Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Shared Channel Model for DoS Carl A. Gunter With Sanjeev Khanna, Kaijun Tan, and Santosh Venkatesh.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "The Shared Channel Model for DoS Carl A. Gunter With Sanjeev Khanna, Kaijun Tan, and Santosh Venkatesh."— Presentation transcript:

1 The Shared Channel Model for DoS Carl A. Gunter With Sanjeev Khanna, Kaijun Tan, and Santosh Venkatesh

2 Challenge of Broadcast Authentication Inefficient to use public key signatures for each packet. Insecure to use a common distributed key. Inefficient, impractical, or impossible to use unicast tunnels. Many proposals have been made to address these problems. Delayed key release. Amortize costs of public key checks over multiple packets.

3 Challenge of DoS Attacks in broadcast case are more likely to be informed attacks in which sequence numbers and other aspects of protocol state are known. TCP is very vulnerable to informed attacks. Authentication based on Public Key Checks (PKCs) are vulnerable to signature flooding. FEC attacks lead to higher overheads.

4 Security Models for DoS Common form of analysis: show that the victim can defend against an attack that occupies his whole channel. Effective, but too conservative. Dolev-Yao: assume that the adversary controls the channel and can use packets of the legitimate sender. Also effective, but even more conservative. Attacks based on limited modifications. Not a common case. Wanted: a more realistic model of attack and countermeasures to exploit it.

5 Shared Channel Model Adversary can replay and insert packets. Legitimate sender sends packets with a maximum and minimum bandwidth. Legitimate sender experiences random loss, but not deliberate loss. Model is a four-tuple (W 0, W 1, A, p). W 0, W 1 min and max sender b/w A attacker max b/w p loss rate of sender

6 Shared Channel Model Example

7 Signature Flooding Attack factor R=A/W 1. Proportionate attack R=1. Disproportionate attack R>1. Stock PC can handle about 8000 PKC/sec. 10Mbps link sends about 900 pkt/sec, 100Mbps link sends about 9000 pkt/sec (assuming large packets). Processor is overwhelmed by too many signature checks. Adversary can devote full b/w to bad signatures at no cost. Budget: no more that 5% of processor on PKCs.

8 Broadcast Authentication Streams Data Stream Hash/Parity Stream Signature Stream

9 Selective Verification The signature stream is vulnerable to signature flooding: in a proportionate attack the adversary can devote his entire channel to fake signature packets. Countermeasure: Valid sender sends multiple copies of the signature packet. Receiver checks incoming signatures probabilistically.

10 BAS Sender Protocol 1. As data packets are produced, collect their hashes into hash packets. Send as soon as ready. 2. When enough data packets have been processed to make a TG, create parity packets and signature for the TG. 3. Interleave these with each other and with the data and hash packets of the next TG.

11 Interleaving of Transmission Groups

12 BAS Receiver Protocol 1. Acquisition phase: look for a valid signature until one is found. 2. When a signature packet is found, search a collection of packets before and after it to find candidate hash and parity packets. 3. Check hashes of these against the signature packet, and then use the parity packets to reproduce missing hash packets. 4. Continue searching for the next valid signature by checking each signature packet with specified probability .

13 Sample Numbers 10Mbps with 20% loss and 2 second latency 1584 data packets 11 hash packets, 11 parity packets 20 signature packets,  =.25 100Mbps with 40% loss and 1 second latency 8208 data packets 57 hash packets, 66 parity packets 200 signature packets,  =.025

14 Selective Verification is Very Efficient PKC/TG Sec/TG

15 Selective Verification is Very Effective PKC/TG Auth Loss

16 Implementation

17 Throughputs with Independent Loss and No Attack

18 Throughputs with Correlated Loss

19 Authentication Loss

20 Throughputs Under Severe Attacks 8% sig o/h3% sig o/h8% sig o/h Little effect!

21 Hash/Parity Overheads

22 Lessons and Extensions Other models (e.g. Dolev-Yao) are too conservative: they show DoS threat where effective countermeasures can be found. Selective verification can be done in many ways. Sequential: check each packet successively with given probability. Bin: classify signatures into “bins”, check bins with the fewest elements. Learn more: http://www.cis.upenn.edu/gunter

Download ppt "The Shared Channel Model for DoS Carl A. Gunter With Sanjeev Khanna, Kaijun Tan, and Santosh Venkatesh."

Similar presentations

Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.

Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 4.2 BiBa.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 4.2 BiBa.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
1 Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories Gul Agha Michael Greenwald Carl Gunter Sanjeev Khanna Jose Meseguer Koushik.

1 Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories Gul Agha Michael Greenwald Carl Gunter Sanjeev Khanna Jose Meseguer Koushik.
ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.

ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.
Containing DoS Attacks in Broadcast Authentication in Sensor Networks (Ronghua Wang, Wenliang Du, Peng Ning) Containing DoS Attacks in Broadcast Authentication.

Containing DoS Attacks in Broadcast Authentication in Sensor Networks (Ronghua Wang, Wenliang Du, Peng Ning) Containing DoS Attacks in Broadcast Authentication.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team 2009.07.20.

Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 Version 3.0 Module 6 Ethernet Fundamentals. 2 Version 3.0 Why is Ethernet so Successful? In 1973, it could carry data at 3 Mbps Now, it can carry data.

1 Version 3.0 Module 6 Ethernet Fundamentals. 2 Version 3.0 Why is Ethernet so Successful? In 1973, it could carry data at 3 Mbps Now, it can carry data.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
Formal Models of Availability Carl A. Gunter University of Pennsylvania (Soon to be the University of Illinois)

Formal Models of Availability Carl A. Gunter University of Pennsylvania (Soon to be the University of Illinois)
Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.

Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
Distributed Video Streaming Over Internet Thinh PQ Nguyen and Avideh Zakhor Berkeley, CA, USA Presented By Sam.

Distributed Video Streaming Over Internet Thinh PQ Nguyen and Avideh Zakhor Berkeley, CA, USA Presented By Sam.
MAC Protocols Media Access Control (who gets the use the channel) zContention-based yALOHA and Slotted ALOHA. yCSMA. yCSMA/CD. TDM and FDM are inefficient.

MAC Protocols Media Access Control (who gets the use the channel) zContention-based yALOHA and Slotted ALOHA. yCSMA. yCSMA/CD. TDM and FDM are inefficient.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Similar presentations

Ads by Google