The Shared Channel Model for DoS Carl A. Gunter With Sanjeev Khanna, Kaijun Tan, and Santosh Venkatesh.

Slides:

Advertisements

Similar presentations

Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.

Advertisements

Chris Karlof and David Wagner

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 4.2 BiBa.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

1 Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories Gul Agha Michael Greenwald Carl Gunter Sanjeev Khanna Jose Meseguer Koushik.

ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.

Containing DoS Attacks in Broadcast Authentication in Sensor Networks (Ronghua Wang, Wenliang Du, Peng Ning) Containing DoS Attacks in Broadcast Authentication.

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.

Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Version 3.0 Module 6 Ethernet Fundamentals. 2 Version 3.0 Why is Ethernet so Successful? In 1973, it could carry data at 3 Mbps Now, it can carry data.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Formal Models of Availability Carl A. Gunter University of Pennsylvania (Soon to be the University of Illinois)

Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Distributed Video Streaming Over Internet Thinh PQ Nguyen and Avideh Zakhor Berkeley, CA, USA Presented By Sam.

MAC Protocols Media Access Control (who gets the use the channel) zContention-based yALOHA and Slotted ALOHA. yCSMA. yCSMA/CD. TDM and FDM are inefficient.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

Timed Efficient Stream Loss-Tolerant Authentication. (RFC 4082) Habib Moukalled 1/29/08.

Research Overview Carl A. Gunter University of Pennsylvania.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.

EE 4272Spring, 2003 Protocols & Architecture A Protocol Architecture is the layered structure of hardware & software that supports the exchange of data.

EEC-484/584 Computer Networks Lecture 13 Wenbing Zhao

1 Timed Efficient Stream Loss-tolerant Authentication.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures ProtocolRelevant Attacks TinyOS beaconingBogus routing information, selective forwarding,

Error Checking continued. Network Layers in Action Each layer in the OSI Model will add header information that pertains to that specific protocol. On.

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.

Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.

Lecture 16 Random Access protocols r A node transmits at random at full channel data rate R. r If two or more nodes “collide”, they retransmit at random.

Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.

Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.

Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.

Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.

Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson

Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

Mitigating DoS Attack Through Selective Bin Verification Micah Sherr a, Michael Greenwald b, Carl A. Gunter c, Sanjeev Khanna a, and Santosh S. Venkatesh.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)

SIA: Secure Information Aggregation in Sensor Networks B. Przydatek, D. Song, and A. Perrig. In Proc. of ACM SenSys 2003 Natalia Stakhanova cs610.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign.

1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,

Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.

Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)

New Client Puzzle Outsourcing Techniques for DoS Resistance Brent Waters, Stanford University Ari Juels, RSA Laboratories Alex Halderman, Princeton University.

Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Protocols and Architecture Slide 1 Use of Standard Protocols.

a/b/g Networks Routing Herbert Rubens Slides taken from UIUC Wireless Networking Group.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam Modified by Sarjana Singh.

Security for Broadcast Network

End-to-End Principle Brad Karp UCL Computer Science CS 6007/GC15/GA07 25 th February, 2009.

1 ECE 526 – Network Processing Systems Design System Implementation Principles I Varghese Chapter 3.

1 Validation of Security Protocols Joint work with Gul Agha, Michael Greenwald, Carl Gunter, Sanjeev Khanna, Darko Marinov, Jose Meseguer, Prasanna Thati,

Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.

1 Protocols and Protocol Layering. 2 Protocol Agreement about communication Specifies –Format of messages –Meaning of messages –Rules for exchange –Procedures.

Stein-64 Slide 1 PW security requirements PWE3 – 64 th IETF 10 November 2005 Yaakov (J) Stein.

Using Rhythmic Nonces for Puzzle-Based DoS Resistance Ellick M. Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin, and Daniel Rebolledo University of.

The Importance of Being Opportunistic Sachin Katti Dina Katabi, Wenjun Hu, Hariharan Rahul, and Muriel Medard.

