1 SOS: Secure Overlay Services Angelos Keromytis, Dept. of Computer Science Vishal Misra, Dept. of Computer Science Dan Rubenstein, Dept. of Electrical.

Slides:



Advertisements
Similar presentations
Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.
Advertisements

Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.
ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 13 – 4/5/05 1 D-WARD 1  Goal: detect attacks, reduce the attack traffic, recognize.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
A Survey of Secure Wireless Ad Hoc Routing
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Distributed Algorithms for Secure Multipath Routing
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Internet Indirection Infrastructure Ion Stoica UC Berkeley.
Implementation of a Tapestry Node: The main components: The core router, utilizes the routing and object reference tables to handle messages, The node.
CS 672 Paper Presentation Presented By Saif Iqbal “CarNet: A Scalable Ad Hoc Wireless Network System” Robert Morris, John Jannotti, Frans Kaashoek, Jinyang.
Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec
Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.
Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.
Using Overlays to Improve Security Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University SPIE ITCom Conference on Scalability and.
Topics in Reliable Distributed Systems Fall Dr. Idit Keidar.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #5 Mobile Ad-Hoc Networks TBRPF.
Spring Routing & Switching Umar Kalim Dept. of Communication Systems Engineering 06/04/2007.
Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Survey of Distributed Denial of Service Attacks and Popular Countermeasures Andrew Knotts, Kent State University Referenced from: Charalampos Patrikakis,Michalis.
Multicast Security CS239 Advanced Network Security April 16 th, 2003 Yuken Goto.
3/30/2005 Auburn University Information Assurance Lab 1 Simulating Secure Overlay Services.
CS401 presentation1 Effective Replica Allocation in Ad Hoc Networks for Improving Data Accessibility Takahiro Hara Presented by Mingsheng Peng (Proc. IEEE.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.
Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
1. SOS: Secure Overlay Service (+Mayday) A. D. Keromytis, V. Misra, D. Runbenstein Columbia University Presented by Yingfei Dong.
Lecture 3a Mobile IP 1. Outline How to support Internet mobility? – by Mobile IP. Our discussion will be based on IPv4 (the current version). 2.
1 Internet Protocol: Forwarding IP Datagrams Chapter 7.
HERO: Online Real-time Vehicle Tracking in Shanghai Xuejia Lu 11/17/2008.
Distributed Denial of Service CRyptography Applications Bistro Presented by Lingxuan Hu April 15, 2004.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.
SANE: A Protection Architecture for Enterprise Networks
Professor OKAMURA Laboratory. Othman Othman M.M. 1.
SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.
Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005 Toward Resilient Security in Wireless Sensor Networks.
Peer-to-Peer Name Service (P2PNS) Ingmar Baumgart Institute of Telematics, Universität Karlsruhe IETF 70, Vancouver.
1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies
A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.
A Novel Multicast Routing Protocol for Mobile Ad Hoc Networks Zeyad M. Alfawaer, GuiWei Hua, and Noraziah Ahmed American Journal of Applied Sciences 4:
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
An IP Address Based Caching Scheme for Peer-to-Peer Networks Ronaldo Alves Ferreira Joint work with Ananth Grama and Suresh Jagannathan Department of Computer.
SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail.
SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Tracy Wagner CDA 6938.
1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.
DHT-based unicast for mobile ad hoc networks Thomas Zahn, Jochen Schiller Institute of Computer Science Freie Universitat Berlin 報告 : 羅世豪.
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Hiral Chhaya CDA 6133.
Peer to Peer Network Design Discovery and Routing algorithms
Towards a Scalable and Robust DHT Baruch Awerbuch Johns Hopkins University Christian Scheideler Technical University of Munich.
INTERNET TECHNOLOGIES Week 10 Peer to Peer Paradigm 1.
SOS: An Architecture For Mitigating DDoS Attacks Authors: Angelos D. Keromytis, Vishal Misra, Dan Rubenstein. Published: ACM SIGCOMM 2002 Presenter: Jerome.
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
K. Salah1 Security Protocols in the Internet IPSec.
Incrementally Improving Lookup Latency in Distributed Hash Table Systems Hui Zhang 1, Ashish Goel 2, Ramesh Govindan 1 1 University of Southern California.
Defending Against DDoS
Defending Against DDoS
Effective Replica Allocation
Outline The spoofing problem Approaches to handle spoofing
Lecture 4a Mobile IP 1.
Presentation transcript:

