Prof. Mort AnvariStrayer University at Arlington, VAAugust 2004 1 Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.

Slides:



Advertisements
Similar presentations
A Survey of Key Management for Secure Group Communications Celia Li.
Advertisements

DISTRIBUTED SYSTEMS II FAULT-TOLERANT BROADCAST Prof Philippas Tsigas Distributed Computing and Systems Research Group.
Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
Congestion Control Reasons: - too many packets in the network and not enough buffer space S = rate at which packets are generated R = rate at which receivers.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Playback delay in p2p streaming systems with random packet forwarding Viktoria Fodor and Ilias Chatzidrossos Laboratory for Communication Networks School.
On Large-Scale Peer-to-Peer Streaming Systems with Network Coding Chen Feng, Baochun Li Dept. of Electrical and Computer Engineering University of Toronto.
Optimizing Buffer Management for Reliable Multicast Zhen Xiao AT&T Labs – Research Joint work with Ken Birman and Robbert van Renesse.
Gossip Algorithms and Implementing a Cluster/Grid Information service MsSys Course Amar Lior and Barak Amnon.
Reliable Group Communication Quanzeng You & Haoliang Wang.
Gossip Scheduling for Periodic Streams in Ad-hoc WSNs Ercan Ucan, Nathanael Thompson, Indranil Gupta Department of Computer Science University of Illinois.
LightFlood: An Optimal Flooding Scheme for File Search in Unstructured P2P Systems Song Jiang, Lei Guo, and Xiaodong Zhang College of William and Mary.
Forwarding Redundancy in Opportunistic Mobile Networks: Investigation and Elimination Wei Gao 1, Qinghua Li 2 and Guohong Cao 3 1 The University of Tennessee,
Faculty of Electrical Engineering, Technion Drum Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.
Unstructured overlays: construction, optimization, applications Anne-Marie Kermarrec Joint work with Laurent Massoulié and Ayalvadi Ganesh.
Distributed Algorithms for Secure Multipath Routing
Implementing dynamic membership in a secure multicast protocol Ilana Sarfati and Orna Dutech Winter 2005 Supervisor : Gal Badishi הטכניון – מכון טכנולוגי.
Dynamic Tuning of the IEEE Protocol to Achieve a Theoretical Throughput Limit Frederico Calì, Marco Conti, and Enrico Gregori IEEE/ACM TRANSACTIONS.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
Network Coding for Large Scale Content Distribution Christos Gkantsidis Georgia Institute of Technology Pablo Rodriguez Microsoft Research IEEE INFOCOM.
Faculty of Electrical Engineering, Technion FuDiCo II G. Badishi & I. Keidar Towards Survivability of Application-Level Multicast Gal Badishi, Idit Keidar,
Faculty of Electrical Engineering, Technion May 2004 Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.
Faculty of Electrical Engineering, Technion DSN 2004 Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.
Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 5: Synchronous Uniform.
Clock Synchronization Ken Birman. Why do clock synchronization?  Time-based computations on multiple machines Applications that measure elapsed time.
1 The Sybil Attack John R. Douceur Microsoft Research Presented for Cs294-4 by Benjamin Poon.
Distributed systems Module 2 -Distributed algorithms Teaching unit 1 – Basic techniques Ernesto Damiani University of Bozen Lesson 4 – Consensus and reliable.
CS218 – Final Project A “Small-Scale” Application- Level Multicast Tree Protocol Jason Lee, Lih Chen & Prabash Nanayakkara Tutor: Li Lao.
Component-Based Routing for Mobile Ad Hoc Networks Chunyue Liu, Tarek Saadawi & Myung Lee CUNY, City College.
Faculty of Electrical Engineering, Technion DSN 2004 Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.
