Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phalanx: Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy Tom Anderson University of Washington NSDI 2008.

Published byDean Punt Modified over 9 years ago

Similar presentations

Presentation on theme: "Phalanx: Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy Tom Anderson University of Washington NSDI 2008."— Presentation transcript:

1 Phalanx: Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy Tom Anderson University of Washington NSDI 2008

2

3 Why isn’t this a solved problem?  Solved for static content  Replicate everywhere  Large CDNs (Akamai, CoDeeN, Coral)  Potentially solved if we can replace all routers  Promising “clean slate” academic research... ... but, pervasive bots require universal deployment  Unsolved for dynamic content on the Internet today  VoIP, e-govt, e-commerce, AJAX web apps, etc.  Can we use a pervasive set of machines (i.e., a CDN) to solve the problem? Without changing every router?

4 Key Ideas  Tie fate of a server to a large part of the Internet  Goals  Deployable – without changing all ISPs or all routers  Scalable – to terabit attacks w/millions of attackers  Mechanisms  Packet Mailboxes  Secure Random Multipathing  Filtering Ring  Let’s go design it!

5 Simple Proxy  Use nodes as proxies  They can make filtering decisions  Forward remaining traffic to server  How do they make filtering decisions?  Do we trust them?  How does the network know we trust them?

6 Mailbox  Use nodes as mailboxes  Hold each packet for an explicit request  Policy at destination  Don’t trust mailboxes  Explicitly express trust to the network  Still, any single node is vulnerable to attack

7 Secure Random Multipathing  Send traffic randomly among mailboxes  According to shared secret sequence

8 Secure Random Multipathing  Send traffic randomly among mailboxes  According to shared secret sequence  Botnet can take down one mailbox

9 Secure Random Multipathing  Send traffic randomly among mailboxes  According to shared secret sequence  Botnet can take down one mailbox  But communication continues

10 Secure Random Multipathing  Send traffic randomly among mailboxes  According to shared secret sequence  Botnet can take down one mailbox  But communication continues  Diluted attacks against all mailboxes fail

11 Secure Random Multipathing  Sequence of mailboxes  Negotiate secret X at connection setup  Construct a secret sequence based on X x 0 = h(X,X), x i = h(x i-1,X)  Use x i to name that packet and select mailbox  Also a lightweight authenticator  Need a multipath congestion control algorithm

12 Filtering Ring  Attackers can ignore the mailboxes and just attack the server  Need to drop unrequested traffic in the network  request/response framework signals the network

13 blacklistwhitelistblacklistwhitelist xixi xixi blacklistwhitelist xixi Filtering Ring req: x i data: x i req: x i data: x i req: x i

14 Connection Setup  So far, we protect established connections  How do clients initiate connections?  Server issues “first packet” requests  Mediate access to these requests  Computational puzzles (Portcullis-style) Per-computation fair queueing  Authentication tokens For small deployments w/known principals

15 Example

16  Get static content and applet from CDN (1)  Connection setup  Get/solve puzzle (2)  Server issues first packet request (3)  First packet & request paired and sent (4,5)  Server returns mailbox list and secret X (6)  Protected comm. (7)

17 Example  Get static content and applet from CDN (1)  Connection setup  Get/solve puzzle (2)  Server issues first packet request (3)  First packet & request paired and sent (4,5)  Server returns mailbox list and secret X (6)  Protected comm. (7)

18 Example  Get static content and applet from CDN (1)  Connection setup  Get/solve puzzle (2)  Server issues first packet request (3)  First packet & request paired and sent (4,5)  Server returns mailbox list and secret X (6)  Protected comm. (7)

19 Example  Get static content and applet from CDN (1)  Connection setup  Get/solve puzzle (2)  Server issues first packet request (3)  First packet & request paired and sent (4,5)  Server returns mailbox list and secret X (6)  Protected comm. (7)

20 Example  Get static content and applet from CDN (1)  Connection setup  Get/solve puzzle (2)  Server issues first packet request (3)  First packet & request paired and sent (4,5)  Server returns mailbox list and secret X (6)  Protected comm. (7)

21 Example  Get static content and applet from CDN (1)  Connection setup  Get/solve puzzle (2)  Server issues first packet request (3)  First packet & request paired and sent (4,5)  Server returns mailbox list and secret X (6)  Protected comm. (7)

22 Evaluation  Microbenchmarks on PlanetLab (see paper)  Simulation  Based on gathered topology data  PlanetLab node serve as stand in for server  7200 Akamai nodes as mailboxes  Attacker bandwidth from BT measurements (avg 3Mb)

23 Protection vs. Deployment All mailboxes see less than 30% “goodput” 60% of mailboxes see no loss 20% of mailboxes see high loss Even a moderate deployment (7200 10 Mb mailboxes and only the victim AS filtering) has huge benefit against large botnets (100k nodes)

24 Scalability Any fixed deployment will reach it’s limit at some point...

25 Scalability 40% of mailboxes see no loss even vs. 4 mil. attackers w/36k mbxes... but, a more significant deployment can deal with botnets an order of magnitude larger than those of today. 36,000 100 Mbit mailboxes.

