Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories Gul Agha Michael Greenwald Carl Gunter Sanjeev Khanna Jose Meseguer Koushik.

Published byRose Plemmons Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories Gul Agha Michael Greenwald Carl Gunter Sanjeev Khanna Jose Meseguer Koushik."— Presentation transcript:

1 1 Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories Gul Agha Michael Greenwald Carl Gunter Sanjeev Khanna Jose Meseguer Koushik Sen Prasanna Thati

2 2/28 Formal Analysis of Cryptographic Protocols Integrity and Confidentiality  Recipient not fooled or leaks information  algebraic techniques assumes idealized cryptographic primitives  complexity-theoretic techniques based on complexity assumptions

3 3/28 Availability Attack Availability threats  whether recipient available to valid sender  algebraic and/or complexity theoretic methods are not suitable for finding availability threats assumes adversary can insert, delete, or replay messages  availability attack is assured as the adversary can delete any valid packet

4 4/28 Availability Attack Availability threats  whether recipient available to valid sender  algebraic and/or complexity theoretic methods are not suitable for finding availability threats assumes adversary can insert, delete, or replay messages  availability attack is assured as the adversary can delete any valid packet  How to model and analyze availability formally?

5 5/28 Our Goal Given a protocol P, let properties T hold for P  P is a traditional non-deterministic specification  T is a set of integrity and confidentiality properties Extend P to P * and T to T *  P * is DoS hardened P  T * includes availability properties in addition to T Goal  Prove that T * hold for P * without re-proving that T hold for P

6 6/28 Our Results Given a protocol P, let properties T hold for P  P is a traditional non-deterministic specification  T is a set of integrity and confidentiality properties Extend P to P * and T to T *  P * is DoS hardened P  T * includes availability properties in addition to T Goal  Prove that T * hold for P * without re-proving that T hold for P ?

7 7/28 Modeling and Analysis Probabilistic Rewrite Theories  Unified Algebraic Model  Probabilistic Object Model Properties in Continuous stochastic logic (CSL)  Statistical Model-checking [Sen et al. CAV’04, CAV’05, QEST’05] using Monte Carlo simulation and statistical hypothesis testing QuaTEx  Quantitative Temporal Expressions  Query language to gain quantitative insight about a model  Statistical computation of QuaTEx [QAPL’05]

8 8/28 DoS Models and Counter-measures “Shared Memory” model  adversary cannot delete packet  adversary can replay or insert message in the network “Asymmetry Paradigm”  adversary attacks by recognizing: certain operations at recipient are expensive whereas invoking them is easy so it uses all of its bandwidth to invoke expensive operations creates a difference (asymmetry)  receiver can increase the burden on attacker “selective verification” is our approach C Gunter, S Khanna, K Tan, S Venkatesh 2004

9 9/28 Selective Sequential Verification The signature stream is vulnerable to signature flooding: the adversary can devote his entire channel to fake signature packets Countermeasure :  Valid sender sends multiple copies of the signature packet  receiver checks each incoming signature packet with some probability (say, 25% or 1%)

10 10/28 Attack Profile R S requires low b/w channel with high processing cost at R A loads this channel with bad packets S A

11 11/28 Selective Verification RA S

12 12/28 Selective Verification R R makes channels lossy S adds redundancy A gets reduced channel Tradeoff: bandwidth vs. processing S A

13 13/28 TCP/IP: A case study Common Susceptible to DoS attacks:  SYN flood and others Existing solutions as benchmark:  Increase size of SYN cache, random drop, SYN cookies

14 14/28 TCP/IP: 3-way handshake A: valid senderB: valid receiver SYN SYN + ACK ACK SYN Cache

15 15/28 TCP/IP: SYN Flood Attack A: valid senderB: valid receiver SYN SYN Cache X: attacker SYN SYN Cache Full Packet Dropped

16 16/28 TCP/IP: SYN Flood Attack A: valid senderB: valid receiver SYN Cache X: attacker SYN Drop packet with probability 0.75 SYN SYN + ACK ACK M Delap, M Greenwald, C Gunter, S Khanna, Y Xu 2004

17 17/28 Standard Rewrite Theories rules are of the form t(x) ! t’ (x) if cond t t’ cond

18 18/28 Probabilistic Rewrite Theories (PRTh) we add probability information to rules t(x) ! t’(x,y) if cond with probability y:=  (x) t cond t’ G Agha, J Meseguer, N Kumar, K Sen 2003

19 19/28 Model TCP/IP 3-way handshake using PRwTh P Receiver: h B: buf, mi Message: (X Ã content) Rules: [drop packet]: h B: buf, mi (BÃ SYN(X,n)) ) h B: buf, mi [process packet]: h B: buf, mi (BÃ SYN(X,n)) ) h B: buf TCB(X,m), m+1i (XÃ SYN-ACK(B,m))

20 20/28 Model TCP/IP 3-way handshake using PRwTh P * Receiver: h B: buf, mi Message: (X Ã content) One Rule (selective verification): h B: buf, mi (BÃ SYN(X,n)) ) if drop? then h B: buf, mi else h B: buf TCB(X,m), m+1i (XÃ SYN-ACK(B,m)) fi with probability drop? := BERNOULLI(p).

