Download presentation
Presentation is loading. Please wait.
Published byJemimah Ward Modified over 8 years ago
1
Presenter: Chen Chih-Ming 96/12/27
2
Outline Background Problem Definition State of Art Portcullis Architecture Designs Potential Attacks Evaluation Discussion Conclusion
3
Background DoS Protected by Capability-based System Capability-based System DoC Flood request channel!
4
Problem Definition Guarantee successfully transmitting
5
State of Art Identity-Based Fairness Per-Source Fairness Per-Path Fairness (TVA) Per-Destination Fairness Proof-of-Work Schemes Per-Bandwidth Fairness (Speak up) Per-Computation Fairness
6
Portcullis Architecture Authenticity Availability Freshness Efficiency Granularity
7
Design
8
Design – cont. p = H(x||r||h i ||dest IP||l) r : 64 bit random choosed by client h i :seed from DNS Dest IP: Destination IP l : puzzle level, find the last l bits of p are all zero
9
Theoretical Result Assume attack have bounded resources Equal computation power M = Number of malicious machines Result Legitimate clients succeed in time O(M) For any routing policy, the time needed for capability setup is O(M)
10
Potential Attacks Sharing Puzzle Solutions Attack different link Still cannot flood bottleneck Timing Amplification High level puzzle need more time. Low level puzzle can pass through.
11
Evaluation Internet Scale Simulation Portcullis Attacker Strategies Comparative Simulations Partial Deployment
12
Evaluation – cont. Internet Scale Simulation DAIDA Skitter probe result ○ Router-level topology Victim uses single link connect Internet No bandwidth measurement ○ Sender have 1/10 bw of receiver(200Mbps) ○ Others are 10x bw of receiver Request packet is 1000 bits Request channel occupies 5% bw Randomly place client Equal computational resources
13
Evaluation – cont. Portcullis Attacker Strategies
14
Evaluation – cont. Comparative Simulations IP to ASN map router to AS for TVA
15
Evaluation – cont. Partial Deployment Victim’s ISP upgrades router.
16
Discussion Asymmetric computation Power Memory bound function, 3x~5x Puzzle Inflation Not exhausted Exhausted by high level packet Exhausted by mixture packet PlatformSHA-1 hashes/minNormalized Nokia 662025k1 Nokia N7036k1.33 Sharp Zaurus PDA56k2.24 Xeon 3.2GHz PC956k38.24
17
Conclusion Portcullis can make capability-based system more robust against DoC.
18
Comment Partial Deployment is strong advantage. Computing power varies dramatically from platform to platform.
19
Bye
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.