Low-Rate TCP Denial of Service Defense Johnny Tsao Petros Efstathopoulos Tutor: Guang Yang UCLA 2003.
Correctness of Gossip-Based Membership under Message Loss Maxim Gurevich, Idit Keidar Technion.
Multicast Communication Multicast is the delivery of a message to a group of receivers simultaneously in a single transmission from the source – The source.
Medium Access Control Protocols Using Directional Antennas in Ad Hoc Networks CIS 888 Prof. Anish Arora The Ohio State University.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Efficient and Robust Query Processing in Dynamic Environments Using Random Walk Techniques Chen Avin Carlos Brito.
Communication (II) Chapter 4
Probabilistic Broadcast Presented by Keren Censor 1.
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
A Randomized Error Recovery Algorithm for Reliable Multicast Zhen Xiao Ken Birman AT&T Labs – Research Cornell University.
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
Tsunami: Maintaining High Bandwidth Under Dynamic Network Conditions Dejan Kostić, Ryan Braud, Charles Killian, Eric Vandekieft, James W. Anderson, Alex.
Parallel and Distributed Simulation Synchronizing Wallclock Time.
1 A Randomized Space-Time Transmission Scheme for Secret-Key Agreement Xiaohua (Edward) Li 1, Mo Chen 1 and E. Paul Ratazzi 2 1 Department of Electrical.
Mitigating DoS Attack Through Selective Bin Verification Micah Sherr a, Michael Greenwald b, Carl A. Gunter c, Sanjeev Khanna a, and Santosh S. Venkatesh.
ICOM 6115: Computer Systems Performance Measurement and Evaluation August 11, 2006.
Byzantine fault-tolerance COMP 413 Fall Overview Models –Synchronous vs. asynchronous systems –Byzantine failure model Secure storage with self-certifying.
Presentation slides prepared by Ramakrishnan.V LMS: A Router Assisted Scheme for Reliable Multicast Christos Papadopoulos, University of Southern California.
Energy-Efficient Monitoring of Extreme Values in Sensor Networks Loo, Kin Kong 10 May, 2007.
Thomas Dreibholz Institute for Experimental Mathematics University of Duisburg-Essen, Germany University of Duisburg-Essen, Institute.
2007/1/15http:// Lightweight Probabilistic Broadcast M2 Tatsuya Shirai M1 Dai Saito.
The Cost of Fault Tolerance in Multi-Party Communication Complexity Binbin Chen Advanced Digital Sciences Center Haifeng Yu National University of Singapore.
LightFlood: An Efficient Flooding Scheme for File Search in Unstructured P2P Systems Song Jiang, Lei Guo, and Xiaodong Zhang College of William and Mary.
Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits H. Wang, C. Guo, D. Simon, and A. Zugenmaier Microsoft Research.
DoS/DDoS attack and defense
2/14/2016  A. Orda, A. Segall, 1 Queueing Networks M nodes external arrival rate (Poisson) service rate in each node (exponential) upon service completion.
Networks, Part 2 March 7, Networks End to End Layer  Build upon unreliable Network Layer  As needed, compensate for latency, ordering, data.
Fault Tolerance (2). Topics r Reliable Group Communication.
Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally
1 Roie Melamed, Technion AT&T Labs Araneola: A Scalable Reliable Multicast System for Dynamic Wide Area Environments Roie Melamed, Idit Keidar Technion.
Pouya Ostovari and Jie Wu Computer & Information Sciences
Coding for Multipath TCP: Opportunities and Challenges Øyvind Ytrehus University of Bergen and Simula Res. Lab. NNUW-2, August 29, 2014.
Analysis and Comparison of TCP Reno and TCP Vegas Review
21-2 ICMP(Internet control message protocol)
Aggressiveness Protective Fair Queuing for Bursty Applications
Strayer University at Arlington, VA
TCP Congestion Control
Implementing Multicast
Presentation transcript:

