SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail.

Slides:



Advertisements
Similar presentations
Quiz 1 Posted on DEN 8 multiple-choice questions
Advertisements

October 31st, 2003ACM SSRS'03 Tolerating Denial-of-Service Attacks Using Overlay Networks – Impact of Topology Ju Wang 1, Linyuan Lu 2 and Andrew A. Chien.
CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 13 – 4/5/05 1 D-WARD 1  Goal: detect attacks, reduce the attack traffic, recognize.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
You should worry if you are below this point.  Your projected and optimistically projected grades should be in the grade center soon o Projected:  Your.
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
1 SOS: Secure Overlay Services Angelos Keromytis, Dept. of Computer Science Vishal Misra, Dept. of Computer Science Dan Rubenstein, Dept. of Electrical.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Forum 2001John Kristoff - DePaul University1 Network Firewalls John Kristoff DePaul University Chicago, IL
Security Awareness: Applying Practical Security in Your World
July 2008IETF 72 - NSIS1 Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-01 Se Gi Hong & Henning Schulzrinne.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.
Using Overlays to Improve Security Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University SPIE ITCom Conference on Scalability and.
Firewalls CS591 Topics in Internet Security November Steve Miskovitz, Steve Peckham, Kan Hayashi.
Survey of Distributed Denial of Service Attacks and Popular Countermeasures Andrew Knotts, Kent State University Referenced from: Charalampos Patrikakis,Michalis.
3/30/2005 Auburn University Information Assurance Lab 1 Simulating Secure Overlay Services.
A Guide to major network components
Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Sample Research Defenses Packetscore Pushback Traceback SOS Proof-of-work systems Human behavior modeling SENSS.
1. SOS: Secure Overlay Service (+Mayday) A. D. Keromytis, V. Misra, D. Runbenstein Columbia University Presented by Yingfei Dong.
Security in MobileIP Fahd Ahmad Saeed. Wireless Domain Problem Wireless domain insecure Data gets broadcasted to everyone, and anyone hearing this can.
Distributed Denial of Service CRyptography Applications Bistro Presented by Lingxuan Hu April 15, 2004.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
Technical Refresher Session 3. Overview Difference between communication between devices on a single logical network and communication between different.
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
Routers. What is a Router? A multi-port connectivity device Can connect different types of LANs as well as WANS Works at Layer 3 – Network Layer using.
SDN based Network Security Monitoring in Dynamic Cloud Networks Xiuzhen CHEN School of Information Security Engineering Shanghai Jiao Tong University,
SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Cisco 3 - LAN Perrine. J Page 110/20/2015 Chapter 8 VLAN VLAN: is a logical grouping grouped by: function department application VLAN configuration is.
NETWORK COMPONENTS Assignment #3. Hub A hub is used in a wired network to connect Ethernet cables from a number of devices together. The hub allows each.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Firewalls Julie Petrusa S.A.M. Matiur Rahman Carlo Mormina.
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Tracy Wagner CDA 6938.
1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Hiral Chhaya CDA 6133.
1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.
NETWORK COMPONENTS BY REYNALDO ZAMORA. HUB Hubs are devices that serve as the central connection for a network. Its job is to send data from one computer.
Mobile IPv6 and Firewalls: Problem Statement Speaker: Jong-Ru Lin
Section #7: Getting Data from Point A to Point B.
MIPv6Security: Dimension Of Danger Unauthorized creation (or deletion) of the Binding Cache Entry (BCE).
SOS: An Architecture For Mitigating DDoS Attacks Authors: Angelos D. Keromytis, Vishal Misra, Dan Rubenstein. Published: ACM SIGCOMM 2002 Presenter: Jerome.
Lecture 17 Page 1 CS 236, Spring 2008 Distributed Denial of Service (DDoS) Attacks Goal: Prevent a network site from doing its normal business Method:
Networking Components Assignment 3 Corbin Watkins.
What's a Firewall? A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using.
Networking Components Quick Guide. Hubs Device that splits a network connection into multiple computers Data is transmitted to all devices attached Computers.
COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.
Firewall Techniques Matt Cupp.
Computer Data Security & Privacy
Outline Basics of network security Definitions Sample attacks
Defending Against DDoS
Defending Against DDoS
Preventing Internet Denial-of-Service with Capabilities
IP-Spoofing and Source Routing Connections
Crypto #4 Encryption and Network Protocols
DDoS Attack and Its Defense
Outline Basics of network security Definitions Sample attacks
Presentation transcript:

SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

The main components Target Legitimate user Attacker

The basic idea DoS attacks succeed because the target is easy to find SOS Idea: Create an overlay and send the traffic through it

The Goal Allow already approved users to communicate with a target Prevent attackers packets from reaching the target The solution must be easy to distribute

1 st Step - Filter Routers near target filter packets according to their IP address – Legitimate users’ IP addresses allowed through – Illegitimate users’ IP addresses aren’t Problems: I)“good” and “bad” user share the same IP address II)”bad” user knows “good” user’s IP III)”good” user changes IP frequently Target Filter

2 nd Step - Proxy Install Proxies outside the filter whose IP addresses are permitted through the filter – Proxy only lets verified packets from legitimate sources through the filter Problem: I)Attacker pretends to be the proxy II)Attacker attacks the proxy Proxy Target

3 rd Step – Secret Servlet Keep the identity of the proxy secret – Name it Secret Servlet – Secret Servlet is known only by the target, and a few other points in the network

4 th Step – Overlays Send traffic to the secret servlet via a network overlay – Nodes: Devices – Paths: IP paths Verification can be performed inside each node Node Network overlay

5 th Step – SOAP Secure Overlay Access Points – Receive unverified packets and verify(IPsec,TLS) – Large number of SOAPS – Distributed firewall Node soap

Routing inside SOS Random route until secure servlet is reached(Inefficient) Instead use Chord service(hash function) Reaches a unique node called beacon Secret servlet, target inform beacon Node soap Node beac on

Overview of SOS User Node soap Node beac on Node Secure Servlet Target Secure Servlet Secure Servlet Secure Servlet beac on

Attacking SOS You can not directly attack target Attack secret servlet Attack beacons Attack other overlay nodes

Attacking Analysis Static Attack N # of nodes in the overlay SOAP = 10 Beacon = 10 Secure Servlet = 10 In order to have a successful DoS attack almost all overlay nodes must be compromised!

Attacking Analysis Static Attack In order to have a successful DoS attack number of beacons must be quite small!

Attacking Analysis Dynamic Attacks – SOS detects & removes attacked nodes – Attacker shifts from a removed node to an active one

Conclusions SOS protects a target from DoS attacks How? – Filter around the target – Hidden proxies – Network overlay for legitimate users to reach hidden proxies

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.