Faculty of Electrical Engineering, Technion DSN 2004 Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.

Slides:



Advertisements
Similar presentations
Consistency and Replication Chapter 7 Part II Replica Management & Consistency Protocols.
Advertisements

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Playback delay in p2p streaming systems with random packet forwarding Viktoria Fodor and Ilias Chatzidrossos Laboratory for Communication Networks School.
On Large-Scale Peer-to-Peer Streaming Systems with Network Coding Chen Feng, Baochun Li Dept. of Electrical and Computer Engineering University of Toronto.
Optimizing Buffer Management for Reliable Multicast Zhen Xiao AT&T Labs – Research Joint work with Ken Birman and Robbert van Renesse.
CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.
The SMART Way to Migrate Replicated Stateful Services Jacob R. Lorch, Atul Adya, Bill Bolosky, Ronnie Chaiken, John Douceur, Jon Howell Microsoft Research.
Gossip Algorithms and Implementing a Cluster/Grid Information service MsSys Course Amar Lior and Barak Amnon.
Reliable Group Communication Quanzeng You & Haoliang Wang.
Structural Reliability Analysis – Basics
LightFlood: An Optimal Flooding Scheme for File Search in Unstructured P2P Systems Song Jiang, Lei Guo, and Xiaodong Zhang College of William and Mary.
Faculty of Electrical Engineering, Technion Drum Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.
1 Principles of Reliable Distributed Systems Lecture 6: Synchronous Uniform Consensus Spring 2005 Dr. Idit Keidar.
Distributed Algorithms for Secure Multipath Routing
Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.
Directed Diffusion: A Scalable and Robust Communication Paradigm for Sensor Networks.
Implementing dynamic membership in a secure multicast protocol Ilana Sarfati and Orna Dutech Winter 2005 Supervisor : Gal Badishi הטכניון – מכון טכנולוגי.
1 Principles of Reliable Distributed Systems Lecture 3: Synchronous Uniform Consensus Spring 2006 Dr. Idit Keidar.
 Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 7: Failure Detectors.
CS 582 / CMPE 481 Distributed Systems
Faculty of Electrical Engineering, Technion FuDiCo II G. Badishi & I. Keidar Towards Survivability of Application-Level Multicast Gal Badishi, Idit Keidar,
Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 6: Synchronous Byzantine.
Faculty of Electrical Engineering, Technion May 2004 Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.
Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.
Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 5: Synchronous Uniform.
Josef WidderBooting Clock Synchronization1 The  - Model, and how to Boot Clock Synchronization in it Josef Widder Embedded Computing Systems Group
Self Healing Wide Area Network Services Bhavjit S Walha Ganesh Venkatesh.
EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 6: Synchronous Byzantine.
Faculty of Electrical Engineering, Technion DSN 2004 Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.
A Cross Layer Approach for Power Heterogeneous Ad hoc Networks Vasudev Shah and Srikanth Krishnamurthy ICDCS 2005.
Towards a More Functional and Secure Network Infrastructure Dan Adkins, Karthik Lakshminarayanan, Adrian Perrig (CMU), and Ion Stoica.
 Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 7: Failure Detectors.
Correctness of Gossip-Based Membership under Message Loss Maxim Gurevich, Idit Keidar Technion.
Multicast Communication Multicast is the delivery of a message to a group of receivers simultaneously in a single transmission from the source – The source.
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
Computer System Lifecycle Chapter 1. Introduction Computer System users, administrators, and designers are all interested in performance evaluation. Whether.
Efficient and Robust Query Processing in Dynamic Environments Using Random Walk Techniques Chen Avin Carlos Brito.
IPDPS 2007 Making Peer-to-Peer Anonymous Routing Resilient to Failures Yingwu Zhu Seattle University
Slicing the Onion: Anonymity Using Unreliable Overlays Sachin Katti Jeffrey Cohen & Dina Katabi.
Communication (II) Chapter 4
RTS/CTS-Induced Congestion in Ad Hoc Wireless LANs Saikat Ray, Jeffrey B. Carruthers, and David Starobinski Department of Electrical and Computer Engineering.
Exploring VoD in P2P Swarming Systems By Siddhartha Annapureddy, Saikat Guha, Christos Gkantsidis, Dinan Gunawardena, Pablo Rodriguez Presented by Svetlana.
Probabilistic Broadcast Presented by Keren Censor 1.
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
Computer Science 1 CSC 774 Advanced Network Security Distributed detection of node replication attacks in sensor networks (By Bryan Parno, Adrian Perrig,
Distributed Transaction Management, Fall 2002 Unconventional transactions Jyrki Nummenmaa
Parallel and Distributed Simulation Synchronizing Wallclock Time.
Impact of Topology on Overlay Multicast Suat Mercan.
1 A Randomized Space-Time Transmission Scheme for Secret-Key Agreement Xiaohua (Edward) Li 1, Mo Chen 1 and E. Paul Ratazzi 2 1 Department of Electrical.
Mitigating DoS Attack Through Selective Bin Verification Micah Sherr a, Michael Greenwald b, Carl A. Gunter c, Sanjeev Khanna a, and Santosh S. Venkatesh.
Presentation slides prepared by Ramakrishnan.V LMS: A Router Assisted Scheme for Reliable Multicast Christos Papadopoulos, University of Southern California.
1 SmartGossip: An Adaptive Broadcast Service for Wireless Sensor Networks Presented By Thomas H. Hand Duke University Adapted from: “ SmartGossip: An Adaptive.
Toward Fault-tolerant P2P Systems: Constructing a Stable Virtual Peer from Multiple Unstable Peers Kota Abe, Tatsuya Ueda (Presenter), Masanori Shikano,
SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Tracy Wagner CDA 6938.
Thomas Dreibholz Institute for Experimental Mathematics University of Duisburg-Essen, Germany University of Duisburg-Essen, Institute.
2007/1/15http:// Lightweight Probabilistic Broadcast M2 Tatsuya Shirai M1 Dai Saito.
Copyright © 2006, UCD Dublin Systems Research Group School of Computer Science and Informatics UCD Dublin, Belfield, Dublin 4, Ireland
Sep. 1, SIGCOMM '99 Dan Rubenstein1 The Impact of Multicast Layering on Network Fairness Dan Rubenstein Jim Kurose Don Towsley.
Prof. Mort AnvariStrayer University at Arlington, VAAugust Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.
Networks, Part 2 March 7, Networks End to End Layer  Build upon unreliable Network Layer  As needed, compensate for latency, ordering, data.
Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally
1 Roie Melamed, Technion AT&T Labs Araneola: A Scalable Reliable Multicast System for Dynamic Wide Area Environments Roie Melamed, Idit Keidar Technion.
Pouya Ostovari and Jie Wu Computer & Information Sciences
Coding for Multipath TCP: Opportunities and Challenges Øyvind Ytrehus University of Bergen and Simula Res. Lab. NNUW-2, August 29, 2014.
湖南大学-信息科学与工程学院-计算机与科学系
Strayer University at Arlington, VA
Presentation transcript:

