NC STATE UNIVERSITY / MCNC Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves  S. Felix Wu  Fengmin Gong Talk:

Slides:

Advertisements

Similar presentations

Quality of Service CCDA Quick Reference.

Advertisements

Congestion Control and Fairness Models Nick Feamster CS 4251 Computer Networking II Spring 2008.

Quality of Service CS 457 Presentation Xue Gu Nov 15, 2001.

Internet Protocols Steven Low CS/EE netlab.CALTECH.edu October 2004 with J. Doyle, L. Li, A. Tang, J. Wang.

Architectures for Congestion-Sensitive Pricing of Network Services Thesis Defense by Murat Yuksel CS Department, RPI July 3 rd, 2002.

CNDS 2001, Phoenix, AZ Simulating the Smart Market Pricing Scheme on Differentiated- Services Architecture Murat Yuksel and Shivkumar Kalyanaraman Rensselaer.

© 2006 Cisco Systems, Inc. All rights reserved. Module 4: Implement the DiffServ QoS Model Lesson 4.10: Deploying End-to-End QoS.

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.

Network Border Patrol Celio Albuquerque, Brett J. Vickers and Tatsuya Suda Jaideep Vaidya CS590F Fall 2000.

Advanced Computer Networking Congestion Control for High Bandwidth-Delay Product Environments (XCP Algorithm) 1.

Resource pricing and the evolution of congestion control By R. J. Gibbens and F. P. Kelly.

CPSC Topics in Multimedia Networking A Mechanism for Equitable Bandwidth Allocation under QoS and Budget Constraints D. Sivakumar IBM Almaden Research.

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 ECSE-6600: Internet Protocols Informal Quiz #11 Shivkumar Kalyanaraman: GOOGLE: “Shiv RPI”

Differentiated Services. Service Differentiation in the Internet Different applications have varying bandwidth, delay, and reliability requirements How.

A Case for Relative Differentiated Services and the Proportional Differentiation Model Constantinos Dovrolis Parameswaran Ramanathan University of Wisconsin-Madison.

Comparing flow-oblivious and flow-aware adaptive routing Sara Oueslati and Jim Roberts France Telecom R&D CISS 2006 Princeton March 2006.

Charge-Sensitive TCP and Rate Control Richard J. La Department of EECS UC Berkeley November 22, 1999.

ACN: IntServ and DiffServ1 Integrated Service (IntServ) versus Differentiated Service (Diffserv) Information taken from Kurose and Ross textbook “ Computer.

Quality of Service (QoS) Routing Eric M. Wagner St. Xavier University Spring 2005.

UCB Implementing QoS Jean Walrand EECS. UCB Outline What? Bandwidth, Delay Where? End-to-End, Edge-to-Edge, Edge-to-End, Overlay Mechanisms Access Control.

1 Auction or Tâtonnement – Finding Congestion Prices for Adaptive Applications Xin Wang Henning Schulzrinne Columbia University.

A Strategy for Implementing Smart Market Pricing Scheme on Diff-Serv Murat Yuksel and Shivkumar Kalyanaraman Rensselaer Polytechnic Institute, Troy, NY.

Distributed-Dynamic Capacity Contracting: A congestion pricing framework for Diff-Serv Murat Yuksel and Shivkumar Kalyanaraman Rensselaer Polytechnic Institute,

Using Prices to Allocate Resources at Access Points Jimmy Shih, Randy Katz, Anthony Joseph One Administrative Domain Access Point A Access Point B Network.

Using Prices to Allocate Resources at Access Points Jimmy Shih, Randy Katz, Anthony Joseph One Administrative Domain Access Point A Access Point B Network.

Internet QoS Syed Faisal Hasan, PhD (Research Scholar Information Trust Institute) Visiting Lecturer ECE CS/ECE 438: Communication Networks.