Prof. Mort AnvariStrayer University at Arlington, VAAugust Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based Multicast

Prof. Mort AnvariStrayer University at Arlington, VAAugust AgendaAgenda Overview of gossip-based multicast Overview of gossip-based multicast The problem The problem Proposed solution Proposed solution Analysis and simulations Analysis and simulations Implementation and measurements Implementation and measurements Conclusions Conclusions Overview of gossip-based multicast Overview of gossip-based multicast The problem The problem Proposed solution Proposed solution Analysis and simulations Analysis and simulations Implementation and measurements Implementation and measurements Conclusions Conclusions

Prof. Mort AnvariStrayer University at Arlington, VAAugust MulticastMulticast A group of members A group of members At least one member is a source – generates messages At least one member is a source – generates messages Messages should arrive to all of the group members in a timely fashion Messages should arrive to all of the group members in a timely fashion Network level vs. application level (ALM) Network level vs. application level (ALM) A group of members A group of members At least one member is a source – generates messages At least one member is a source – generates messages Messages should arrive to all of the group members in a timely fashion Messages should arrive to all of the group members in a timely fashion Network level vs. application level (ALM) Network level vs. application level (ALM)

Prof. Mort AnvariStrayer University at Arlington, VAAugust Tree-Based Multicast Use a spanning tree – most common solution Use a spanning tree – most common solution No duplicates (optimal BW when network-level) No duplicates (optimal BW when network-level) Single points of failure Single points of failure Use a spanning tree – most common solution Use a spanning tree – most common solution No duplicates (optimal BW when network-level) No duplicates (optimal BW when network-level) Single points of failure Single points of failure Source

Prof. Mort AnvariStrayer University at Arlington, VAAugust Gossip-Based Multicast Progresses in rounds Progresses in rounds Every round Every round –Choose random partners (view ) –Send or receive messages –Discard old msgs from buffer Probabilistic reliability Probabilistic reliability Trades latency and BW for redundancy Trades latency and BW for redundancy Two methods Two methods –Push –Pull Progresses in rounds Progresses in rounds Every round Every round –Choose random partners (view ) –Send or receive messages –Discard old msgs from buffer Probabilistic reliability Probabilistic reliability Trades latency and BW for redundancy Trades latency and BW for redundancy Two methods Two methods –Push –Pull

Prof. Mort AnvariStrayer University at Arlington, VAAugust PushPush Source

Prof. Mort AnvariStrayer University at Arlington, VAAugust PullPull Source

Prof. Mort AnvariStrayer University at Arlington, VAAugust Hostility over the Internet Forgery/spoofing Forgery/spoofing Penetration Penetration Denial of Service (DoS) Denial of Service (DoS) Forgery/spoofing Forgery/spoofing Penetration Penetration Denial of Service (DoS) Denial of Service (DoS)

Prof. Mort AnvariStrayer University at Arlington, VAAugust Denial of Service Unavailability of service Unavailability of service Methods Methods –Exploiting bugs –Exhausting resources Remote attacks Remote attacks –Network level –Application level Got little attention Got little attention No quantitative analysis of impact on application No quantitative analysis of impact on application Unavailability of service Unavailability of service Methods Methods –Exploiting bugs –Exhausting resources Remote attacks Remote attacks –Network level –Application level Got little attention Got little attention No quantitative analysis of impact on application No quantitative analysis of impact on application

Prof. Mort AnvariStrayer University at Arlington, VAAugust Dollar Amount of Losses by Type

Prof. Mort AnvariStrayer University at Arlington, VAAugust Remote Application-Level DoS Valid Request Bogus Request No Attack DoS Attack

Prof. Mort AnvariStrayer University at Arlington, VAAugust Effects of DoS on Gossip Reasonable to assume that source is attacked Reasonable to assume that source is attacked Surprisingly, we show that naïve gossip is vulnerable to DoS attacks Surprisingly, we show that naïve gossip is vulnerable to DoS attacks Attacking a process in pull-based gossip may prevent it from sending messages Attacking a process in pull-based gossip may prevent it from sending messages Attacking a process in push-based gossip may prevent it from receiving messages Attacking a process in push-based gossip may prevent it from receiving messages Reasonable to assume that source is attacked Reasonable to assume that source is attacked Surprisingly, we show that naïve gossip is vulnerable to DoS attacks Surprisingly, we show that naïve gossip is vulnerable to DoS attacks Attacking a process in pull-based gossip may prevent it from sending messages Attacking a process in pull-based gossip may prevent it from sending messages Attacking a process in push-based gossip may prevent it from receiving messages Attacking a process in push-based gossip may prevent it from receiving messages

