Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

Published byJustin Grant Patterson Modified over 8 years ago

Similar presentations

Presentation on theme: "A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University."— Presentation transcript:

1 A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University of Delaware

2 05/11/2004 CISC 859 2 Outline Objectives Problem Description Related Work Proposed Solution Implementation Details Results Future Work Conclusion

3 05/11/2004 CISC 859 3 Objectives of the Project Propose a new simple and effective solution to stamp IP packet to enable easy authentication of IP packets so as to counter DDoS Attacks. Implement the above solution and conduct experiments on emulab testbed to verify its effectiveness.

4 05/11/2004 CISC 859 4 Problem Description DDoS is enormous threat to Internet. Many public websites available which don’t verify the authenticity of their users. Victims overwhelmed with requests and the legitimate users are denied service.

5 05/11/2004 CISC 859 5 Why DDoS difficult to solve? No authentication required to use services Little chance of attacker being caught Difficult to differentiate attack from legitimate traffic Huge Number of Vulnerable machines available Problem of finite resources

6 05/11/2004 CISC 859 6 Related Work IP Easy-pass: Edge Resource Access Control by H. Wang, A. Bose, M. El-Gendy, K. G. Shin Practical Network Support for IP Traceback by S. Savage, D. Wetherall, A. Karlin, T. Anderson StackPi by A. Perrig, D. Song. A. Yaar

7 05/11/2004 CISC 859 7 IP Easy-pass: Edge Resource Access Control by H. Wang, A. Bose, M. El-Gendy, K. G. Shin What we liked about this paper? –Per Packet Filtering based on IP Easy Pass –Dynamic Passes What we didn’t like about this paper? –Space Overhead –Encryption and Decryption Overhead

8 05/11/2004 CISC 859 8 Practical Network Support for IP Traceback by S. Savage, D. Wetherall, A. Karlin, T. Anderson What we liked about this paper? –The use of IP identification field for storing marks in the packets. What we didn’t like about this paper? –Reactive in nature

9 05/11/2004 CISC 859 9 StackPi by A. Perrig, D. Song. A. Yaar What we liked about this paper? –Per Packet Filtering –Proactive approach What we didn’t like about this paper? –Stale Pass –Complicated

10 05/11/2004 CISC 859 10 Desired Properties in Proposed Solution Simple to implement Limited Overheads Limited increase in end to end delay Per Packet Filtering Easily Deployable Robust

11 05/11/2004 CISC 859 11 Proposed Solution Create mechanism which would distinguish legitimate IP packets from attack packets. Drop all the packets which fail the filtering test.

12 05/11/2004 CISC 859 12 How to differentiate attack and legitimate packets? Generate Unique ID for each packet Store this key in the IP header’s identification field to avoid space overheads Routers check the packets ID field to check whether the given packet is genuine or not before forwarding to destination (Victim)

13 05/11/2004 CISC 859 13 Issues with key generation Complex generation techniques at client so that key spoofing is difficult to do Simple verification at router so that router overhead remains small Keep changing the keys so that attackers don’t have time to predict the keys

14 05/11/2004 CISC 859 14 How does our solution work? Generation of keys is done at client Initial communication between client and core router takes place to understand the initial key Generation of legitimate packets takes place Verification of packets done at core routers Router drops or accepts packets based on the key value

15 05/11/2004 CISC 859 15 Other Issues We use a sliding window to take care of packet loss or reordering. As we use dynamic pass and not a stale pass replay attacks are also avoided. Our solution can be used with any Transport or Application protocol as we just change IP ID field.

16 Implementation Details by Maitreya Natu

17 05/11/2004 CISC 859 17

18 05/11/2004 CISC 859 18 f1f1 f 100 f 101 Client uses SHA to generate a queue of 101 keys

19 05/11/2004 CISC 859 19 f1f1 f 100 f 101 Client sends the 101 st key to the router for before sending the data packets

20 05/11/2004 CISC 859 20 10.1.4.2f 101 f1f1 f 100 0 0 0 0 0 0 0 0 Router receives the key and stores it in a client table Router maintains a window to keep track of arriving packets

21 05/11/2004 CISC 859 21 10.1.4.2f 101 f1f1 f 99 f 100 0 0 0 0 0 0 0 0 Client inserts a new key (here f 100 ) in the IP ID field of each outgoing packet We use the dos code to insert the key in ID field

22 05/11/2004 CISC 859 22 10.1.4.2f 101 f1f1 f 99 f 100 0 0 0 0 0 0 0 0

23 05/11/2004 CISC 859 23 10.1.4.2f 101 f1f1 f 99 f 100 0 0 0 0 0 0 0 0

24 05/11/2004 CISC 859 24 10.1.4.2f 101 f1f1 f 99 f 100 f (f 100 ) = f 101 0 0 0 0 0 0 0 0 Router captures each packet and extracts the key from the IP ID field We use capture code to capture incoming packets It identifies the source IP address and accepts packets only with valid IP addresses For each packet with a valid IP address, applies SHA on the ID key to detect if the key is in the window range f 101 f94f94