1 SOS: Secure Overlay Services Angelos Keromytis, Dept. of Computer Science Vishal Misra, Dept. of Computer Science Dan Rubenstein, Dept. of Electrical Engineering

2 SOS is a very small contribution to… r Columbia’s Networking Component of The Center for Resilient Networks in NYC [Columbia, Polytechnic U., CCNY] r Columbia Networking Faculty: m Andrew Campbell m Ed Coffman m Predrag Jelenkovic m Angelos Keromytis m Aurel Lazar m Nick Maxemchuk m Vishal Misra m Dan Rubenstein m Henning Schulzrinne r and our students…

3 DoS Attacks 1. Select Target to attack 2. Break into accounts (around the network) 3. Have these accounts send packets toward the target 4. Optional: Attacker “spoofs” source address (origin of attacking packets) To perform a DoS Attack:

4 Goals of SOS r Allow moderate number of legitimate users to communicate with a target destination, where m DoS attackers will attempt to stop communication to the target m target difficult to replicate (e.g., info highly dynamic) m legitimate users may be mobile (source IP address may change) r Example scenarios m FBI/Police/Fire personnel in the field communicating with their agency’s database m Bank users’ access to their banking records m On-line customer completing a transaction

5 Related Work Detect/Prevent Spoofing Identify/Shut down ongoing attacks Proactively Prevent attacks Requires Global Router participation IP traceback Pattern match & filter (ASTA, MAZU) IP pushback Localized Filtering + end-system participation SOS Route-based packet filtering IPsec More secure Less Deployment Overhead

6 SOS: The Players r Target: the node/end-system/server to be protected from DOS attacks r Legitimate (Good) User: node/end- system/user that is authenticated (in advance) to communicate with the target r Attacker (Bad User): node/end- system/user that wishes to prevent legitimate users’ access to targets

7 SOS: The Basic Idea r DoS Attacks are effective because of their many-to-one nature: many attack one r SOS Idea: Send traffic across an overlay: a virtual network whose “links” are routing paths in the underlying physical network m Force attackers to attack many overlay points to mount successful attack m Allow network to adapt quickly: the “many” that must be attacked can be changed

8 Goal r Allow pre-approved legitimate users to communicate with a target r Prevent illegitimate attackers’ packets from reaching the target r Want a solution that m is easy to distribute: doesn’t require mods in all network routers m does not require high complexity (e.g., crypto) ops at/near the target Assumption: Attacker cannot deny service to core network routers and can only simultaneously attack a bounded number of distributed end-systems

9 SOS: Step 1 - Filtering r Routers “near” the target apply simple packet filter based on IP address m legitimate users’ IP addresses allowed through m illegitimate users’ IP addresses aren’t r Problems: What if m good and bad users have same IP address? m bad users know good user’s IP address and spoofs? m good IP address changes frequently (mobility)? (frequent filter updates)

10 SOS: Step 2 - Proxies w.x.y.z r S tep 2: Install Proxies outside the filter whose IP addresses are permitted through the filter m proxy only lets verified packets from legitimate sources through the filter Not done yet…

11 Problems with a known Proxy Proxies introduce other problems r Attacker can breach filter by attacking with spoofed proxy address r Attacker can DoS attack the proxy, again preventing legitimate user communication w.x.y.z I’m w.x.y.z

12 SOS: Step 3 - Secret Servlets r Step 3: Keep the identity of the proxy “hidden” m hidden proxy called a Secret Servlet m only target, the secret servlet itself, and a few other points in the network know the secret servlet’s identity (IP address)

13 SOS: Steps 4&5 - Overlays r Step 4: Send traffic to the secret servlet via a network overlay m nodes in virtual network are often end-systems m verification/authentication of “legitimacy” of traffic can be performed at each overlay end-system hop (if/when desired) r Step 5: Advertise a set of nodes that can be used by the legitimate user to access the overlay m these access nodes participate within the overlay m are called Secure Overlay Access Points (SOAPs) User  SOAP  across overlay  Secret Servlet  (through filter)  target

14 SOS with “Random” routing r With filters, multiple SOAPs, and hidden secret servlets, attacker cannot “focus” attack SOAP ? secret servlet