21 21/28 Availability Property Property: The probability that eventually the attacker X successfully fills up the SYN cache of B is less than 0.01. P <0.01 [§(sucessful_attack())] Statistical Model-checking using Vesta model-checker K Sen, M Viswanathan, G Agha 2005

22 22/28 Tools PMaude: Extends Maude with probabilistic rewrite theories [QAPL’05]  Monte Carlo simulation of probabilistic rewrite theories with on un-quantified non-determinism Vesta: Statistical model-checker for continuous stochastic logic [CAV’05]  Java implementation

23 23/28 Results Cache-size = 10,000 timeout = 10 seconds number of valid senders = 100

24 24/28 Quantitative Queries Using QuaTEx What is the expected number of clients that successfully connect to S out of 100 clients? What is the probability that a client connected to S within 10 seconds after it initiated the connection request? CountConnected() = if completed() then count() else ° (CountConnected()) fi; eval E[CountConnected()]

25 25/28 Linux Kernel Test Attack rate in SYNs/sec received at server Graph shows successful connections per 450 threads Defenseless kernel: >6 SYNs/sec shuts out client Aggregate connections Attack rate Model predicts cliff M Delap, M Greenwald, C Gunter, S Khanna, Y Xu 2004

26 26/28 Results Expected number of clients out of 100 clients that get connected with the server under DoS attack

27 27/28 Conclusion A general framework for modeling and verifying DoS properties of communication protocols. Capable of expressing and proving key availability properties. Performance limitations require us to use scaled down version of parameters. Future Work  Addressing efficiency limitations  Verifying the properties for general systems

28 28/28 Summary Given a protocol P, let properties T hold for P  P is a traditional non-deterministic specification  T is a set of integrity and confidentiality properties Extend P to P * and T to T *  P * is DoS hardened P  T * includes availability properties in addition to T Goal  Prove that T * hold for P * without re-proving that T hold for P

29 29/28 SYN-flood defense: selective processing r X <= f B/t, then (1-f)B slots reserved for legit clients B B: size of SYN-cache t : timeout 0 < f < 1 r X : attacker rate p : probability of processing SYN at B M Delap, M Greenwald, C Gunter, S Khanna, Y Xu 2004

30 30/28 SYN-flood defense: selective processing r X <= f B/t, then (1-f)B slots reserved for legit clients Process SYNs with probability p <= f B/(t r X ) B p B: size of SYN-cache t : timeout 0 < f < 1 r X : attacker rate p : probability of processing SYN at B M Delap, M Greenwald, C Gunter, S Khanna, Y Xu 2004

31 31/28 SYN-flood defense: selective processing B p X 1/p Limited by net capacity. B: size of SYN-cache t : timeout 0 < f < 1 r X : attacker rate p : probability of processing SYN at B r X <= f B/t, then (1-f)B slots reserved for legit clients Process SYNs with probability p <= f B/(t r X ) Increase SYN packets sent by valid sender by 1/p M Delap, M Greenwald, C Gunter, S Khanna, Y Xu 2004

32 32/28 SYN-flood defense: selective processing r X <= f B/t, then (1-f)B slots reserved for legit clients Process SYNs with probability p <= f B/(t r X ) Increase SYN packets sent by valid sender by 1/p Attacker rate of p r X cannot fill more than f B slots B p p r A X 1/p rArA B: size of SYN-cache t : timeout 0 < f < 1 r X : attacker rate p : probability of processing SYN at B M Delap, M Greenwald, C Gunter, S Khanna, Y Xu 2004

Download ppt "1 Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories Gul Agha Michael Greenwald Carl Gunter Sanjeev Khanna Jose Meseguer Koushik."

Similar presentations

1 Data Link Protocols By Erik Reeber. 2 Goals Use SPIN to model-check successively more complex protocols Using the protocols in Tannenbaums 3 rd Edition.

1 Data Link Protocols By Erik Reeber. 2 Goals Use SPIN to model-check successively more complex protocols Using the protocols in Tannenbaums 3 rd Edition.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
1 Security in Wireless Protocols Bluetooth, 802.11, ZigBee.

1 Security in Wireless Protocols Bluetooth, , ZigBee.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.

Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Statistical Probabilistic Model Checking Håkan L. S. Younes Carnegie Mellon University.

Statistical Probabilistic Model Checking Håkan L. S. Younes Carnegie Mellon University.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
1 Staleness vs.Waiting time in Universal Discrete Broadcast Michael Langberg California Institute of Technology Joint work with Jehoshua Bruck and Alex.

1 Staleness vs.Waiting time in Universal Discrete Broadcast Michael Langberg California Institute of Technology Joint work with Jehoshua Bruck and Alex.
Formal Models of Availability Carl A. Gunter University of Pennsylvania (Soon to be the University of Illinois)

Formal Models of Availability Carl A. Gunter University of Pennsylvania (Soon to be the University of Illinois)
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Overview of Cryptography Anupam Datta CMU Fall 2007-08 18739A: Foundations of Security and Privacy.

Overview of Cryptography Anupam Datta CMU Fall A: Foundations of Security and Privacy.
Research Overview Carl A. Gunter University of Pennsylvania.

Research Overview Carl A. Gunter University of Pennsylvania.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
Discovery and Traversal of Security Gateways Alwyn E. Goodloe University of Pennsylvania Contessa NS Protocol eXchange June 10, 2005.

Discovery and Traversal of Security Gateways Alwyn E. Goodloe University of Pennsylvania Contessa NS Protocol eXchange June 10, 2005.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Similar presentations

Ads by Google