Prof. Mort AnvariStrayer University at Arlington, VAAugust Our Solution Drum – a new gossip-based ALM protocol Drum – a new gossip-based ALM protocol Utilizes DoS-mitigation techniques Utilizes DoS-mitigation techniques –Separating and bounding resources –Combining both push and pull –Using random one-time ports to communicate Proven robust using formal analysis and quantitative evaluation Proven robust using formal analysis and quantitative evaluation –Provides general methods for analyzing and quantitatively evaluating resistance to DoS-attacks Drum – a new gossip-based ALM protocol Drum – a new gossip-based ALM protocol Utilizes DoS-mitigation techniques Utilizes DoS-mitigation techniques –Separating and bounding resources –Combining both push and pull –Using random one-time ports to communicate Proven robust using formal analysis and quantitative evaluation Proven robust using formal analysis and quantitative evaluation –Provides general methods for analyzing and quantitatively evaluating resistance to DoS-attacks

Prof. Mort AnvariStrayer University at Arlington, VAAugust Bounding Resources Motivation: prevent resource exhaustion Motivation: prevent resource exhaustion Each round process a random subset of the arriving messages and discard the rest Each round process a random subset of the arriving messages and discard the rest Motivation: prevent resource exhaustion Motivation: prevent resource exhaustion Each round process a random subset of the arriving messages and discard the rest Each round process a random subset of the arriving messages and discard the rest Valid Request Bogus Request Round Duration

Prof. Mort AnvariStrayer University at Arlington, VAAugust Combining Push and Pull Attacking push cannot prevent receiving messages via pull (random ports) Attacking push cannot prevent receiving messages via pull (random ports) Attacking pull cannot prevent sending via push Attacking pull cannot prevent sending via push Attacking push cannot prevent receiving messages via pull (random ports) Attacking push cannot prevent receiving messages via pull (random ports) Attacking pull cannot prevent sending via push Attacking pull cannot prevent sending via push

Prof. Mort AnvariStrayer University at Arlington, VAAugust Random Ports Any request necessitating a reply contains a random port number Any request necessitating a reply contains a random port number –“Invisible” to the attacker (e.g., encrypted) The reply is sent to that random port The reply is sent to that random port Assumption: attacking other ports does not affect the random port’s queue (i.e., there is no BW exhaustion) Assumption: attacking other ports does not affect the random port’s queue (i.e., there is no BW exhaustion) Any request necessitating a reply contains a random port number Any request necessitating a reply contains a random port number –“Invisible” to the attacker (e.g., encrypted) The reply is sent to that random port The reply is sent to that random port Assumption: attacking other ports does not affect the random port’s queue (i.e., there is no BW exhaustion) Assumption: attacking other ports does not affect the random port’s queue (i.e., there is no BW exhaustion)

Prof. Mort AnvariStrayer University at Arlington, VAAugust Drum’s Push Mechanism Alice sends Bob a push-offer Alice sends Bob a push-offer Bob replies with a digest of messages he has already received Bob replies with a digest of messages he has already received Alice only sends Bob messages missing from his digest Alice only sends Bob messages missing from his digest Random ports Random ports Alice sends Bob a push-offer Alice sends Bob a push-offer Bob replies with a digest of messages he has already received Bob replies with a digest of messages he has already received Alice only sends Bob messages missing from his digest Alice only sends Bob messages missing from his digest Random ports Random ports

