Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet.

Published byReynaldo Christopher Modified over 9 years ago

Similar presentations

Presentation on theme: "Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet."— Presentation transcript:

1 Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet

2 Aleksandar Kuzmanovic The Internet l 1969 The system of astonishing scale and complexity l 2004

3 Aleksandar Kuzmanovic Internet Design Principles l Network as a black-box l End-to-end argument [Clark84] –The core is simple –Intelligence at the endpoints l Implications –Easy to upgrade the network –Easy to incrementally deploy new services

4 Aleksandar Kuzmanovic Why End-Point Approach Today? l Scalability e2e scalability l Deployability –IP and network core are not extensible and are slowly evolving:  IPv6 (10 years)  IP Multicast (domain dependent) Goal: Improve network performance right here – right now!

5 Aleksandar Kuzmanovic Network Performance l Internet traffic –HTTP (web browsing) –FTP (file transfer)  Fact: 95% of the traffic today is TCP-based l Performance –QoS differentiation  Net win for both HTTP and FTP flows  End-point-based two-level differentiation scheme –Denial of Service  DoS attacks can demolish network performance  Prevent DoS attacks via a robust end-point protocol design

6 Aleksandar Kuzmanovic End-Point Service Differentiation l TCP-Low Priority –Utilizes only the excess network bandwidth l Key mechanism –Early congestion indications: one-way packet delay l Performance –Can improve the HTTP file transfers for more than 90% when FTP flows use TCP-LP l Deployability –no changes in the network core –sender side modification of TCP l High-speed version developed in cooperation with SLAC –tested over Gb/s networks in US http://www.ece.rice.edu/networks/TCP-LP

7 Aleksandar Kuzmanovic Denial of Service l A malicious way to consume resources in a network, a server cluster or in an end host, thereby denying service to other legitimate users l Example –Well-known TCP’s vulnerability to high-rate non-responsive flows

8 Aleksandar Kuzmanovic Design Principles - Revisited l Design Principles –Intelligence at the endpoints –The core is simple –Trust and cooperation among the endpoints l Implications –Easy to incrementally implement new services. –Easy to upgrade the network. –Large-scale system l Implement more intelligence at routers? –Scalability issue –Detect misbehaving flows in routers is a hard problem  Needle in a haystack

9 Aleksandar Kuzmanovic Design Principles - Revisited l Design Principles –Intelligence at the endpoints –The core is simple –Trust and cooperation among the endpoints l Implications –Malicious clients may misuse the intelligence. –Easy to upgrade the network. –Large-scale system l Implement more intelligence at routers? –Scalability issue –Detect misbehaving flows in routers is a hard problem  Needle in a haystack

10 Aleksandar Kuzmanovic Design Principles - Revisited l Design Principles –Intelligence at the endpoints –The core is simple –Trust and cooperation among the endpoints. –Hard to detect endpoint misbehavior. –Large-scale system –Malicious clients may misuse the intelligence l Implications l Implement more intelligence at routers? –Scalability issue –Detect misbehaving flows in routers is a hard problem  Needle in a haystack

11 Aleksandar Kuzmanovic Design Principles - Revisited l Design Principles –Intelligence at the endpoints –The core is simple –Trust and cooperation among the endpoints. –Hard to detect endpoint misbehavior. –Large-scale system –Malicious clients may misuse the intelligence l Implications l Implement more intelligence at routers? –Scalability issue –Detect misbehaving flows in routers is a hard problem  Needle in a haystack

12 Aleksandar Kuzmanovic End-Point Protocol Design l Performance vs. Security –End-point protocols are designed to maximize performance, but ignore security –95% of the Internet traffic is TCP traffic  Can have catastrophic consequences l DoS-resilient protocol design –Jointly optimize performance and security –Outperforms the core-based solutions

13 Aleksandar Kuzmanovic Remaining Outline l End-point protocol vulnerabilities –Low-rate TCP-targeted DoS attacks –Receiver-based TCP stacks with a misbehaving receiver l Limitations of network-based solutions l DoS-resilient end-point protocol design

