Phalanx: Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy Tom Anderson University of Washington NSDI 2008.

Slides:

Advertisements

Similar presentations

The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June

Advertisements

Security Issues In Mobile IP

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Data-Oriented Network Architecture (DONA) Scott Shenker (M. Chowla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, I. Stoica)

Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.

INTRODUCTION TO COMPUTER NETWORKS Zeeshan Abbas. Introduction to Computer Networks INTRODUCTION TO COMPUTER NETWORKS.

Using Capability to prevent Internet Denial-of-Service attacks  Tom Anderson  Timothy Roscoe  David Wetherall  Offense Team –Khoa To –Amit Saha.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.

FastPass: Availability Tokens to Defeat DoS Presented at CMU Systems Seminar by: Dan Wendlandt Work with: David Andersen & Adrian Perrig.

Consensus Routing: The Internet as a Distributed System John P. John, Ethan Katz-Bassett, Arvind Krishnamurthy, and Thomas Anderson Presented.

.NET Remoting. .Net Remoting Replaces DCOM (Distributed Component Object Model – a proprietary Microsoft technology for communication among software components.

Spring 2003CS 4611 Content Distribution Networks Outline Implementation Techniques Hashing Schemes Redirection Strategies.

Named Data Networking for Social Network Content delivery P. Truong, B. Mathieu (Orange Labs), K. Satzke (Alu) E. Stephan (Orange Labs) draft-truong-icnrg-ndn-osn-00.txt.

2005 Stanford Computer Systems Lab Flow Cookies Bandwidth Amplification as Flooding Defense Martin Casado, Pei Cao Niels Provos.

To Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets Xin Liu Xiaowei Yang Yanbin Lu UC Irvine

A DoS-Limiting Network Architecture Presented by Karl Deng Sagar Vemuri.

Peer-to-Peer Based Multimedia Distribution Service Zhe Xiang, Qian Zhang, Wenwu Zhu, Zhensheng Zhang IEEE Transactions on Multimedia, Vol. 6, No. 2, April.

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )

A Poisoning-Resilient TCP Stack Amit Mondal Aleksandar Kuzmanovic Northwestern University

Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.

Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.

Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.

Lecture 1 Internet Overview: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  network structure,

Lecture Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  network structure,

1 TVA: A DoS-limiting Network Architecture Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas Anderson (Univ. of Washington)

Phalanx: Withstanding (?) Multimillion-Node (?) Botnets Paper by Colin Dixon, Thomas Anderson and Arvind Krishnamurthy NSDI ‘08 ?? by Mark Ison and Gergely.

CS 672 Paper Presentation Presented By Saif Iqbal “CarNet: A Scalable Ad Hoc Wireless Network System” Robert Morris, John Jannotti, Frans Kaashoek, Jinyang.

Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.

Portcullis: Protecting Connection Setup from Denial-of-Capability Attacks Bryan Parno, Dan Wendlandt, Elaine Shi, Adrian Perrig, Bruce Maggs, Yih-Chun.

1 Routing as a Service Karthik Lakshminarayanan (with Ion Stoica and Scott Shenker) Sahara/i3 retreat, January 2004.

The Delta Routing Project Low-loss Routing for Hybrid Private Networks George Porter (UCB) Minwen Ji, Ph.D. (SRC - HP Labs)

Lecture 1 Internet Overview: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  network structure,

A DoS Limiting Network Architecture An Overview by - Amit Mondal.

3/30/2005 Auburn University Information Assurance Lab 1 Simulating Secure Overlay Services.

INTRODUCTION TO COMPUTER NETWORKS INTRODUCTION Lecture # 1 (

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

Active Network Applications Tom Anderson University of Washington.

Distributed Quality-of-Service Routing of Best Constrained Shortest Paths. Abdelhamid MELLOUK, Said HOCEINI, Farid BAGUENINE, Mustapha CHEURFA Computers.

Presenter: Chen Chih-Ming 96/12/27. Outline  Background  Problem Definition  State of Art  Portcullis Architecture  Designs  Potential Attacks 

Common Devices Used In Computer Networks

FiWi Integrated Fiber-Wireless Access Networks

Final Introduction ---- Web Security, DDoS, others

SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.

Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.

A Routing Underlay for Overlay Networks Akihiro Nakao Larry Peterson Andy Bavier SIGCOMM’03 Reviewer: Jing lu.

1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

Portcullis: Protecting Connection Setup from Denial-of-Capability Attacks Paper by: Bryan Parno et al. (CMU) Presented by: Ionut Trestian Gergely Biczók.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Presentation slides prepared by Ramakrishnan.V LMS: A Router Assisted Scheme for Reliable Multicast Christos Papadopoulos, University of Southern California.

A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time Lusheng Ji†, Joint work with Changxi Zheng‡, Dan Pei†, Jia Wang†, Paul Francis‡

Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy, Tom Anderson Affiliates Day, 2007.

1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.

Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.

Evaluation of ad hoc routing over a channel switching MAC protocol Ethan Phelps-Goodman Lillie Kittredge.

CS 6401 Overlay Networks Outline Overlay networks overview Routing overlays Resilient Overlay Networks Content Distribution Networks.

Networking Components Assignment 3 Corbin Watkins.

Dr. John P. Abraham Introduction to Computer Networks INTRODUCTION TO COMPUTER NETWORKS.

P4P: Proactive Provider Assistance for P2P Haiyong Xie Yale University.