Prof. Mort AnvariStrayer University at Arlington, VAAugust Evaluation Methodology Compare 3 protocols Compare 3 protocols –Push (push-based with bounded resources) –Pull (pull-based with bounded resources) –Drum Under various DoS attacks Under various DoS attacks –Fixed strength –Increasing strength Source is always attacked Source is always attacked Evaluates combination of Push and Pull Evaluates combination of Push and Pull Compare 3 protocols Compare 3 protocols –Push (push-based with bounded resources) –Pull (pull-based with bounded resources) –Drum Under various DoS attacks Under various DoS attacks –Fixed strength –Increasing strength Source is always attacked Source is always attacked Evaluates combination of Push and Pull Evaluates combination of Push and Pull

Prof. Mort AnvariStrayer University at Arlington, VAAugust Evaluation Methodology (cont.) Measure propagation time – expected number of rounds it takes a message to reach all of the correct processes Measure propagation time – expected number of rounds it takes a message to reach all of the correct processes –99% in the simulations and actual measurements Use real implementation to measure actual latency and throughput Use real implementation to measure actual latency and throughput Measure propagation time – expected number of rounds it takes a message to reach all of the correct processes Measure propagation time – expected number of rounds it takes a message to reach all of the correct processes –99% in the simulations and actual measurements Use real implementation to measure actual latency and throughput Use real implementation to measure actual latency and throughput

Prof. Mort AnvariStrayer University at Arlington, VAAugust Analysis/Simulation Assumptions Static group with complete connectivity Static group with complete connectivity Processes have complete group knowledge Processes have complete group knowledge Propagation of a single message M Propagation of a single message M –But simulate situation where all procs have msgs to send M is never purged from local buffers M is never purged from local buffers Rounds are synchronized Rounds are synchronized All round operations complete within the same round All round operations complete within the same round All processes are correct (analysis) or 10% of them perform a DoS attack (simulation) All processes are correct (analysis) or 10% of them perform a DoS attack (simulation) Static group with complete connectivity Static group with complete connectivity Processes have complete group knowledge Processes have complete group knowledge Propagation of a single message M Propagation of a single message M –But simulate situation where all procs have msgs to send M is never purged from local buffers M is never purged from local buffers Rounds are synchronized Rounds are synchronized All round operations complete within the same round All round operations complete within the same round All processes are correct (analysis) or 10% of them perform a DoS attack (simulation) All processes are correct (analysis) or 10% of them perform a DoS attack (simulation)

Prof. Mort AnvariStrayer University at Arlington, VAAugust Validating Known Results The propagation time of gossip-based multicast protocols is O(log n) [P87, KSSV00] The propagation time of gossip-based multicast protocols is O(log n) [P87, KSSV00]

Prof. Mort AnvariStrayer University at Arlington, VAAugust

Prof. Mort AnvariStrayer University at Arlington, VAAugust Validating Known Results (cont.) The performance of gossip-based multicast protocols degrades gracefully as failures amount [LMM00, GvRB01] The performance of gossip-based multicast protocols degrades gracefully as failures amount [LMM00, GvRB01]

Prof. Mort AnvariStrayer University at Arlington, VAAugust

Prof. Mort AnvariStrayer University at Arlington, VAAugust DefinitionsDefinitions n – number of processes in the group n – number of processes in the group F – size of view, and max # of requests to process in a round (F = 4 ) F – size of view, and max # of requests to process in a round (F = 4 )  – percentage of attacked processes  – percentage of attacked processes x – number of bogus messages an attacked process receives in a round x – number of bogus messages an attacked process receives in a round B – total attack strength (B =  nx ) B – total attack strength (B =  nx ) n – number of processes in the group n – number of processes in the group F – size of view, and max # of requests to process in a round (F = 4 ) F – size of view, and max # of requests to process in a round (F = 4 )  – percentage of attacked processes  – percentage of attacked processes x – number of bogus messages an attacked process receives in a round x – number of bogus messages an attacked process receives in a round B – total attack strength (B =  nx ) B – total attack strength (B =  nx )

Prof. Mort AnvariStrayer University at Arlington, VAAugust Analysis – Increasing Strength Lemma 1: Fix  and n. Drum’s propagation time is bounded from above by a constant independent of x Lemma 1: Fix  and n. Drum’s propagation time is bounded from above by a constant independent of x Proof idea Proof idea –Define effective fan-in and effective fan-out –Both have an element independent of x –When x   this element is dominant –The effective fans are bounded from below Lemma 1: Fix  and n. Drum’s propagation time is bounded from above by a constant independent of x Lemma 1: Fix  and n. Drum’s propagation time is bounded from above by a constant independent of x Proof idea Proof idea –Define effective fan-in and effective fan-out –Both have an element independent of x –When x   this element is dominant –The effective fans are bounded from below

Prof. Mort AnvariStrayer University at Arlington, VAAugust Analysis – Increasing Strength Lemma 2: Fix  and n. The propagation time of Push grows at least linearly with x Lemma 2: Fix  and n. The propagation time of Push grows at least linearly with x Proof idea Proof idea –Assume all non-attacked processes already have the message (and so does the source) –Bound the expected number of processes having M at round k from above –Find the minimal k in which all processes have M –Reaching all attacked processes takes at least a time linear in x Lemma 2: Fix  and n. The propagation time of Push grows at least linearly with x Lemma 2: Fix  and n. The propagation time of Push grows at least linearly with x Proof idea Proof idea –Assume all non-attacked processes already have the message (and so does the source) –Bound the expected number of processes having M at round k from above –Find the minimal k in which all processes have M –Reaching all attacked processes takes at least a time linear in x

Prof. Mort AnvariStrayer University at Arlington, VAAugust Analysis – Increasing Strength Lemma 3: Fix  and n. The propagation time of Pull grows at least linearly with x Lemma 3: Fix  and n. The propagation time of Pull grows at least linearly with x Proof idea Proof idea –Denote by p the probability that the source reads a valid pull request in a round –# of rounds for M to leave the source is geometrically distributed with p –The expectation is 1/p –1/p is at least linear in x Lemma 3: Fix  and n. The propagation time of Pull grows at least linearly with x Lemma 3: Fix  and n. The propagation time of Pull grows at least linearly with x Proof idea Proof idea –Denote by p the probability that the source reads a valid pull request in a round –# of rounds for M to leave the source is geometrically distributed with p –The expectation is 1/p –1/p is at least linear in x

Prof. Mort AnvariStrayer University at Arlington, VAAugust

Prof. Mort AnvariStrayer University at Arlington, VAAugust

Prof. Mort AnvariStrayer University at Arlington, VAAugust Analysis – Fixed Strength Define c = B/nF (total attack strength divided by total system capacity) Define c = B/nF (total attack strength divided by total system capacity) Lemma 4: For c > 5, Drum’s expected propagation time is monotonically increasing with  Lemma 4: For c > 5, Drum’s expected propagation time is monotonically increasing with  Proof idea Proof idea –Effective fan-in and effective fan-out are monotonically decreasing with  Define c = B/nF (total attack strength divided by total system capacity) Define c = B/nF (total attack strength divided by total system capacity) Lemma 4: For c > 5, Drum’s expected propagation time is monotonically increasing with  Lemma 4: For c > 5, Drum’s expected propagation time is monotonically increasing with  Proof idea Proof idea –Effective fan-in and effective fan-out are monotonically decreasing with 

Prof. Mort AnvariStrayer University at Arlington, VAAugust

Prof. Mort AnvariStrayer University at Arlington, VAAugust Implementation and Measurements Uses the Java programming language Uses the Java programming language Multithreaded processes Multithreaded processes Operations are not synchronized Operations are not synchronized Rounds are not synchronized among processes Rounds are not synchronized among processes 50 machines on a 100Mbit LAN (Emulab) 50 machines on a 100Mbit LAN (Emulab) One process per machine One process per machine 5 processes (10%) perform a DoS attack 5 processes (10%) perform a DoS attack Uses the Java programming language Uses the Java programming language Multithreaded processes Multithreaded processes Operations are not synchronized Operations are not synchronized Rounds are not synchronized among processes Rounds are not synchronized among processes 50 machines on a 100Mbit LAN (Emulab) 50 machines on a 100Mbit LAN (Emulab) One process per machine One process per machine 5 processes (10%) perform a DoS attack 5 processes (10%) perform a DoS attack