Efficient agent-based selection of DiffServ SLAs over MPLS networks Thanasis G. Papaioannou a,b, Stelios Sartzetakis a, and George D. Stamoulis a,b presented.

An Architecture for Differentiated Services

1 Proportional differentiations provisioning Packet Scheduling & Buffer Management Yang Chen LANDER CSE Department SUNY at Buffalo.

Congestion Control for High Bandwidth-Delay Product Environments Dina Katabi Mark Handley Charlie Rohrs.

Traffic Management & QoS. Quality of Service (QoS) J The collective effect of service performances which determine the degree of satisfaction of a user.

10th Workshop on Information Technologies and Systems 1 A Comparative Evaluation of Internet Pricing Schemes: Smart Market and Dynamic Capacity Contracting.

Internet Infrastructure and Pricing. Internet Pipelines Technology of the internet enables ecommerce –Issues of congestion and peak-load pricing –Convergence.

Integrated Services (RFC 1633) r Architecture for providing QoS guarantees to individual application sessions r Call setup: a session requiring QoS guarantees.

CS Spring 2011 CS 414 – Multimedia Systems Design Lecture 23 - Multimedia Network Protocols (Layer 3) Klara Nahrstedt Spring 2011.

Tiziana Ferrari Quality of Service Support in Packet Networks1 Quality of Service Support in Packet Networks Tiziana Ferrari Italian.

Vulnerabilities and Safeguards in Networks with QoS Support Dr. Sonia Fahmy CS Dept., Purdue University.

Adaptive Packet Marking for Providing Differentiated Services in the Internet Wu-chang Feng, Debanjan Saha, Dilip Kandlur, Kang Shin October 13, 1998.

Quality of Service (QoS)

Adaptive QoS Management for IEEE Future Wireless ISPs 通訊所鄭筱親 Wireless Networks 10, 413–421, 2004.

CONGESTION CONTROL and RESOURCE ALLOCATION. Definition Resource Allocation : Process by which network elements try to meet the competing demands that.

Ran aware flow control tool

Link Scheduling & Queuing COS 461: Computer Networks

QoS on GÉANT - Aristote Seminar -- Nicolas Simar QoS on GÉANT Aristote Seminar, Paris (France), Nicolas Simar,

Differentiated Services for the Internet Selma Yilmaz.

Applicazione del paradigma Diffserv per il controllo della QoS in reti IP: aspetti teorici e sperimentali Stefano Salsano Università di Roma “La Sapienza”

Covilhã, 30 June Atílio Gameiro Page 1 The information in this document is provided as is and no guarantee or warranty is given that the information is.

Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.

Research Unit in Networking - University of Liège A Distributed Algorithm for Weighted Max-Min Fairness in MPLS Networks Fabian Skivée

NC State / UC Davis / MCNC Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves  S. Felix Wu  Dan Stephenson DARPA.

1 Protecting Network Quality of Service against Denial of Service Attacks Douglas S. Reeves S. Felix Wu Chandru Sargor N. C. State University / MCNC October.

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 3: Introduction to IP QoS.

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks TCP.

CprE 458/558: Real-Time Systems (G. Manimaran)1 CprE 458/558: Real-Time Systems Real-Time Networks – WAN Packet Scheduling.

Anticipating the Metering and Settlement Implications of the Drive for Internet Quality of Service Joseph P. Bailey, Ph.D. Robert.

Zurich Research Laboratory IBM Zurich Research Laboratory Adaptive End-to-End QoS Guarantees in IP Networks using an Active Network Approach Roman Pletka.

An End-to-End Service Architecture r Provide assured service, premium service, and best effort service (RFC 2638) Assured service: provide reliable service.

NC STATE UNIVERSITY / MCNC Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves  S. Felix Wu  Fengmin Gong DARPA.

XCP: eXplicit Control Protocol Dina Katabi MIT Lab for Computer Science

© 2006 Cisco Systems, Inc. All rights reserved. 3.2: Implementing QoS.