Faculty of Electrical Engineering, Technion DSN 2004 Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based Multicast Gal Badishi, Idit Keidar, Amir Sasson

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 OutlineOutline The problem The problem Overview of gossip-based multicast Overview of gossip-based multicast Proposed solution - Drum Proposed solution - Drum Analysis and simulations Analysis and simulations Implementation and measurements Implementation and measurements Summary and general principles Summary and general principles The problem The problem Overview of gossip-based multicast Overview of gossip-based multicast Proposed solution - Drum Proposed solution - Drum Analysis and simulations Analysis and simulations Implementation and measurements Implementation and measurements Summary and general principles Summary and general principles

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Denial of Service (DoS) Unavailability of service Unavailability of service –Exhausting resources Remote attacks Remote attacks –Network level Solutions do not solve all application problems Solutions do not solve all application problems –Application level Got little attention Got little attention Quantitative analysis of impact on application and identification of vulnerabilities needed Quantitative analysis of impact on application and identification of vulnerabilities needed Unavailability of service Unavailability of service –Exhausting resources Remote attacks Remote attacks –Network level Solutions do not solve all application problems Solutions do not solve all application problems –Application level Got little attention Got little attention Quantitative analysis of impact on application and identification of vulnerabilities needed Quantitative analysis of impact on application and identification of vulnerabilities needed

