Presentation is loading. Please wait.

Presentation is loading. Please wait.

Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Doug Long Architecture Technology Corporation Odyssey Research Associates DARPA.

Published byRandolf Oliver Modified over 9 years ago

Similar presentations

Presentation on theme: "Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Doug Long Architecture Technology Corporation Odyssey Research Associates DARPA."— Presentation transcript:

1 Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Doug Long Architecture Technology Corporation Odyssey Research Associates DARPA OASIS PI Meeting February 14, 2001

2 Project Background Research Objective –Develop and demonstrate design techniques for building survivable information systems Organic survivability mechanisms to resist DoS attacks Focus on real-time, high availability military systems RFITS Approach –Sustain system operation at an acceptable service level from the time a DoS attack starts to the time the attack is neutralized and the system is reconstituted –Tactics employed by RFITS survivability techniques include Dodging Elusiveness Obfuscation Information hiding Camouflage

3 Project Background (Cont’d) Project deliverables –RFITS Application Handbook Compilation of design patterns for building survivable systems. Each entry will include –Motivation –Applicability (Usage scenarios) –Attacks addressed –Design assumptions –Implementation issues –Prototype Software Two-pronged approach for deriving RFITS techniques –Analysis of candidate mission-critical systems –Bottom-up analysis of foundation services for high-availability systems

4 Accomplishments Completed analysis of two candidate systems –Location-Aware Wireless Network Services (LAWNS) –Satellite based information dissemination services Completed analysis of internal clock synchronization protocols Developed initial set of design patterns for survivable systems, including –Dynamic address reconfiguration –Randomized dispatcher –Callback –Survivable clock synchronization –Fail-stop processors

5 Dynamic Address Reconfiguration Applicability - Protects many-to-one and one- to-many client-server interactions against DDoS attacks Attacks addressed - spoofed packet floods * host resource depletion * network access link depletion Assumptions - Clients are “known” to server - Clients are trustworthy - Attack traffic generated by non-clients

6 Dynamic Address Reconfiguration (Cont’d) Service provided (Policy enforced) Choke off attack traffic as close as possible to the source Operation of mechanism - Destination S can only be reached indirectly via IP multicast address, say M1 - Router R configured to filter out all downstream traffic except multicast packets - Upon detecting a flooding attack, S switches to a new multicast address M2 and securely notifies clients; it also de-registers from M1 - Clients send packets to M2; spoofed traffic goes to M1and is filtered out at R5 and R6

7 Alternative Implementation Uses “eluding” tactic versus “dodging” Destination periodically switches to a new multicast address and notifies all clients via secure channels Incurs higher performance overhead but is provides better protection against sophisticated snoopers Stronger protection may require camouflaging techniques to counter traffic analysis

8 Some Implementation Issues Hiding source addresses of responses from S –Use “deflector” pattern Scaling to large number of clients –Recursively apply pattern Protection against snoopers close to client –Use “deflector” pattern Accommodating legacy TCP applications –Split connection using proxy pair Supporting multiple services behind single access link –Use reserved virtual pipes S III CCCCCC

9 Randomized Dispatcher Applicability - Enables survivable server groups that are resistant to host disabling attacks Attacks addressed - “single shot” host takedown, e.g., IP stack attack Assumptions - diversity of host implementations - legitimate clients are “known” - attacks do not originate at clients - server group availability services protected by “hardcore” techniques Servers are configured in a multicast group. Flows are continually switched between servers in the group (information hiding).

10 Composite Technique Service provided (Policy enforced) - Dynamic address reconfiguration and randomized dispatching in tandem deflect offending traffic from victim Operation of mechanism - Anomaly based detection of host attack triggers server group address reconfiguration - Address reconfiguration is propagated through “suspected” portions of the network - supports efficient localized recovery S I1I2I3 CCCCCC

11 Callback Applicability - Survivable dial-on-demand link set-up between IP subnets Attacks addressed - dial port flooding Operation - Upon detecting an attack, victim router calls back a “randomly” chosen detour router - Primary router tunnels all packets for victim through the detour router Assumptions - callback list on victim router is not known to attacker - security association exists between detour routers and primary router

12 Intrusion-Tolerant Clock Synchronization Fault-Tolerant external protocols offer partial protection. But can still be defeated by malicious attack on the communication infrastructure. Must protect individual nodes from malicious attack.