14 Aleksandar Kuzmanovic Low-Rate Attacks l TCP is vulnerable to low-rate DoS attacks

15 Aleksandar Kuzmanovic TCP: a Dual Time-Scale Perspective l Two time-scales fundamentally required –RTT time-scales (~10-100 ms)  AIMD control –RTO time-scales (RTO=SRTT+4*RTTVAR)  Avoid congestion collapse l Lower-bounding the RTO parameter: –[AllPax99]: minRTO = 1 sec  to avoid spurious retransmissions –RFC2988 recommends minRTO = 1 secRFC2988

16 Aleksandar Kuzmanovic The Low-Rate Attack

17 Aleksandar Kuzmanovic The Low-Rate Attack l At a random initial time l A short burst (~RTT) sufficient to create outage –Outage – event of correlated packet losses that forces TCP to enter RTO mechanism l The impact of outage is distributed to all TCP flows

18 Aleksandar Kuzmanovic The Low-Rate Attack l The outage synchronizes all TCP flows –All flows react simultaneously and identically  backoff for minRTO l The attacker stops transmitting to elude detection

19 Aleksandar Kuzmanovic The Low-Rate Attack l Once the TCP flows try to recover –hit them again l Exploit protocol determinism

20 Aleksandar Kuzmanovic The Low-Rate Attack l And keep repeating… l RTT-time-scale outages inter-spaced on minRTO periods can deny service to TCP traffic

21 Aleksandar Kuzmanovic Low-Rate Attacks l TCP is vulnerable to low-rate DoS attacks

22 Aleksandar Kuzmanovic Vulnerability of Receiver-Based TCP to Misbehaviors l Sender-based TCP –Control functions given to the sender

23 Aleksandar Kuzmanovic Receiver-Based TCP l Receiver decides how much data can be sent, and which data should be sent by the sender l DATA – ACK communication becomes REQ - DATA l Example protocols –TFRC [RFC3448], WebTP, and RCP

24 Aleksandar Kuzmanovic Why Receiver-Based TCP? l Example: Busy web server –Receiver-based TCP distributes the state management across a large number of clients l Generally –Whenever a feedback is needed from the receiver, receiver-based TCP has advantage over sender-based schemes due to the locality of information l Benefits [RCP03] Performance Functionality - Loss recovery- Seamless handoffs - Congestion control- Server migration - Power management for - Bandwidth aggregation mobile devices - Web response times - Network-specific congestion control

25 Aleksandar Kuzmanovic Vulnerability l Receivers decide which packets and when to be sent –Receivers remotely control servers l Receivers have both means and incentive to manipulate the congestion control algorithm –Means: open source OS –Incentive: faster web browsing & file download

26 Aleksandar Kuzmanovic Receiver-Induced DoS Attacks l Request flood attack –A misbehaving receiver floods the server with requests, which replies and congests the network l Goals –Evaluate network-based schemes –Develop end-point solutions

27 Aleksandar Kuzmanovic Remaining Outline l End-Point protocol vulnerabilities l Limitations of network-based solutions –Low rate attacks –Misbehaving receivers l DoS-resilient end-point protocol design

28 Aleksandar Kuzmanovic Random Early Detection with Preferential Dropping l RED-PD [MFW01] designed to detect and thwart non-responsive flows –Monitors only a subset of flows at the router and compares their rates to the targeted bandwidth (TB)  TB is computed as a TCP-fair throughput for »Observed Ploss & RTT=40ms  If Ti > TB => flow i malicious l Key questions –Can algorithms intended to find high-rate attacks detect low-rate attacks? –Could we tune the algorithms to detect low-rate attacks without having too many false alarms?

29 Aleksandar Kuzmanovic The Time-Scale Issue l Scenario: 9 TCP Sack flows with RED and RED-PD –RED-PD detects high bandwidth flows  DoS inter-burst period < 500 ms

30 Aleksandar Kuzmanovic The Time-Scale Issue l Scenario: 9 TCP Sack flows with RED and RED-PD –RED-PD detects high but fails to detect low-rate attacks bandwidth flows DoS inter-burst period > 500 ms  DoS inter-burst period < 500 ms

31 Aleksandar Kuzmanovic CHOKe l CHOKe [PPP00] controls misbehaving flows by preventing a flow to monopolize buffer resources l Question: –Why don’t we use CHOKe against low-rate attacks?