Packet Leashes: Defense Against Wormhole Attacks

Data Integrity: Applications of Cryptographic Hash Functions

Gul Agha Michael Greenwald Carl Gunter Sanjeev Khanna

Gul Agha Michael Greenwald Carl Gunter Sanjeev Khanna

VDL Mode 4 Performance Simulator (DLS enhancements) presented by EUROCONTROL Montreal, 26 October 2004.

VDL Mode 4 Performance Simulator (DLS enhancements) presented by EUROCONTROL Montreal, 26 October 2004.

Discussion on TESLA Based Frame Authentication

Presentation transcript:

The Shared Channel Model for DoS Carl A. Gunter With Sanjeev Khanna, Kaijun Tan, and Santosh Venkatesh

Challenge of Broadcast Authentication Inefficient to use public key signatures for each packet. Insecure to use a common distributed key. Inefficient, impractical, or impossible to use unicast tunnels. Many proposals have been made to address these problems. Delayed key release. Amortize costs of public key checks over multiple packets.

Challenge of DoS Attacks in broadcast case are more likely to be informed attacks in which sequence numbers and other aspects of protocol state are known. TCP is very vulnerable to informed attacks. Authentication based on Public Key Checks (PKCs) are vulnerable to signature flooding. FEC attacks lead to higher overheads.

Security Models for DoS Common form of analysis: show that the victim can defend against an attack that occupies his whole channel. Effective, but too conservative. Dolev-Yao: assume that the adversary controls the channel and can use packets of the legitimate sender. Also effective, but even more conservative. Attacks based on limited modifications. Not a common case. Wanted: a more realistic model of attack and countermeasures to exploit it.

Shared Channel Model Adversary can replay and insert packets. Legitimate sender sends packets with a maximum and minimum bandwidth. Legitimate sender experiences random loss, but not deliberate loss. Model is a four-tuple (W 0, W 1, A, p). W 0, W 1 min and max sender b/w A attacker max b/w p loss rate of sender

Shared Channel Model Example

Signature Flooding Attack factor R=A/W 1. Proportionate attack R=1. Disproportionate attack R>1. Stock PC can handle about 8000 PKC/sec. 10Mbps link sends about 900 pkt/sec, 100Mbps link sends about 9000 pkt/sec (assuming large packets). Processor is overwhelmed by too many signature checks. Adversary can devote full b/w to bad signatures at no cost. Budget: no more that 5% of processor on PKCs.

Broadcast Authentication Streams Data Stream Hash/Parity Stream Signature Stream

Selective Verification The signature stream is vulnerable to signature flooding: in a proportionate attack the adversary can devote his entire channel to fake signature packets. Countermeasure: Valid sender sends multiple copies of the signature packet. Receiver checks incoming signatures probabilistically.

BAS Sender Protocol 1. As data packets are produced, collect their hashes into hash packets. Send as soon as ready. 2. When enough data packets have been processed to make a TG, create parity packets and signature for the TG. 3. Interleave these with each other and with the data and hash packets of the next TG.

Interleaving of Transmission Groups

BAS Receiver Protocol 1. Acquisition phase: look for a valid signature until one is found. 2. When a signature packet is found, search a collection of packets before and after it to find candidate hash and parity packets. 3. Check hashes of these against the signature packet, and then use the parity packets to reproduce missing hash packets. 4. Continue searching for the next valid signature by checking each signature packet with specified probability .

Sample Numbers 10Mbps with 20% loss and 2 second latency 1584 data packets 11 hash packets, 11 parity packets 20 signature packets,  = Mbps with 40% loss and 1 second latency 8208 data packets 57 hash packets, 66 parity packets 200 signature packets,  =.025

Selective Verification is Very Efficient PKC/TG Sec/TG

Selective Verification is Very Effective PKC/TG Auth Loss

Implementation

Throughputs with Independent Loss and No Attack

Throughputs with Correlated Loss

Authentication Loss

Throughputs Under Severe Attacks 8% sig o/h3% sig o/h8% sig o/h Little effect!

Hash/Parity Overheads

Lessons and Extensions Other models (e.g. Dolev-Yao) are too conservative: they show DoS threat where effective countermeasures can be found. Selective verification can be done in many ways. Sequential: check each packet successively with given probability. Bin: classify signatures into “bins”, check bins with the fewest elements. Learn more: