New Client Puzzle Outsourcing Techniques for DoS Resistance Brent Waters, Stanford University Ari Juels, RSA Laboratories Alex Halderman, Princeton University.

Slides:



Advertisements
Similar presentations
Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Ari Juels and John Brainard RSA Laboratories.
Advertisements

Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Most of slides come from Ari Juels and John Brainard RSA Laboratories.
CSC 774 Advanced Network Security
P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
CSC 774 Advanced Network Security
Computer Security and Penetration Testing
1 J. Alex Halderman A Convenient Method for Securely Managing Passwords J. Alex Halderman Princeton Brent Waters Stanford Edward W. Felten Princeton.
URSA: Providing Ubiquitous and Robust Security Support for MANET
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.
Open Problems in Data- Sharing Peer-to-Peer Systems Neil Daswani, Hector Garcia-Molina, Beverly Yang.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Interactions Between Delayed Acks and Nagle’s Algorithm in HTTP and HTTPS: Problems and Solutions Arthur Goldberg Robert Buff New York University March.
Evaluating Authenticated, DoS Resistant Key Exchange Protocols J.W. Pope CS 589 December 12, 2003.
A DoS-Limiting Network Architecture Presented by Karl Deng Sagar Vemuri.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Pseudo Trust: Zero-Knowledge Based Authentication in Anonymous Peer-to-Peer Protocols Li Lu, Lei Hu State Key Lab of Information Security, Graduate School.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Georgy Melamed Eran Stiller
1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.
A DoS Limiting Network Architecture An Overview by - Amit Mondal.
The Shared Channel Model for DoS Carl A. Gunter With Sanjeev Khanna, Kaijun Tan, and Santosh Venkatesh.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
By Jyh-haw Yeh Boise State University ICIKM 2013.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
The Case for Public Work Wu-chang Feng, Ed Kaiser Supported by:
Presenter: Chen Chih-Ming 96/12/27. Outline  Background  Problem Definition  State of Art  Portcullis Architecture  Designs  Potential Attacks 
1 Lecture 14: Real-Time Communication Security real-time communication – two parties interact in real time (as opposed to delayed communication like )
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.
DaaS: DDoS Mitigation-as-a-Service 2011 IEEE/IPSJ International Symposium on Applications and the Internet Author: Soon Hin Khor & Akihiro Nakao Speaker:
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
Protecting Web Servers from Content Request Floods Srikanth Kandula ▪ Shantanu Sinha ▪ Dina Katabi ▪ Matthias Jacob CSAIL –MIT.
Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.
SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.
Limiting Denial of Service Using Client Puzzles Presented by Ed Kaiser.
Portcullis: Protecting Connection Setup from Denial-of-Capability Attacks Paper by: Bryan Parno et al. (CMU) Presented by: Ionut Trestian Gergely Biczók.
Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy, Tom Anderson Affiliates Day, 2007.
Mehmud Abliz, Taieb Znati, ACSAC (Dec., 2009). Outline Introduction Desired properties Basic scheme Improvements to the basic scheme Analysis Related.
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
Mangai Vetrivelan Snigdha Joshi Avani Atre. Sensor Network Vulnerabilities o Unshielded Sensor Network Nodes vulnerable to be compromised. o Attacks on.
Secure Conjunctive Keyword Search Over Encrypted Data Philippe Golle Jessica Staddon Palo Alto Research Center Brent Waters Princeton University.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007.
1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.
New Client Puzzle Outsourcing Techniques for DoS Resistance Brent Waters, Ari Juels, J. Alex Halderman and Edward W. Felten.
Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.
Design Lines for a Long Term Competitive IDS Erwan Lemonnier KTH-IT / Defcom.
Using Rhythmic Nonces for Puzzle-Based DoS Resistance Ellick M. Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin, and Daniel Rebolledo University of.
Threats Relating to Transport Layer Protocols Handling Multiple Addresses Masataka Ohta Tokyo Institute of technology
Network Processing Systems Design
DDoS Attacks on Financial Institutions Presentation
IT443 – Network Security Administration Instructor: Bo Sheng
Improving searches through community clustering of information
Definition of Distributed System
Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.
Phalanx : Withstanding Multimillion-Node Botnets
CS/ECE 418 Introduction to Network Security
A Cryptographic Defense Against Connection Depletion Attacks
A Cryptographic Defense Against Connection Depletion Attacks
CIS 4930/6930 – Privacy-Preserving and Trustworthy Cyber-Systems Dr
Presentation transcript:

New Client Puzzle Outsourcing Techniques for DoS Resistance Brent Waters, Stanford University Ari Juels, RSA Laboratories Alex Halderman, Princeton University Ed Felten, Princeton University

Client Puzzles DoS attack the attackers consume resources quickly May not be enough resources left for a regular client ServerAttackers User Request

Client Puzzles Client puzzles slow down an attacker by making him solve a moderately hard challenge before granting a resource Typically, partially invert a hash function ServerAttackers User Request y,z x, where H(x|y)=z Request y’,z’ x’, where H(x|y)=z

Client Puzzles Client Puzzles can potentially be used to protect many different kinds of resources – SPAM [DN’92] –TCP SYN buffers [JB’99] –CPU on SSL connections [JB’99, DS’02] –Database Queries Resource intensive queries DRM? –IP packets

Shortcomings of Client Puzzles 1)Puzzle-solving delay after user request –User must wait for his machine to solve puzzle –Is this a problem? [JB’99] show 1s delay for TCP syn buffer… –However, they do their analysis under 20 attackers –Lesson: Delay depends upon number of attackers and scarcity of resource

Shortcomings of Client Puzzles 2) Server hash computation per submitted solution –Hash overhead ~1us computation time –Typically small relative to resource given –Attack by flooding server with incorrect solutions –Impractical if protecting a low level service such as IP layer

Our Solution Outsource puzzle creation –Puzzles created are independent of client or server using them Solve for access to “channels” on servers –Assume internal routing structure is resistant to eavesdropping

Bastion service distributes puzzles –Global Service –Bastion operation is independent of servers and clients using it  Scalability Outsourcing Puzzles 1 2 N

Since puzzles are independent of bastion can use robust systems to distribute puzzles Leverage point 1 2 N

Solving for Channels Client solves for a random channel Next time period uses solved channel as solution Solution can be transformed to work on any server Time 1 2 N 507

Solving for Channels Client solves for a random channel Next time period uses solved channel as solution Solution can be transformed to work on any server Time 507

Solving for Channels Client solves for a random channel Next time period uses solved channel as solution Solution can be transformed to work on any server Time 507 Server A Server B 507 PK A PK B check

Attackers and Channels Attacker can only get resources allotted to channels he has solved puzzles for Server A 507 PK A 507 Attackers

Puzzle Construction N Channels P(x,d): Puzzle hiding x of difficulty d H : Hash function x i : Randomly chosen each iteration 1 2 N X i = g x i mod p, P(x i,d) Puzzle for channel iPublic Key of Server A Y=g a H(g ax i ) Token for channel i on server A

Client and Server Operation Client Solve puzzle for period j+1 Pick random channel Solve puzzle for channel Server Compute all N tokens for period j+1 Public key = g a For all X i =g x i compute X i a =g ax i Time j-1jj+1 Use solution computed during period j-1 Have solution x i for channel i For server with public key Y=g a compute Y x i =g ax i as token for channel i Use tokens computed during period j-1 Request on channel i, do a quick comparison on token list Keep track of resources granted per channel

Key Points User does not wait for puzzle to be solved Bytestring comparison per claimed solution Primary bottleneck is # of channels the server computes tokens for (exponentiations) –Will improve as processor speeds increase –Can give out X i before Puz(x i,d)

An Example Time cycles of 20 minutes N=20,000 channels ~5% of a high end server’s computing time Set puzzle difficulty so typical machine can have 2 solutions 1,000 attackers with 1,000 solutions;  1/10 of channels Regular user has 2 random channels each 10% chance of being occupied by adversary  1% that both are occupied

Prototype Implementation Rate limits number of new TCP connections After SYN packet must wait n seconds before another on channel HTTP Server to simulate Bastion SYN Sends two previously computed tokens 48

Flooding Attack Experiment Attacker submits several false solutions

Comparison to Traditional Client Puzzles Our Approach Proactive approach; solves puzzles in preparation –Uses resources when not under attack (server & client) Solution is ready immediately for user request Bitstring comparison per claimed solution –IP layer Traditional Client Puzzles Enter client puzzle operation in reaction to an attack User waits for client to solve Hash computation per claimed solution

Comparison to Traditional Client Puzzles Our Approach Use solutions at multiple protocols (e.g. TCP, SSL, Database queries) Number of channels available should increase as servers can do PK operations faster Traditional Client Puzzles Unclear how should manage protecting multiple protocols

Extensions Identity-Based server public keys More flexible number of channels per server Random Beacon for Bastion –Loose universal puzzle property More efficient PK crypto –Smaller key sizes (key life is shorter)

Conclusions Propose a new client puzzle outsourcing technique for protecting against DoS attacks Trade off extra average case effort in exchange for low-user delay and efficient solution verification