CONNECTING TO THE INTERNET

Phalanx : Withstanding Multimillion-Node Botnets

A DoS-limiting Network Architecture

Mobile ad hoc networking: imperatives and challenges

Introduction to Network Security

EE 122: Lecture 22 (Overlay Networks)

Presentation transcript:

Phalanx: Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy Tom Anderson University of Washington NSDI 2008

Why isn’t this a solved problem?  Solved for static content  Replicate everywhere  Large CDNs (Akamai, CoDeeN, Coral)  Potentially solved if we can replace all routers  Promising “clean slate” academic research... ... but, pervasive bots require universal deployment  Unsolved for dynamic content on the Internet today  VoIP, e-govt, e-commerce, AJAX web apps, etc.  Can we use a pervasive set of machines (i.e., a CDN) to solve the problem? Without changing every router?

Key Ideas  Tie fate of a server to a large part of the Internet  Goals  Deployable – without changing all ISPs or all routers  Scalable – to terabit attacks w/millions of attackers  Mechanisms  Packet Mailboxes  Secure Random Multipathing  Filtering Ring  Let’s go design it!

Simple Proxy  Use nodes as proxies  They can make filtering decisions  Forward remaining traffic to server  How do they make filtering decisions?  Do we trust them?  How does the network know we trust them?

Mailbox  Use nodes as mailboxes  Hold each packet for an explicit request  Policy at destination  Don’t trust mailboxes  Explicitly express trust to the network  Still, any single node is vulnerable to attack

Secure Random Multipathing  Send traffic randomly among mailboxes  According to shared secret sequence

Secure Random Multipathing  Send traffic randomly among mailboxes  According to shared secret sequence  Botnet can take down one mailbox

Secure Random Multipathing  Send traffic randomly among mailboxes  According to shared secret sequence  Botnet can take down one mailbox  But communication continues

Secure Random Multipathing  Send traffic randomly among mailboxes  According to shared secret sequence  Botnet can take down one mailbox  But communication continues  Diluted attacks against all mailboxes fail

Secure Random Multipathing  Sequence of mailboxes  Negotiate secret X at connection setup  Construct a secret sequence based on X x 0 = h(X,X), x i = h(x i-1,X)  Use x i to name that packet and select mailbox  Also a lightweight authenticator  Need a multipath congestion control algorithm

Filtering Ring  Attackers can ignore the mailboxes and just attack the server  Need to drop unrequested traffic in the network  request/response framework signals the network

blacklistwhitelistblacklistwhitelist xixi xixi blacklistwhitelist xixi Filtering Ring req: x i data: x i req: x i data: x i req: x i

Connection Setup  So far, we protect established connections  How do clients initiate connections?  Server issues “first packet” requests  Mediate access to these requests  Computational puzzles (Portcullis-style) Per-computation fair queueing  Authentication tokens For small deployments w/known principals

Example

 Get static content and applet from CDN (1)  Connection setup  Get/solve puzzle (2)  Server issues first packet request (3)  First packet & request paired and sent (4,5)  Server returns mailbox list and secret X (6)  Protected comm. (7)

Example  Get static content and applet from CDN (1)  Connection setup  Get/solve puzzle (2)  Server issues first packet request (3)  First packet & request paired and sent (4,5)  Server returns mailbox list and secret X (6)  Protected comm. (7)

Example  Get static content and applet from CDN (1)  Connection setup  Get/solve puzzle (2)  Server issues first packet request (3)  First packet & request paired and sent (4,5)  Server returns mailbox list and secret X (6)  Protected comm. (7)

Example  Get static content and applet from CDN (1)  Connection setup  Get/solve puzzle (2)  Server issues first packet request (3)  First packet & request paired and sent (4,5)  Server returns mailbox list and secret X (6)  Protected comm. (7)

Example  Get static content and applet from CDN (1)  Connection setup  Get/solve puzzle (2)  Server issues first packet request (3)  First packet & request paired and sent (4,5)  Server returns mailbox list and secret X (6)  Protected comm. (7)

Example  Get static content and applet from CDN (1)  Connection setup  Get/solve puzzle (2)  Server issues first packet request (3)  First packet & request paired and sent (4,5)  Server returns mailbox list and secret X (6)  Protected comm. (7)

Evaluation  Microbenchmarks on PlanetLab (see paper)  Simulation  Based on gathered topology data  PlanetLab node serve as stand in for server  7200 Akamai nodes as mailboxes  Attacker bandwidth from BT measurements (avg 3Mb)

Protection vs. Deployment All mailboxes see less than 30% “goodput” 60% of mailboxes see no loss 20% of mailboxes see high loss Even a moderate deployment ( Mb mailboxes and only the victim AS filtering) has huge benefit against large botnets (100k nodes)

Scalability Any fixed deployment will reach it’s limit at some point...

Scalability 40% of mailboxes see no loss even vs. 4 mil. attackers w/36k mbxes... but, a more significant deployment can deal with botnets an order of magnitude larger than those of today. 36, Mbit mailboxes.

Related Work  CDNs (Akamai, Coral, CoDeeN)  Capabilities (SIFF, TVA)  Overlays (SOS, MayDay, Spread Spectrum)  Resource Proofs (Speak Up, Portcullis)  Architecture (Secure-i3, Off By Default)  Filtering (AITF, dFence, CenterTrack, Pushback)  Wireless Frequency Hopping

Conclusions  Ties one server’s fate to the fate of the Internet  Scales to deal with attacks of today and tomorrow  Deployable  Use CDN for mailboxes  Use upstream ISP to install filtering ring  Server is in control  Explicitly asks for each packet  Implements it’s own policies locally  Is not required to trust any given mailbox

Questions?