An End-to-End Service Architecture r Provide assured service, premium service, and best effort service (RFC 2638) Assured service: provide reliable service.

Congestion Notification Process for Real-Time Traffic draft-babiarz-tsvwg-rtecn-04.txt Jozef Babiarz Kwok Ho Chan

1 Lecture 15 Internet resource allocation and QoS Resource Reservation Protocol Integrated Services Differentiated Services.

Internet Quality of Service

Why Prices are Important

Internet Economics perspective on Accounting & Billing

Which Goals, and What Assumptions?

Prices How do prices help determine WHAT, HOW, and FOR WHOM to produce? What factors affect prices?

CHAPTER 6 PRICES.

Presentation transcript:

NC STATE UNIVERSITY / MCNC Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves  S. Felix Wu  Fengmin Gong Talk: “00-17 reeves” CACC Research Review Meeting October 25, 2000

NC STATE UNIVERSITY / MCNC 2 New Capabilities... Discriminating between users; a good thing! –Bandwidth, quality, response time, … Based on trust, need, importance, credit, urgency,.... : Policies!

NC STATE UNIVERSITY / MCNC 3...New Vulnerabilities Steps –provisioning –user signaling –Admission control –network signaling –Traffic policing Each step is vulnerable!

NC STATE UNIVERSITY / MCNC 4 Attack 1: Excessive User Demands Everyone asks for... –...maximum resource amount –...premium service

NC STATE UNIVERSITY / MCNC 5 Our Solution: Resource Pricing (An example: Telephone Network)

NC STATE UNIVERSITY / MCNC 6 Resource Prices Based on Demand Predicted-load (static) pricing Auction-based (semi-static) pricing Congestion-based (dynamic) pricing Combined approaches

NC STATE UNIVERSITY / MCNC 7 Policy Specification / Enforcement What determines the price? How much can each user pay?

NC STATE UNIVERSITY / MCNC 8 Provable Fairness Fairness is a policy Achievable... –Pareto optimal –Weighted max-min fair –Proportional fair –Equal QoS –Maximal aggregate utility –Maximum revenue

NC STATE UNIVERSITY / MCNC 9 Comparison With Other Approaches First-come, first-served –“grab resources early and often” Fixed (absolute) priority –starvation problems Non-weighted fairness (TCP) –everyone is equal? Other resource pricing work –static / centralized, restricted fairness

NC STATE UNIVERSITY / MCNC 10 Future Work: Implementation Fall 2000 (management tools: Summer 2001)

NC STATE UNIVERSITY / MCNC 11 Fut. Wk.: 3rd Party Authorization Spring 2001

NC STATE UNIVERSITY / MCNC 12 Future Work: Service Class Provisioning Given predicted demand for each service class... –how much of each service class should network owner provision? –what price charge for each class? Goals: maximum profit, maximum utility,...?

NC STATE UNIVERSITY / MCNC 13 Future Work: Protecting the Pricing Mechanism Vulnerability to attack Protecting… –RSVP –COPS –SIP –Policy server and databases –Authorization server, user database, billing database Spring 2002

NC STATE UNIVERSITY / MCNC 14 Impact of This Work Disincentives for "bad" user behavior Ability to flexibly specify and enforce policies Efficient (optimal) allocation Economic incentives for deployment of new services

NC STATE UNIVERSITY / MCNC 15 Attack 3: TCP Packet Dropping Congestion causes "normal" packet dropping Can malicious packet dropping (not due to normal congestion) be detected? –due to corrupted routers –due to "unfriendly" users

NC STATE UNIVERSITY / MCNC 16 Attack 4: Compromised DiffServ Routers

NC STATE UNIVERSITY / MCNC 17 Attack Types Dropping one data flow to benefit others Injecting(spoofing, flooding,...) packets to a high priority flow Remarking packets in a data flow Delaying packets in a data flow Compromised ingress, core, or egress routers