32 Aleksandar Kuzmanovic Flow Filtering Scenario l Heterogeneous RTT environment: –Short-RTT flows are the most vulnerable to low- rate attacks l Implications: –Long-RTT flows ‘collaborate’ in the attack –Less-than bottleneck rates needed to attack short-RTT flows

33 Aleksandar Kuzmanovic CHOKe and Flow Filtering l DoS flow utilizes only 3.3% of the bottleneck capacity l CHOKe fails to throttle the low-rate attack against short-RTT flows

34 Aleksandar Kuzmanovic Request Flooding DoS Attack l Pushback [RFC3168] –Network nodes coordinate efforts to detect a malicious (flooding) node l But in the request flooding scenario, the flooding machine is not malicious –moreover, it is a victim…

35 Aleksandar Kuzmanovic Bandwidth Stealing l Fact –Network-based schemes lack the exact knowledge of end-point parameters l Example –RED-PD doesn’t know about RTT: TB=f(Ploss, RTT=40ms) l Implication –Clients with RTT > 40 ms can exploit this vulnerability l Algorithmic misbehavior –We generalized the TCP formula  T=f(Ploss, RTT, a, b) –Our algorithm tells how to re-tune AIMD parameters to steal bandwidth, yet elude detection

36 Aleksandar Kuzmanovic Summary of Limitations l Low rate attacks –RED-PD: issue of time-scales –CHOKe: flow filtering l Misbehaving receivers –Pushback: No distinction of causes and effects –RED-PD: No knowledge of endpoint parameters l Can we do better from the endpoints? –End-point parameter randomization –End-point TCP-fairness verification

37 Aleksandar Kuzmanovic End-point minRTO Randomization l Observe: –Low-rate attacks exploit protocol determinism  minRTO=1sec l Question: –Can minRTO randomization alleviate the problem? l Approach: –Randomize the minRTO parameter – l Insight: –The most vulnerable time-scale is T=b  Wait for flows to recover and then hit them again

38 Aleksandar Kuzmanovic End-point minRTO Randomization l TCP throughput formula on T=b time-scale of the low-rate attack

39 Aleksandar Kuzmanovic End-point minRTO Randomization l TCP throughput formula on T=b time-scale of the Shrew attack l Randomizing the minRTO parameter shifts and smoothes TCP’s null time-scales l Fundamental tradeoff between TCP performance and vulnerability to low-rate DoS attacks remains

40 Aleksandar Kuzmanovic An End-Point Solution l Sender-side verification: –Ping Agent:  Measures RTT without a cooperation from the receiver –TFRC Agent:  Computes “TCP- fair” rate –Control Agent:  Enforces the sending rate

41 Aleksandar Kuzmanovic Evaluation l Scenarios: –with behaving receiver (to study false positives) –with misbehaving receivers (to study detection) End-point scheme is able to detect even very moderate misbehaviors Slight inaccuracy for higher packet loss ratios (due to TFRC conservatism)

42 Aleksandar Kuzmanovic Summary l Denial of Service attacks represent a fundamental threat to today’s Internet l Network-based solutions are necessary, yet are quite often very limited l End-point protocols optimized for performance, not security l DoS-resilient protocol design  Parameter randomization  Ability to control the other end-point

43 Aleksandar Kuzmanovic Conclusions l Improve network performance via –End-point QoS differentiation –DoS-resilient protocol design l QoS differentiation –Developed, implemented, and tested TCP-LP –Can significantly improve the network performance l Denial of Service –Pro-active approach –Jointly consider both performance and security aspects

44 Aleksandar Kuzmanovic Publications [1] Measuring Service in Multi-Class Networks, In IEEE INFOCOM 2001. [2] Measurement Based Characterization and Classification of QoS- Enhanced Systems, In IEEE TPDS, 14(7): 671-685, 2003. [3] TCP-LP: A Distributed Algorithm for Low Priority Data Transfer, In IEEE INFOCOM 2003. [4] TCP-LP: Low-Priority Service via End-Point Congestion Control, To appear in IEEE/ACM ToN. [5]* HSTCP-LP: A Protocol for Low-Priority Bulk Data Transfer in High- Speed High-RTT Networks, In PFLDnet 2004. [6] Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants), In ACM SIGCOMM 2003. [7] Low-Rate TCP-Targeted Denial of Service Attacks and Counter Strategies, Submitted to IEEE/ACM ToN. [8] A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols, In IEEE ICNP 2004. [9] Receiver-based Congestion Control with a Misbehaving Receiver: Vulnerabilities and End-Point Solutions, Submitted to IEEE/ACM ToN. * With R. Les Cottrell, SLAC.

