The Case for Public Work Wu-chang Feng, Ed Kaiser Supported by:

Slides:

Advertisements

Similar presentations

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,

Advertisements

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

CSC 774 Advanced Network Security

Precept 6 Hashing & Partitioning 1 Peng Sun. Server Load Balancing Balance load across servers Normal techniques: Round-robin? 2.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Pseudo Trust: Zero-Knowledge Based Authentication in Anonymous Peer-to-Peer Protocols Li Lu, Lei Hu State Key Lab of Information Security, Graduate School.

Routing Security in Ad Hoc Networks

Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.

Efficient and Secure Source Authentication with Packet Passports Xin Liu (UC Irvine) Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas.

Towards Application Security On Untrusted OS

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.

Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.

Identity Management and DNS Services Tianyi XING.

1 Proceeding the Second Exercises on Computer and Systems Engineering Professor OKAMURA Laboratory. Othman Othman M.M.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Remotely authenticating against the Service Framework.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

1 Lecture 14: Real-Time Communication Security real-time communication – two parties interact in real time (as opposed to delayed communication like )

Papers covered ● K. Lakshminarayanan, D. Adkins, A. Perrig, I. Stoica, “Taming IP Packet Flooding Attacks”, HotNets-II. ● M. Handley, A. Greenhalgh, “Steps.

Othman Othman M.M., Koji Okamura Kyushu University 1.

October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Fall 2002CS 395: Computer Security1 Chapter 11: Message Authentication and Hash Functions.

Peer-to-Peer Name Service (P2PNS) Ingmar Baumgart Institute of Telematics, Universität Karlsruhe IETF 70, Vancouver.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

Othman Othman M.M., Koji Okamura Kyushu University 1.

Protecting Privacy in WLAN with DoS Resistance using Client Puzzle Team 7 Yanisa Akkarawichai Rohan Shah CSC 774 – Advanced Network Security Prof. Peng.

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

Portcullis: Protecting Connection Setup from Denial-of-Capability Attacks Paper by: Bryan Parno et al. (CMU) Presented by: Ionut Trestian Gergely Biczók.

How to use DNS during the evolution of ICN? Zhiwei Yan.

1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.

Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.

Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.

JELENA MIRKOVIC (USC) PETER REIHER (UCLA) Building Accountability into the Future Internet In Proc. IEEE NPSec, 2009 Speaker: Yun Liaw.

DNS Cache Poisoning. History 1993 – DNS protocol allowed attacker to inject false data which was then cached 1997 – BIND 16-bit transaction ids not randomized,

1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.

Computer Networking P2P. Why P2P? Scaling: system scales with number of clients, by definition Eliminate centralization: Eliminate single point.

New Client Puzzle Outsourcing Techniques for DoS Resistance Brent Waters, Stanford University Ari Juels, RSA Laboratories Alex Halderman, Princeton University.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Network Raymond Chang March 30, 2005 EECS 600 Advanced Network Research, Spring.

1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005.

Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.

1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.

Grades update. Homework #1 Count35 Minimum Value47.00 Maximum Value Average

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

Project Webpage: Funded by: mod _ kaPoW: Mitigating Denial-of-Service with Transparent Proof-of-Work Ed Kaiser & Wu-chang.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Outline The spoofing problem Approaches to handle spoofing

Presentation transcript:

The Case for Public Work Wu-chang Feng, Ed Kaiser Supported by:

Motivation Unwanted traffic is uncontrollable –Spam –Viruses –Worms –Port scans –Denial of service –Phishing

Approaches Indirection –Hide or dynamically relocate to prevent indefinite access Filtering –Drop unwanted traffic upstream to save network resources Capabilities –Provide fine-grained control over who is given service Proof-of-Work –Make adversaries commit as many resources as they request

Public work approach Combine salient features of each approach into single mechanism based on “public work functions” What is a public work function? –A cryptographic puzzle issued by service whose answer can be verified by anyone in the network –Specifically, anyone can verify Correctness Freshness (work performed recently) Amount of work (difficulty)

Basic operation Service advertises public work function with its location or resource Clients solve function and attach a valid answer on subsequent service requests Verifiers within network check for a valid answer before forwarding request

Basic operation

Revisiting approaches Indirection –Dynamically change reachable locations by changing public work function Filtering –Destination-controlled filtering at the client’s network edge based on function difficulty Capabilities –Fine-grained control over access using source-specific public work function Proof-of-work –Public work function is a puzzle of a given difficulty