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 ChallengesChallenges Quantify the effect of DoS at the application level Quantify the effect of DoS at the application level Expose vulnerabilities Expose vulnerabilities Find effective DoS-mitigation techniques Find effective DoS-mitigation techniques –Prove their usefulness using the found metric Multicast as an example Multicast as an example Quantify the effect of DoS at the application level Quantify the effect of DoS at the application level Expose vulnerabilities Expose vulnerabilities Find effective DoS-mitigation techniques Find effective DoS-mitigation techniques –Prove their usefulness using the found metric Multicast as an example Multicast as an example

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Tree-Based Multicast Use a spanning tree – most common solution Use a spanning tree – most common solution No duplicates (optimal BW when network-level) No duplicates (optimal BW when network-level) Single points of failure Single points of failure Use a spanning tree – most common solution Use a spanning tree – most common solution No duplicates (optimal BW when network-level) No duplicates (optimal BW when network-level) Single points of failure Single points of failure Source

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Gossip-Based Multicast Progresses in rounds Progresses in rounds Every round Every round –Choose random partners (view ) –Send or receive messages –Discard old msgs from buffer Probabilistic reliability Probabilistic reliability Uses redundancy to achieve robustness Uses redundancy to achieve robustness Two methods Two methods –Push –Pull Progresses in rounds Progresses in rounds Every round Every round –Choose random partners (view ) –Send or receive messages –Discard old msgs from buffer Probabilistic reliability Probabilistic reliability Uses redundancy to achieve robustness Uses redundancy to achieve robustness Two methods Two methods –Push –Pull

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 PushPush Source

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 PullPull Source

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Effects of DoS on Gossip Surprisingly, we show that naïve gossip is vulnerable to DoS attacks Surprisingly, we show that naïve gossip is vulnerable to DoS attacks Attacking a process in pull-based gossip may prevent it from sending messages Attacking a process in pull-based gossip may prevent it from sending messages Attacking a process in push-based gossip may prevent it from receiving messages Attacking a process in push-based gossip may prevent it from receiving messages Surprisingly, we show that naïve gossip is vulnerable to DoS attacks Surprisingly, we show that naïve gossip is vulnerable to DoS attacks Attacking a process in pull-based gossip may prevent it from sending messages Attacking a process in pull-based gossip may prevent it from sending messages Attacking a process in push-based gossip may prevent it from receiving messages Attacking a process in push-based gossip may prevent it from receiving messages

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 DrumDrum A new gossip-based ALM protocol A new gossip-based ALM protocol Utilizes DoS-mitigation techniques Utilizes DoS-mitigation techniques –Using random one-time ports to communicate –Combining both push and pull –Separating and bounding resources Eliminates vulnerabilities to DoS Eliminates vulnerabilities to DoS Proven robust using formal analysis and quantitative evaluation Proven robust using formal analysis and quantitative evaluation A new gossip-based ALM protocol A new gossip-based ALM protocol Utilizes DoS-mitigation techniques Utilizes DoS-mitigation techniques –Using random one-time ports to communicate –Combining both push and pull –Separating and bounding resources Eliminates vulnerabilities to DoS Eliminates vulnerabilities to DoS Proven robust using formal analysis and quantitative evaluation Proven robust using formal analysis and quantitative evaluation

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Random Ports Any request necessitating a reply contains a random port number Any request necessitating a reply contains a random port number –“Invisible” to the attacker (e.g., encrypted) The reply is sent to that random port The reply is sent to that random port Assumption: Network withstands load Assumption: Network withstands load Any request necessitating a reply contains a random port number Any request necessitating a reply contains a random port number –“Invisible” to the attacker (e.g., encrypted) The reply is sent to that random port The reply is sent to that random port Assumption: Network withstands load Assumption: Network withstands load Request + random port number Wait on random port Wait on well- known port

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Combining Push and Pull Attacking push cannot prevent receiving messages via pull (random ports) Attacking push cannot prevent receiving messages via pull (random ports) Attacking pull cannot prevent sending via push Attacking pull cannot prevent sending via push Each process has some control over the processes it communicates with Each process has some control over the processes it communicates with Attacking push cannot prevent receiving messages via pull (random ports) Attacking push cannot prevent receiving messages via pull (random ports) Attacking pull cannot prevent sending via push Attacking pull cannot prevent sending via push Each process has some control over the processes it communicates with Each process has some control over the processes it communicates with

