infrastructure DoS Attack Applications hide behind proxy network (location-hiding)  this talk Proxy network DoS-resilient – shielding applications Need to tolerate massive proxy failures due to DoS attacks Addressed in on-going research Internet Legitimate User Overlay Network App attackers where ?

7 October 31st, 2003ACM SSRS'03 Overlay Network Proxy Network Topology & Location Hiding Proxy node: software component run on a host Proxy nodes adjacent iff IP addresses are mutually known Compromising one reveals IP addresses of adjacent nodes Topology = structure of node adjacency  how hard to penetrate, effectiveness of location-hiding A B Adjacent

8 October 31st, 2003ACM SSRS'03 Problem Statement Focus on location-hiding problem Impact of topology on location-hiding Good or robust topologies: hard to penetrate and defenders can easily defeat attackers Bad or vulnerable topologies: attackers can quickly propagate and remain side the proxy network Robust (favorable) Vulnerable (unfavorable) topologies

9 October 31st, 2003ACM SSRS'03 Attack: Compromise and Expose Attackers: steal location information using host compromise attacks A proxy node is: Compromised: attackers can see all its neighbors’ IP addresses Exposed: IP addresses known to attackers Intact: otherwise Overlay Network intact exposed compromised   Compromised!!

10 October 31st, 2003ACM SSRS'03 Defense: Recover and Reconfigure Resource Recovery: compromised  exposed/intact Proactive (periodic clean system reload) Reactive (IDS triggered system cleaning) Proxy network reconfiguration: exposed/compromised  intact Proxy migration – move proxy to a different host Overlay Network intact exposed compromised Recovered!

11 October 31st, 2003ACM SSRS'03 Defense: Recover and Reconfigure Resource Recovery: compromised  exposed/intact Proactive (periodic clean system reload) Reactive (IDS triggered system cleaning) Proxy network reconfiguration: exposed/compromised  intact Proxy migration – move proxy to a different host Overlay Network intact exposed compromised Move to new location!

12 October 31st, 2003ACM SSRS'03 Defense: Recover and Reconfigure Resource recovery + Proxy network reconfiguration Exposed  Intact (at certain probability  ) Compromised  Intact (at certain probability  ) Overlay Network intact exposed compromised Move to new location!

13 October 31st, 2003ACM SSRS'03 Analytical Model Model M(G, , ,  ) G: topology graph of the proxy network  : speed of attack (at prob , exp  com)  : speed of defense (at prob , com  intact)  : speed of defense (at prob , exp  intact) Nodes adjacent to a compromised node is exposed intact exposed compromised   

14 October 31st, 2003ACM SSRS'03 Theorem I (Robust Topologies) Average degree  1 of G is smaller than the ratio of speed between defenders and attackers:  (  +  )/  >  1 Even if many nodes are initially compromised, attackers’ impact can be quickly removed in O(logN) steps Defenders are quick enough to suppress attackers’ propagation Low average degrees are favorable      ,, ,, ,,,, ,, bad good

15 October 31st, 2003ACM SSRS'03 Theorem II (Vulnerable Topologies) Neighborhood expansion property  of G is larger than the ratio of speed between defenders and attackers:  >  /  Even if only one node is initially exposed, attackers’ impact quickly propagate, and will linger forever Applies to all sub-graphs Large clusters (tightly connected sub-graphs) are unfavorable hard to beat attackers inside the cluster

16 October 31st, 2003ACM SSRS'03 Case Study: existing overlays K-D CAN: k-dimensional Cartesian space torus RR-k: random regular graph, degree = k N-Chord: N node Chord

17 October 31st, 2003ACM SSRS'03 Related Work Secure Overlay Services (SOS) [Keromytis02] Use Chord to provide anonymity to hide location of secret “servlets” Internet Indirection Infrastructure (i3) [Stoica02] Uses Chord for location-hiding Didn’t analyze how secure their location-hiding schemes are We showed that Chord is not a favorable topology Our previous work [Wang03] Studied feasibility of location-hiding using proxy networks Assumed favorable topology; focused on impact of defensive mechanisms, such as resource recovery and proxy reconfiguration This work focus on impact of topology

18 October 31st, 2003ACM SSRS'03 Summary & Future Work Summary Studied impact of topology on location-hiding and presented two theorems to characterize robust and vulnerable topologies Derived design principles on proxy networks for location-hiding Found popular overlays (such as Chord) not favorable Future Work Impact of correlated host vulnerabilities ( ,  and  non-constant) Design proxy networks to tolerate massive failures due to DoS attacks Performance implications and resource requirement for proxy networks

19 October 31st, 2003ACM SSRS'03 References [Wang03] J. Wang and A. A. Chien, “Using Overlay Networks to Resist Denial-of-Service Attacks”, Technical report, CSE UCSD, [Keromytis02] A. D. Keromytis, V. Misra, and D. Rubenstein, “SOS: Secure Overlay Services”, In ACM SIGCOMM’02, Pittsburgh, PA, [Stoica02] I. Stoica, D. Adkins, S. Zhuang, S. Shenker, and S. Surana, “Internet Indirection Infrastructure”, In SIGCOMM, Pittsburge, Pennsylvania USA, 2002.


Download ppt "October 31st, 2003ACM SSRS'03 Tolerating Denial-of-Service Attacks Using Overlay Networks – Impact of Topology Ju Wang 1, Linyuan Lu 2 and Andrew A. Chien."

Similar presentations


Ads by Google