Public work functions Goals –Fast issuing –Fast verification –Flexible binding –Limited pre-computation and replay

A novel public work function Server advertises nonce and difficulty N c,D c Client must find A for flow F that satisfies above equation –Desired output must land in ‘Bucket 0’ –Relies on pre-image resistance of SHA1 –Assumes SHA1 has uniformly distributed output Targeted Hash Reversal 0123DcDc …… SHA1(A,F,N c )  0 mod D c

Public work functions Goals revisited –Fast issuing Random number generation N c and table lookup for D c –Fast verification Single SHA1 hash (~ 1  s on commodity PC) –Flexible binding F can be any property of request (IP addresses, ports, URIs) –Limited pre-computation and replay Server updates N c to invalidate previous answers

The End Unwanted traffic meets its match The Internet is saved All is good in the world again

Well, not really…

The good Problems made easier

Floods against issuer Public work function needs to be given once per client –N c easy to generate –D c easy to lookup Floods against issuer easily identified and dropped

Floods against verifier and network Verification is efficient –Look up public work function –Perform a single SHA1 hash on A,F,N c Verification done near adversary –Unwanted traffic identified and dropped at source edge –Adversary cannot flood links to the issuer and verifier Adversary forced to expend arbitrary resources to attack system

The bad Problems that still need work

Granularity What should public work functions be attached to? –F is unspecified –Attach to keys or files in DHTs and P2P networks? –Attach to DNS names? –Attach to HTTP URIs? –Attach to TCP/UDP 5-tuples? –Attach to IP source/destination addresses?

Delivery Mutual assured delivery of work functions –Spoofing work functions and requests for work functions –Client must know that the public work function is authentic –Server must know that the public work function has been delivered to the right client Approaches for addressing delivery problems –Strong: public-key certificates SSL/X.509 certificates for TLS and DNSsec –Weak: three-way handshakes TCP seq. #s DNS request IDs

Difficulty Uniform difficulties are bound to fail –Adversaries can co-opt much more resources than individuals (i.e. Botnets with > 100k machines) Must give difficult functions to malicious users –Must have an accounting mechanism to track usage history (counting Bloom filters) –Must have a difficulty generation algorithm that can turn back targeted attacks

Spoofing Attributing activity to others –Spoofing requests with valid work from victim to increase its difficulty –Spoofing work function requests to disable a victim issuer –Spoofing requests from a targeted victim client to a large number of issuers (reflector) Must be reduced to make public work systems “work”

The ugly Problems that are added

The ugly Problems that are added Time check?

Replay Preventing pre-computation and replay attacks –Adversary continuously re-uses a previously solved public work function –Adversary solves a bunch of work functions in advance and bombs service at selected time Must “freshen” public work function N c,D c –Pre-computation limited to time since last update –Replay limited to time until next update

Asymmetry Verifier must be along the path to and from service –Must observe, validate, and store public work function –Must verify subsequent answers attached to requests –Requires path symmetry that does not exist generally Addressing asymmetry –Secure sharing of public work for multi-homed client ASs –Verifiers at first-hop routers or on the client itself A clean-slate proposal for using trusted hardware in networks

Statefulness Requires per-flow state to be kept at the verifier –Depends on F –Public work functions must be stored at the verifier for validating subsequent answers –Scalable only when verifiers are at the edges of the network At client edge, per-flow state scales At server edge, issuer can use keyed hashes to generate and validate N c from a single secret N i that is shared with server-side verifiers –e.g. N c =HMAC N I (IP c, D c )

Status Implementations –DNS system Via modifications to bind and iptables Uses iterative DNS queries to deliver work function –HTTP system Via new apache module and a client-side javascript solver –TCP system Via modifications to iptables Simulator

Conclusion Public work functions –Combine key aspects of indirection, filtering, capabilities, and proof-of-work –Single per-client work function prevents floods against the issuer –Public traffic validation prevents floods against the verifier –Lots of problems to be solved still!

Questions?

Extra slides

DNS system

Public work management Query bloom filter Q C (T) –Keeps track of DNS requests per client Resource bloom filter R C (T) –Keeps track of current resource consumption per client –Only update for requests with valid work Averaging bloom filter M C (T) –Weighted smoothed average of resource bloom filter Generated difficulty D C (T) –Derived as g(M C (T))

Workload vs. Difficulty