13 Two-Phase Clock Synchronization Protocol Multiple local clocks at each node. Network round synchronizes a representative clock from each node. Node round synchronizes local clocks. Limited responsiveness to adjustment protects node’s time value. Phase I Phase II

14 Benefits Strictly better than single-phase protocol: hardened node can temporarily resist complete attack. Compatible with network synchronization protocol: node’s participation or not in second phase is transparent to first phase. Innate responsiveness on the order of the node’s latency. Responsiveness can be adjusted upward to manage tradeoff with protection.

15 Intrusion-Tolerant Fail-Stop Processors Traditional Fail-Stop Processor magnifies attack Voting strategy does not guarantee fail-stop property Secret sharing techniques offer alternative approach P1P1 P2P2 P3P3 P4P4 C

16 Secret Sharing Share a secret among N trustees, such that –Any K trustees can reconstruct secret –No set of K-1 trustees can reconstruct secret Variants –Re-shareable secrets –Function sharing –Dynamic re-sharing

17 Fail-Stop Processor Split a function among N processors As long as K processors are available to compute the function, the processor is able to function If fewer than K processors are available, then shutdown Guarantees fail-stop property without attack magnification

18 Candidate Targets for Demonstrating RFITS Techniques Location-Aware Wireless Network Service (LAWNS) –geographically targeted unicast and multicast delivery of information to mobile users –range-restricted information dissemination –geographic routing services overlayed over IP routing –DoD applications include marine expeditionary forces, extended littoral battlefield, Future Combat System USCG Secure Information Dissemination System –enables information exchange between on-shore resources and mobile platforms (cutters and aircraft) over dial-up commercial satellite services –DoD applications include OTH intra battle group communication and submarine SATCOM services Agent-based logistics plan monitoring system Network services for split-base operations

19 Task Schedule

Download ppt "Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Doug Long Architecture Technology Corporation Odyssey Research Associates DARPA."

Similar presentations

Internet Indirection Infrastructure (i3 ) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002 Presented by:

Internet Indirection Infrastructure (i3 ) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002 Presented by:
2009-03-16 1 Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.

Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.
1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.
Packet Switching COM1337/3501 Textbook: Computer Networks: A Systems Approach, L. Peterson, B. Davie, Morgan Kaufmann Chapter 3.

Packet Switching COM1337/3501 Textbook: Computer Networks: A Systems Approach, L. Peterson, B. Davie, Morgan Kaufmann Chapter 3.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.

Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Randomized Failover Intrusion- Tolerant Systems (RFITS) Ranga Ramanujan, Maher Kaddoura, John Wu, Clint Sanders, Doug Harper, David Baca Architecture Technology.

Randomized Failover Intrusion- Tolerant Systems (RFITS) Ranga Ramanujan, Maher Kaddoura, John Wu, Clint Sanders, Doug Harper, David Baca Architecture Technology.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.

Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.
CS 268: Lecture 5 (Project Suggestions) Ion Stoica February 6, 2002.

CS 268: Lecture 5 (Project Suggestions) Ion Stoica February 6, 2002.
© 2003 By Default! A Free sample background from www.powerpointbackgrounds.com Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Shivkumar KalyanaramanRensselaer Q1-1 ECSE-6600: Internet Protocols Quiz 1 Time: 60 min (strictly enforced) Points: 50 YOUR NAME: Be brief, but DO NOT.

Shivkumar KalyanaramanRensselaer Q1-1 ECSE-6600: Internet Protocols Quiz 1 Time: 60 min (strictly enforced) Points: 50 YOUR NAME: Be brief, but DO NOT.
CS 268: Project Suggestions Ion Stoica February 6, 2003.

CS 268: Project Suggestions Ion Stoica February 6, 2003.

Similar presentations

Ads by Google