Download ppt "Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet."

Similar presentations

Martin Suchara, Ryan Witt, Bartek Wydrowski California Institute of Technology Pasadena, U.S.A. TCP MaxNet Implementation and Experiments on the WAN in.

Martin Suchara, Ryan Witt, Bartek Wydrowski California Institute of Technology Pasadena, U.S.A. TCP MaxNet Implementation and Experiments on the WAN in.
When TCP Friendliness Becomes Harmful Amit Mondal Aleksandar Kuzmanovic Northwestern University

When TCP Friendliness Becomes Harmful Amit Mondal Aleksandar Kuzmanovic Northwestern University
Rice Networks Group Aleksandar Kuzmanovic Edward W. Knightly Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew.

Rice Networks Group Aleksandar Kuzmanovic Edward W. Knightly Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew.
 Liang Guo  Ibrahim Matta  Computer Science Department  Boston University  Presented by:  Chris Gianfrancesco and Rick Skowyra.

 Liang Guo  Ibrahim Matta  Computer Science Department  Boston University  Presented by:  Chris Gianfrancesco and Rick Skowyra.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Network Border Patrol: Preventing Congestion Collapse and Promoting Fairness in the Internet Celio Albuquerque, Brett J. Vickers, Tatsuya Suda 1.

Network Border Patrol: Preventing Congestion Collapse and Promoting Fairness in the Internet Celio Albuquerque, Brett J. Vickers, Tatsuya Suda 1.
CS268: Beyond TCP Congestion Control Ion Stoica February 9, 2004.

CS268: Beyond TCP Congestion Control Ion Stoica February 9, 2004.
On Impact of Non-Conformant Flows on a Network of Drop-Tail Gateways Kartikeya Chandrayana Shivkumar Kalyanaraman ECSE Dept., R.P.I. (http://www.rpi.edu/~chandk)

On Impact of Non-Conformant Flows on a Network of Drop-Tail Gateways Kartikeya Chandrayana Shivkumar Kalyanaraman ECSE Dept., R.P.I. (
The War Between Mice and Elephants LIANG GUO, IBRAHIM MATTA Computer Science Department Boston University ICNP (International Conference on Network Protocols)

The War Between Mice and Elephants LIANG GUO, IBRAHIM MATTA Computer Science Department Boston University ICNP (International Conference on Network Protocols)
© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.

© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli SIGCOMM 1996.

Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli SIGCOMM 1996.
The War Between Mice and Elephants Presented By Eric Wang Liang Guo and Ibrahim Matta Boston University ICNP 2001 1.

The War Between Mice and Elephants Presented By Eric Wang Liang Guo and Ibrahim Matta Boston University ICNP
Congestion control in data centers

Congestion control in data centers
The Power of Explicit Congestion Notification Aleksandar Kuzmanovic Northwestern University

The Power of Explicit Congestion Notification Aleksandar Kuzmanovic Northwestern University
Adaptive Packet Marking for Maintaining End-to-End Throughput in a Differentiated-Services Internet Wu-Chang Feng, Dilip D.Kandlur, Member, IEEE, Debanjan.

Adaptive Packet Marking for Maintaining End-to-End Throughput in a Differentiated-Services Internet Wu-Chang Feng, Dilip D.Kandlur, Member, IEEE, Debanjan.
Rice Networks Group Aleksandar Kuzmanovic & Edward W. Knightly TCP-LP: A Distributed Algorithm for Low Priority Data Transfer.

Rice Networks Group Aleksandar Kuzmanovic & Edward W. Knightly TCP-LP: A Distributed Algorithm for Low Priority Data Transfer.
Rice Networks Group Ph.D. Thesis Proposal Aleksandar Kuzmanovic Edge-based Inference and Control in the Internet.

Rice Networks Group Ph.D. Thesis Proposal Aleksandar Kuzmanovic Edge-based Inference and Control in the Internet.
Presented by Prasanth Kalakota & Ravi Katpelly

Presented by Prasanth Kalakota & Ravi Katpelly
A Poisoning-Resilient TCP Stack Amit Mondal Aleksandar Kuzmanovic Northwestern University

A Poisoning-Resilient TCP Stack Amit Mondal Aleksandar Kuzmanovic Northwestern University

Similar presentations

Ads by Google