Prof. Mort AnvariStrayer University at Arlington, VAAugust Validating the Simulations Evaluate the protocols in the same scenarios tested by simulation Evaluate the protocols in the same scenarios tested by simulation High correlation shows that the simplifying assumptions have little effect on the results High correlation shows that the simplifying assumptions have little effect on the results Evaluate the protocols in the same scenarios tested by simulation Evaluate the protocols in the same scenarios tested by simulation High correlation shows that the simplifying assumptions have little effect on the results High correlation shows that the simplifying assumptions have little effect on the results

Prof. Mort AnvariStrayer University at Arlington, VAAugust

Prof. Mort AnvariStrayer University at Arlington, VAAugust

Prof. Mort AnvariStrayer University at Arlington, VAAugust High-Throughput Experiments Single source Single source Creates 40 messages (50 bytes long) per second Creates 40 messages (50 bytes long) per second Total of 10,000 messages Total of 10,000 messages Round duration = 1 second Round duration = 1 second Messages are purged after 10 rounds Messages are purged after 10 rounds Each process sends at most 80 data messages to another process in a round Each process sends at most 80 data messages to another process in a round Throughput and latency are measured at the 44 correct receiving processes Throughput and latency are measured at the 44 correct receiving processes Single source Single source Creates 40 messages (50 bytes long) per second Creates 40 messages (50 bytes long) per second Total of 10,000 messages Total of 10,000 messages Round duration = 1 second Round duration = 1 second Messages are purged after 10 rounds Messages are purged after 10 rounds Each process sends at most 80 data messages to another process in a round Each process sends at most 80 data messages to another process in a round Throughput and latency are measured at the 44 correct receiving processes Throughput and latency are measured at the 44 correct receiving processes

Prof. Mort AnvariStrayer University at Arlington, VAAugust

Prof. Mort AnvariStrayer University at Arlington, VAAugust

Prof. Mort AnvariStrayer University at Arlington, VAAugust

Prof. Mort AnvariStrayer University at Arlington, VAAugust ConclusionsConclusions DoS attacks are a real problem DoS attacks are a real problem Gossip-based protocols have no single points of failure Gossip-based protocols have no single points of failure However, naïve gossip-based protocols are vulnerable to targeted DoS attacks However, naïve gossip-based protocols are vulnerable to targeted DoS attacks Drum uses simple techniques to mitigate the effects of DoS attacks Drum uses simple techniques to mitigate the effects of DoS attacks Evaluations show Drum’s resistance to DoS Evaluations show Drum’s resistance to DoS The most effective attack against Drum is a broad one The most effective attack against Drum is a broad one General DoS-mitigation techniques: random ports and neighbor-selection General DoS-mitigation techniques: random ports and neighbor-selection Analysis and quantitative evaluation techniques may be applicable to other systems as well Analysis and quantitative evaluation techniques may be applicable to other systems as well DoS attacks are a real problem DoS attacks are a real problem Gossip-based protocols have no single points of failure Gossip-based protocols have no single points of failure However, naïve gossip-based protocols are vulnerable to targeted DoS attacks However, naïve gossip-based protocols are vulnerable to targeted DoS attacks Drum uses simple techniques to mitigate the effects of DoS attacks Drum uses simple techniques to mitigate the effects of DoS attacks Evaluations show Drum’s resistance to DoS Evaluations show Drum’s resistance to DoS The most effective attack against Drum is a broad one The most effective attack against Drum is a broad one General DoS-mitigation techniques: random ports and neighbor-selection General DoS-mitigation techniques: random ports and neighbor-selection Analysis and quantitative evaluation techniques may be applicable to other systems as well Analysis and quantitative evaluation techniques may be applicable to other systems as well

Prof. Mort AnvariStrayer University at Arlington, VAAugust