Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Cost-Based Framework for Analysis of Denial of Service in Networks Author: Catherine Meadows Presenter: Ajay Mahimkar.

Published byJustin Thompson Modified over 8 years ago

Similar presentations

Presentation on theme: "A Cost-Based Framework for Analysis of Denial of Service in Networks Author: Catherine Meadows Presenter: Ajay Mahimkar."— Presentation transcript:

1 A Cost-Based Framework for Analysis of Denial of Service in Networks Author: Catherine Meadows Presenter: Ajay Mahimkar

2 What is a DoS Attack ? Malicious attempt by a group of people to cripple an online service Flood the victim (server) with packets Overload packet processing capacity Overload packet processing capacity Saturate network bandwidth Saturate network bandwidth Two Types of DoS Attacks Resource Exhaustion Attacks Resource Exhaustion Attacks Bandwidth Consumption Attacks Bandwidth Consumption Attacks

3 Attack Architecture – Direct Attacks Attacker Zombie 1 Victim Zombie 2 Zombie 3 Direct traffic towards victim Src: random Dst: victim “zombies” send streams of spoofed traffic to victim

4 Example – SYN Flooding Establishment of TCP connection using three-way handshake Attacker makes connection requests aimed at the victim server with packets from spoofed source addresses TCP Client Malicious TCP Client TCP Server Victim TCP Server SYN SYN / ACK ACK SYN SYN / ACK 80 2 3 1 2 ? Service Ports ( 1 – 1023) Client Ports SYN Packet with spoofed IP address 1

5 Attacker v/s. Defender Goal of the attacker Make the defender waste its resources by interacting with the attacker Make the defender waste its resources by interacting with the attacker Prevent the defender from learning its identity Prevent the defender from learning its identity Defense against DoS Attacks Reduce the cost to the defender of engaging in the protocol Reduce the cost to the defender of engaging in the protocol Introduce some sort of authentication Introduce some sort of authentication Formal methods are a good way to analyze DoS

6 Contribution of the paper Framework to evaluate a protocol for resistance to DoS attacks Cost-based Model for the list of actions taken by the attacker and the defender Compare the cost to the attacker with the cost to the defender

7 Framework Assign costs of engaging in individual actions Compare costs of defender and attacker Incorporate Gong-Syverson’s fail-stop model A protocol is fail-stop if it halts upon detection of any bogus message (replay or message from intruder) A protocol is fail-stop if it halts upon detection of any bogus message (replay or message from intruder) Requires strong authentication making itself vulnerable to DoS attacks Requires strong authentication making itself vulnerable to DoS attacks

8 Framework Modified Fail-stop Protocol Extension to any action taken by a principal, not just the acceptance of a message Extension to any action taken by a principal, not just the acceptance of a message Define a function F from actions to costs Define a function F from actions to costs Protocol is fail-stop with respect to F, if a principal cannot be tricked into engaging in a protocol up to and including action A, unless attacker expends an effort of more than F(A) Protocol is insecure against DoS attacks, if F(A) is trivial for the attacker as compared to that of the defender

9 Station to Station Protocol Uses Diffie-Hellman protocol along with digital signatures for key exchange and key authentication between two principals A B : g X A B A : g X B, E K (S B (g X B, g X A )) A B : E K (S A (g X A, g X B )) g – generator of the group X A – A’s secret X B – B’s secret K – shared secret between A & B g X B. X A K = g X B. X A

10 Alice-and-Bob Specifications It is a sequence of statements of the form A B : T 1, T 2, …, T k || M || O 1, O 2, …, O n A B : T 1, T 2, …, T k || M || O 1, O 2, …, O n T i – operations performed by A, and T i – operations performed by A, and O j – operations performed by B O j – operations performed by B Three Types of Events Normal Events (send and receive) Normal Events (send and receive) Verification Events (occur only at receiver) Verification Events (occur only at receiver) Accept Event (O n ) Accept Event (O n ) Desirably precedes relation

11 Protocol Specification 1.A B : preexp 1, storename 1 || g X A || storenonce 1, storename 2, accept 1 2.B A : preexp 1, sign 1, exp 1, encrypt 1 || g X B, E K (S B (g X B, g X A )) || checkname 1, retrievenonce 1, exp 2, decrypt 1, checksig 1, accept 2 3.A B : sign 2, encrypt 2 || E K (S A (g X A, g X B )) || checkname 2, retrievenonce 2, decrypt 2, checksig 2, accept 4

12 Cost Functions Cost Set expensive > medium > cheap > 0 expensive > medium > cheap > 0 Cost Function Function from set of events by an annotated Alice- and-Bob Specification P to a cost set C Function from set of events by an annotated Alice- and-Bob Specification P to a cost set C Attacker Cost Functions Attacker cost set augments very expensive and maximal Attacker cost set augments very expensive and maximal