25 05/11/2004 CISC 859 25 10.1.4.2f 101 f1f1 f 99 f 100 f (f 100 ) = f 101 1 0 0 0 0 0 0 0 Router sets the corresponding bit in the window and forwards the packet

26 05/11/2004 CISC 859 26 10.1.4.2f 100 f1f1 f 99 f 100 1 0 0 0 0 0 0 0 Router sets the corresponding bit in the window and forwards the packet

27 05/11/2004 CISC 859 27 10.1.4.2f 101 f1f1 f 98 f 99 1 1 0 0 0 0 0 0

28 05/11/2004 CISC 859 28 10.1.4.2f 101 f1f1 f 97 f 98 1 1 1 0 0 0 0 0

29 05/11/2004 CISC 859 29 10.1.4.2f 101 f1f1 f 96 f 97 1 1 1 1 0 0 0 0

30 05/11/2004 CISC 859 30 10.1.4.2f 97 f1f1 f 96 1 1 1 1 0 0 0 0 f 97 When the first four bits of the window are set, the window is advanced by 4 bits by setting the client key to the 4 th key (here f 97 ) received

31 05/11/2004 CISC 859 31 10.1.4.2f 97 f1f1 f 95 f 96 0 0 0 0 0 0 0 0 The window is advanced by 4 bits by left shifting by 4 bits to process further packets

32 05/11/2004 CISC 859 32 10.1.4.2f 101 f1f1 f 92 1 1 0 1 0 1 1 0

33 05/11/2004 CISC 859 33 10.1.4.2f 101 f1f1 f 92 f 93 1 1 0 1 0 1 1 0

34 05/11/2004 CISC 859 34 10.1.4.2f 93 f1f1 f 92 1 1 0 1 0 1 1 1 f 93 If the first 4 bits are not set due to packet loss, then the window is shifted when the 8 th packet is received, changing the client key to the 8 th key (here f 93 ) received

35 05/11/2004 CISC 859 35 10.1.4.2f 93 f1f1 f 91 f 92 0 0 0 0 0 0 0 0 The window is advanced by 8 bits by left shifting by 8 bits to process further packets

36 Results By Namratha Hundigopal

37 05/11/2004 CISC 859 37 Topology V LAN 5Mb 250 kb 1Mb

38 05/11/2004 CISC 859 38Results Client  20 pkts/sec for 10 sec Attacker  5 – 130 pkts/sec for 15 sec

39 05/11/2004 CISC 859 39 Client  20 pkts/sec for 10 sec Attacker  5 – 70 pkts/sec for 15 sec

40 05/11/2004 CISC 859 40

41 05/11/2004 CISC 859 41

42 05/11/2004 CISC 859 42 Future Work Implementation of initial handshake between legitimate clients and router Extension of the scheme to achieve a secure end to end path Testing with smart attacks Testing with real time applications

43 05/11/2004 CISC 859 43 Conclusion Proposed a stamping technique to identify legitimate packets Implemented the algorithm on emulab testbed It effectively prevents legitimate packets from loss for all flooding rates we considered with negligible increase in end to end delay

44 05/11/2004 CISC 859 44 Question or Comments? Thank you

Download ppt "A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University."

Similar presentations

COMP 7320 Internet Security: Prevention of DDoS Attacks By Dack Phillips.

COMP 7320 Internet Security: Prevention of DDoS Attacks By Dack Phillips.
Security Issues In Mobile IP

Security Issues In Mobile IP
Data-Plane Accountability with In-Band Path Diagnosis Murtaza Motiwala, Nick Feamster Georgia Tech Andy Bavier Princeton University.

Data-Plane Accountability with In-Band Path Diagnosis Murtaza Motiwala, Nick Feamster Georgia Tech Andy Bavier Princeton University.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
Review: Routing algorithms Distance Vector algorithm. –What information is maintained in each router? –How to distribute the global network information?

Review: Routing algorithms Distance Vector algorithm. –What information is maintained in each router? –How to distribute the global network information?
IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.

IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.
Traffic Shaping Why traffic shaping? Isochronous shaping

Traffic Shaping Why traffic shaping? Isochronous shaping
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.

Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
© 2003 By Default! A Free sample background from www.powerpointbackgrounds.com Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,
IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.

IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.
July 2008IETF 72 - NSIS1 Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-01 Se Gi Hong & Henning Schulzrinne.

July 2008IETF 72 - NSIS1 Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-01 Se Gi Hong & Henning Schulzrinne.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
1 TVA: A DoS-limiting Network Architecture Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas Anderson (Univ. of Washington)

1 TVA: A DoS-limiting Network Architecture Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas Anderson (Univ. of Washington)
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Similar presentations

Ads by Google