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Bounding Resources Motivation: prevent resource exhaustion Motivation: prevent resource exhaustion Each round process a random subset of the arriving messages and discard the rest Each round process a random subset of the arriving messages and discard the rest Separate resources for orthogonal operations Separate resources for orthogonal operations Motivation: prevent resource exhaustion Motivation: prevent resource exhaustion Each round process a random subset of the arriving messages and discard the rest Each round process a random subset of the arriving messages and discard the rest Separate resources for orthogonal operations Separate resources for orthogonal operations Valid Request Bogus Request Round Duration

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Evaluation: Staged DoS Attacks Increasing strength Increasing strength –shows trend under DoS Fixed strength Fixed strength –exposes vulnerabilities Source is always attacked Source is always attacked Analysis, simulations, measurements Analysis, simulations, measurements Increasing strength Increasing strength –shows trend under DoS Fixed strength Fixed strength –exposes vulnerabilities Source is always attacked Source is always attacked Analysis, simulations, measurements Analysis, simulations, measurements

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Analysis – Increasing Strength Assume static group, strict subset is attacked Assume static group, strict subset is attacked Lemma 1: Drum’s propagation time is bounded from above by a constant independent of the attack rate Lemma 1: Drum’s propagation time is bounded from above by a constant independent of the attack rate Lemma 2: The propagation time of Push grows at least linearly with the attack rate Lemma 2: The propagation time of Push grows at least linearly with the attack rate Lemma 3: The propagation time of Pull grows at least linearly with the attack rate Lemma 3: The propagation time of Pull grows at least linearly with the attack rate Assume static group, strict subset is attacked Assume static group, strict subset is attacked Lemma 1: Drum’s propagation time is bounded from above by a constant independent of the attack rate Lemma 1: Drum’s propagation time is bounded from above by a constant independent of the attack rate Lemma 2: The propagation time of Push grows at least linearly with the attack rate Lemma 2: The propagation time of Push grows at least linearly with the attack rate Lemma 3: The propagation time of Pull grows at least linearly with the attack rate Lemma 3: The propagation time of Pull grows at least linearly with the attack rate

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Analysis – Fixed Strength Lemma 4: For strong enough attacks, Drum’s expected propagation time is monotonically increasing as the percentage of attacked processes increases Lemma 4: For strong enough attacks, Drum’s expected propagation time is monotonically increasing as the percentage of attacked processes increases

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 High-Throughput Experiments Multithreaded Java implementation Multithreaded Java implementation Single source creates 40 msgs/sec Single source creates 40 msgs/sec Round duration = 1 second Round duration = 1 second Measure throughput and latency at the receiving processes Measure throughput and latency at the receiving processes Multithreaded Java implementation Multithreaded Java implementation Single source creates 40 msgs/sec Single source creates 40 msgs/sec Round duration = 1 second Round duration = 1 second Measure throughput and latency at the receiving processes Measure throughput and latency at the receiving processes

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 SummarySummary Gossip-based protocols are very robust, but… Gossip-based protocols are very robust, but… –naïve gossip-based protocols are vulnerable to targeted DoS attacks Drum uses simple techniques to mitigate the effects of DoS attacks Drum uses simple techniques to mitigate the effects of DoS attacks Evaluations show Drum’s resistance to DoS Evaluations show Drum’s resistance to DoS The most effective attack against Drum is a broad one The most effective attack against Drum is a broad one Gossip-based protocols are very robust, but… Gossip-based protocols are very robust, but… –naïve gossip-based protocols are vulnerable to targeted DoS attacks Drum uses simple techniques to mitigate the effects of DoS attacks Drum uses simple techniques to mitigate the effects of DoS attacks Evaluations show Drum’s resistance to DoS Evaluations show Drum’s resistance to DoS The most effective attack against Drum is a broad one The most effective attack against Drum is a broad one

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 General Principles DoS-mitigation techniques: DoS-mitigation techniques: –random ports –neighbor-selection by local choices –separate resource bounds Design goal: eliminate vulnerabilities Design goal: eliminate vulnerabilities –The most effective attack is a broad one Analysis and quantitative evaluation of impact of DoS Analysis and quantitative evaluation of impact of DoS DoS-mitigation techniques: DoS-mitigation techniques: –random ports –neighbor-selection by local choices –separate resource bounds Design goal: eliminate vulnerabilities Design goal: eliminate vulnerabilities –The most effective attack is a broad one Analysis and quantitative evaluation of impact of DoS Analysis and quantitative evaluation of impact of DoS

Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.