13 Definition Let C – Defender cost set C – Defender cost set G – Attacker cost set G – Attacker cost set δ – Event cost function defined on the annotated Alice-and-Bob protocol (P) and the cost set (C) δ – Event cost function defined on the annotated Alice-and-Bob protocol (P) and the cost set (C) δ’ (V j ) – Message processing cost function associated with δ on verification events δ’ (V j ) – Message processing cost function associated with δ on verification events Cost of processing a message upto and including a failed verification event δ’ (V j ) = δ (V 1 ) + δ (V 2 ) + …. + δ (V j ) Δ (V n ) – Protocol engagement cost function associated with δ on accept events Δ (V n ) – Protocol engagement cost function associated with δ on accept events Cost of processing the last message + cost of composing any message sent as the result of that last message Expensive for all accept events in the Station-to-Station protocol θ – Attack cost function θ – Attack cost function

14 Definition Alice-and-Bob specification of a cryptographic protocol is fail-stop if Whenever a message is interfered with, then no accept event desirably-after the receiving of that message will occur Whenever a message is interfered with, then no accept event desirably-after the receiving of that message will occur Tolerance Relation Defined as the subset of C x G consisting of all pairs (c,g), such that attacker cannot force defender to expend resources of cost c or greater without expending resources of cost g or greater Defined as the subset of C x G consisting of all pairs (c,g), such that attacker cannot force defender to expend resources of cost c or greater without expending resources of cost g or greater (c’, g’) is within the tolerance relation if there is a (c, g) in the relation such that c’ = g (c’, g’) is within the tolerance relation if there is a (c, g) in the relation such that c’ = g

15 Evaluating Protocol Security Steps Decide Decide Intruder Capabilities Intruder Cost Function Decide Decide Tolerance Relation Determine the minimal attack cost functions with respect to which the protocol is fail-stop Determine the minimal attack cost functions with respect to which the protocol is fail-stop For each attack cost function θ determine: For each attack cost function θ determine: If event E 1 is an event immediately preceding a verification event E 2, then (δ’ (E 2 ), θ (E 1 )) is within the tolerance relation If E is an accept event, then (Δ (E), θ (E)) is within the tolerance relation

16 Station-to-Station Protocol 1.A B : preexp 1, storename 1 || g X A || storenonce 1, storename 2, accept 1 2.B A : preexp 1, sign 1, exp 1, encrypt 1 || g X B, E K (S B (g X B, g X A )) || checkname 1, retrievenonce 1, exp 2, decrypt 1, checksig 1, accept 2 θ (checkname 1 ) – cheap (within tolerance relation) θ (checkname 1 ) – cheap (within tolerance relation) δ’ (checksig 1 ) – expensive, θ (decrypt 1 ) – expensive to very expensive (may or may not be within tolerance relation) δ’ (checksig 1 ) – expensive, θ (decrypt 1 ) – expensive to very expensive (may or may not be within tolerance relation) 3.A B : sign 2, encrypt 2 || E K (S A (g X A, g X B )) || checkname 2, retrievenonce 2, decrypt 2, checksig 2, accept 4 δ’ (checkname 2 ) – cheap (within tolerance relation) δ’ (checkname 2 ) – cheap (within tolerance relation) δ’ (checksig 2 ) – expensive, θ (decrypt 2 ) – atmost medium δ’ (checksig 2 ) – expensive, θ (decrypt 2 ) – atmost medium (not within tolerance relation)

17 Tools & Models Casper, Mur Φ, NRL Protocol Analyzer Incorporate degree of security provided by each message as it is processed Incorporate degree of security provided by each message as it is processed Keep a running tally of the cost involved, as an attack is constructed Keep a running tally of the cost involved, as an attack is constructed

18 Comments on the Paper A neat framework to evaluate protocol resistance to DoS attacks Framework could be viewed as a game model between a defender and multiple attackers However, this may or may not resolve bandwidth consumption attacks However, this may or may not resolve bandwidth consumption attacks

19 Questions ???

Download ppt "A Cost-Based Framework for Analysis of Denial of Service in Networks Author: Catherine Meadows Presenter: Ajay Mahimkar."

Similar presentations

Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.

Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.
Modelling and Analysing Security Protocol: Lecture 4 Attacks and Principles Tom Chothia CWI.

Modelling and Analysing Security Protocol: Lecture 4 Attacks and Principles Tom Chothia CWI.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
NS-H0503-02/11041 Attacks. NS-H0503-02/11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.

NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
CIS 193A – Lesson13 Attack and Defense. CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack.

CIS 193A – Lesson13 Attack and Defense. CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Distributed Denial-of-Services (DDoS) Ho Jeong AN CSE 525 – Adv. Networking Reading Group #8.

Distributed Denial-of-Services (DDoS) Ho Jeong AN CSE 525 – Adv. Networking Reading Group #8.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Similar presentations

Ads by Google