15 Better than “Random” Routing r Must get from SOAP to Secret Servlet in a “hard-to-predict manner”: But random routing routes are long (O(n)) r Routes should not “break” as nodes join and leave the overlay (i.e., nodes may leave if attacked) r Current proposed version uses DHT routing (e.g., Chord, CAN, PASTRY, Tapestry). We consider Chord: m A distributed protocol, nodes are used in homogeneous fashion m Chord utilizes consistent hashing [Karger’97] to map an identifier, I, (e.g., filename) to a unique node h(I) = B in the overlay m Implements a route from any node to B containing O(log N) overlay hops, where N = # overlay nodes h(I) to h(I)

16 Step 5A: SOS with Chord r Utilizes a Beacon to go from overlay to secret servlet r Using target IP address A, Chord will deliver packet to a Beacon, B, where h(A) = B r Secret Servlet chosen by target (arbitrarily) r Servlet informs Beacon of its identity via Chord SOAP IP address A Beacon IP address B I’m a secret servlet for A To h(A) Be my secret servlet To h(A) r SOS protected data packet forwarding 1.Legitimate user forwards packet to SOAP 2.SOAP forwards verified packet to Beacon (via Chord) 3.Beacon forwards verified packet to secret servlet 4.Secret Servlet forwards verified packet to target

17 Adding Redundancy in SOS r Each special role can be duplicated if desired m Any overlay node can be a SOAP m The target can select multiple secret servlets m Multiple Beacons can be deployed by using multiple hash functions r An attacker that successfully attacks a SOAP, secret servlet or beacon brings down only a subset of connections, and only while the overlay detects and adapts to the attacks

18 Why attacking SOS is difficult r Attack the target directly (without knowing secret servlet ID): filter protects the target r Attack secret servlets: m Well, they’re hidden… m Attacked servlets “shut down” and target selects new servlets r Attack beacons: beacons “shut down” (leave the overlay) and new nodes become beacons m attacker must continue to attack a “shut down” node or it will return to the overlay r Attack other overlay nodes: nodes shut down or leave the overlay, routing self-repairs SOAP beacon secret servlet Chord

19 Attack Success Analysis r N nodes in the overlay r For a given target m S = # of secret servlet nodes m B = # of beacon nodes m A = # of SOAPs r Static attack: Attacker chooses M of N nodes at random and focuses attack on these nodes, shutting them down r What is P static (N,M,S,B,A) = P(a ttack prevents communication with target) r P(n,b,c) = P(set of b nodes chosen at random (uniform w/o replacement) from n nodes contains a specific set of c nodes) r P(n,b,c) = = n-c b-c nbnb bcbc ncnc Node jobs are assigned independently (same node can perform multiple jobs)

20 Attack Success Analysis cont’d r P static (N,M,S,B,A) = 1 - (1 - P(N,M,S))(1 – P(N,M,B))(1 – P(N,M,A)) Almost all overlay nodes must be attacked to achieve a high likelihood of DoS

21 Dynamic Attacks r Ongoing attack/repair battle: m SOS detects & removes attacked nodes from overlay, repairs take time T R m Attacker shifts from removed node to active node, detection/shift takes time T A (freed node rejoins overlay) r Assuming T A and T R are exponentially distributed R.V.’s, can be modeled as a birth-death process … 0 1 μ1μ1 μ2μ2 1 2 M-1 M μ M-1 μMμM M-1 M M = Max # nodes simultaneously attacked π i = P(i attacked nodes currently in overlay) P dynamic =∑ 0 ≤i ≤M (π i P static (N-M+i,i,S,B,A)) Centralized attack: i = Distributed attack: i = (M-i) Centralized repair: μ i = μ Distributed repair: μ i = i μ

22 Dynamic Attack Results r 1000 overlay nodes, 10 SOAPs, 10 secret servlets, 10 beacons r If repair faster than attack, SOS is robust even against large attacks (especially in centralized case) centralized attack and repair distributed attack and repair

23 Conclusion r SOS protects a target from DoS attacks m lets legitimate (authenticated) users through r Approach m Filter around the target m Allow “hidden” proxies to pass through the filter m Use network overlays to allow legitimate users to reach the “hidden” proxies r Preliminary Analysis Results m An attacker without overlay “insider” knowledge must attack majority of overlay nodes to deny service to target

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.