FastPass: Availability Tokens to Defeat DoS Presented at CMU Systems Seminar by: Dan Wendlandt Work with: David Andersen & Adrian Perrig.

Slides:

Advertisements

Similar presentations

Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.

Advertisements

Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Using Capability to prevent Internet Denial-of-Service attacks  Tom Anderson  Timothy Roscoe  David Wetherall  Offense Team –Khoa To –Amit Saha.

A Survey of Secure Wireless Ad Hoc Routing

Phalanx: Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy Tom Anderson University of Washington NSDI 2008.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.

15-441: Computer Networking Lecture 26: Networking Future.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

A DoS-Limiting Network Architecture Presented by Karl Deng Sagar Vemuri.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

1 TVA: A DoS-limiting Network Architecture Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas Anderson (Univ. of Washington)

Portcullis: Protecting Connection Setup from Denial-of-Capability Attacks Bryan Parno, Dan Wendlandt, Elaine Shi, Adrian Perrig, Bruce Maggs, Yih-Chun.

Efficient and Secure Source Authentication with Packet Passports Xin Liu (UC Irvine) Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas.

A DoS Limiting Network Architecture An Overview by - Amit Mondal.

A Scalable, Commodity Data Center Network Architecture.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Network Security Sorina Persa Group 3250 Group 3250.

Virtual Private Network

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.

Presenter: Chen Chih-Ming 96/12/27. Outline  Background  Problem Definition  State of Art  Portcullis Architecture  Designs  Potential Attacks 

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

Chapter 13 – Network Security

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

1 Spring Semester 2009, Dept. of Computer Science, Technion Internet Networking recitation #3 Mobile Ad-Hoc Networks AODV Routing.

1 Chapter 1 OSI Architecture The OSI 7-layer Model OSI – Open Systems Interconnection.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Fundamentals of Computer Networks ECE 478/578 Lecture #19: Transport Layer Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.

Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.

New Cryptographic Techniques for Active Networks Sandra Murphy Trusted Information Systems March 16, 1999.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

Portcullis: Protecting Connection Setup from Denial-of-Capability Attacks Paper by: Bryan Parno et al. (CMU) Presented by: Ionut Trestian Gergely Biczók.

SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Tracy Wagner CDA 6938.

CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.

1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.

JELENA MIRKOVIC (USC) PETER REIHER (UCLA) Building Accountability into the Future Internet In Proc. IEEE NPSec, 2009 Speaker: Yun Liaw.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 22 PHILLIPA GILL - STONY BROOK U.

Deny-by-Default Distributed Security Policy Enforcement in MANETs Joint work with Mansoor AlicherryAngelos D. Keromytis Columbia University Angelos Stavrou.

Chapter 40 Network Security (Access Control, Encryption, Firewalls)

1 IEX8175 RF Electronics Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

1 Transport Layer: Basics Outline Intro to transport UDP Congestion control basics.

IP Protocol CSE TCP/IP Concepts Connectionless Operation Internetworking involves connectionless operation at the level of the Internet Protocol.

Mr. Sathish Kumar. M Department of Electronics and Communication Engineering I’ve learned that people will forget what you said, people will forget what.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Network Layer COMPUTER NETWORKS Networking Standards (Network LAYER)

Visit for more Learning Resources

Phalanx : Withstanding Multimillion-Node Botnets

Introduction to Networking

Presentation transcript:

FastPass: Availability Tokens to Defeat DoS Presented at CMU Systems Seminar by: Dan Wendlandt Work with: David Andersen & Adrian Perrig

Bandwidth exhaustion attacks require infrastructure support Loss at router buffers, before reaching endhost

Basic Idea: Availability tokens Allow Internet destinations to provide clients with an “availability token” through an arbitrary out-of-band mechanism that guarantees Internet availability regardless of host resource capacity OR the number of attackers.

Stateless Router-based Capabilities: A useful building block Source Destination xx 92xx 9234xx Give priority?

Problem: Denial-of-Capability First packet is sent without capability This request channel is subject to packet floods (DoC). Back where we started? NO!

New Requirement: One packet Instead of protecting a flow that can be adversely affected by even low loss percentages, we now must only get ONE PACKET through.

Possible Approaches “Dumb” Routers: Best-effort traffic, rely on probability… “Fair” Routers: Try to give everyone an equal chance… “Informed” Routers: Infrastructure is told by destinations what packets to prioritize

Availability in a Next-Gen architecture ( m2m ) ? Many more hosts Diverse end-host resources (bandwidth & computation) Greater cost of being unreachable More stringent requirements for time to establish a connection

How to compare? Time-to-Capability (TTC) Robustness to uncooperative infrastructure Cost/complexity to deploy Assumptions about topology or client resources Scalability & nature of collateral damage

Today: Incremental Improvements All previous schemes increase the number of attacker resources needed to totally deny availability to a destination, but do not offer fundamentally secure availability.

Goal: Setting a Higher Bar We want arbitrary hosts to be able to communicate without delay regardless of their location in the Internet topology or their local resources. Subject only to provisioning the purchase from their network service provider. Total Network Capacity Control

Availability Tokens Extra data in the capability header that proves to forwarding routers that the destination wishes to accept the request packet Link Header IP Header Capability & Token Transport Level Header & Data Request Packet

Examples Destinations outsource token distribution to Akamai, which requires proof-of-work, etc to provide token. Protected by bandwidth & geographic diversity An online brokerage uses a one-time- password tool to generate tokens. Small company provides private key to employees along with VPN software.

A flavor of three schemes Public Key Scheme Iterative Capability Discovery Hash-Chain Scheme WARNING! Important Details Omitted due to time-constraints

Public Key Scheme Private key generates token as a signature, public key distributed to all routers. Routers verify signature and check for duplicate or expired tokens. Main Challenge: Crypto cannot be DoS-able.

Iterative Capability Discovery Use partial router capabilities to protect “discovered” portions of the path. At congested points, encrypt capabilities THROUGH congested router with public key of destination, “punt” it back to client. Dest. authorizes client by decrypting these capabilities. Iterate.

Iterative Discovery (1) Source Destination 4xx46x 46x Encrypted with Dest. Public key Returned to Source Congestion!

Iterative Discovery (2) 46x Source Akamai+ Proof of Work / Identity 46x Unencrypted Capability

Iterative Discovery (1) Source Destination 46x Congestion! Partial Capability works as token to get request through congested router

Lightweight Hash-Chain Scheme Idea: Replace public key crypto with symmetric, using a shared router + destination secret. This comes at the cost of robustness to compromised routers. How to make this work in today’s architecture & routers?

Lightweight Hash-Chain Scheme D H_1 = Hash(H_0) Destination has secret H0 H_2 = Hash(H_1) AS X AS Y AS DAS C AS B AS A

Hash-Chain tokens Destination can compute all H_i, and provides source S with sequence of Hash(S-address, H_i) pairs. Compromised of key H_i only impacts routers at a radius >= i from the source.

Thanks! Interested in chatting or reading a SIGCOMM draft? Let me know!