26 Related Work  CDNs (Akamai, Coral, CoDeeN)  Capabilities (SIFF, TVA)  Overlays (SOS, MayDay, Spread Spectrum)  Resource Proofs (Speak Up, Portcullis)  Architecture (Secure-i3, Off By Default)  Filtering (AITF, dFence, CenterTrack, Pushback)  Wireless Frequency Hopping

27 Conclusions  Ties one server’s fate to the fate of the Internet  Scales to deal with attacks of today and tomorrow  Deployable  Use CDN for mailboxes  Use upstream ISP to install filtering ring  Server is in control  Explicitly asks for each packet  Implements it’s own policies locally  Is not required to trust any given mailbox

28 Questions?

Download ppt "Phalanx: Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy Tom Anderson University of Washington NSDI 2008."

Similar presentations

The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June 28 2007.

The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June
Security Issues In Mobile IP

Security Issues In Mobile IP
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Data-Oriented Network Architecture (DONA) Scott Shenker (M. Chowla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, I. Stoica)

1 Data-Oriented Network Architecture (DONA) Scott Shenker (M. Chowla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, I. Stoica)
2009-03-16 1 Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.

Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.
INTRODUCTION TO COMPUTER NETWORKS Zeeshan Abbas. Introduction to Computer Networks INTRODUCTION TO COMPUTER NETWORKS.

INTRODUCTION TO COMPUTER NETWORKS Zeeshan Abbas. Introduction to Computer Networks INTRODUCTION TO COMPUTER NETWORKS.
Using Capability to prevent Internet Denial-of-Service attacks  Tom Anderson  Timothy Roscoe  David Wetherall  Offense Team –Khoa To –Amit Saha.

Using Capability to prevent Internet Denial-of-Service attacks  Tom Anderson  Timothy Roscoe  David Wetherall  Offense Team –Khoa To –Amit Saha.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
RSVP Cryptographic Authentication ...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.

RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.
FastPass: Availability Tokens to Defeat DoS Presented at CMU Systems Seminar by: Dan Wendlandt Work with: David Andersen & Adrian Perrig.

FastPass: Availability Tokens to Defeat DoS Presented at CMU Systems Seminar by: Dan Wendlandt Work with: David Andersen & Adrian Perrig.
Consensus Routing: The Internet as a Distributed System 2009. 2. 26 John P. John, Ethan Katz-Bassett, Arvind Krishnamurthy, and Thomas Anderson Presented.

Consensus Routing: The Internet as a Distributed System John P. John, Ethan Katz-Bassett, Arvind Krishnamurthy, and Thomas Anderson Presented.
.NET Remoting. .Net Remoting Replaces DCOM (Distributed Component Object Model – a proprietary Microsoft technology for communication among software components.

.NET Remoting. .Net Remoting Replaces DCOM (Distributed Component Object Model – a proprietary Microsoft technology for communication among software components.
Spring 2003CS 4611 Content Distribution Networks Outline Implementation Techniques Hashing Schemes Redirection Strategies.

Spring 2003CS 4611 Content Distribution Networks Outline Implementation Techniques Hashing Schemes Redirection Strategies.
Named Data Networking for Social Network Content delivery P. Truong, B. Mathieu (Orange Labs), K. Satzke (Alu) E. Stephan (Orange Labs) draft-truong-icnrg-ndn-osn-00.txt.

Named Data Networking for Social Network Content delivery P. Truong, B. Mathieu (Orange Labs), K. Satzke (Alu) E. Stephan (Orange Labs) draft-truong-icnrg-ndn-osn-00.txt.
2005 Stanford Computer Systems Lab Flow Cookies Bandwidth Amplification as Flooding Defense Martin Casado, Pei Cao Niels Provos.

2005 Stanford Computer Systems Lab Flow Cookies Bandwidth Amplification as Flooding Defense Martin Casado, Pei Cao Niels Provos.
To Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets Xin Liu Xiaowei Yang Yanbin Lu UC Irvine

To Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets Xin Liu Xiaowei Yang Yanbin Lu UC Irvine
A DoS-Limiting Network Architecture Presented by Karl Deng Sagar Vemuri.

A DoS-Limiting Network Architecture Presented by Karl Deng Sagar Vemuri.
Peer-to-Peer Based Multimedia Distribution Service Zhe Xiang, Qian Zhang, Wenwu Zhu, Zhensheng Zhang IEEE Transactions on Multimedia, Vol. 6, No. 2, April.

Peer-to-Peer Based Multimedia Distribution Service Zhe Xiang, Qian Zhang, Wenwu Zhu, Zhensheng Zhang IEEE Transactions on Multimedia, Vol. 6, No. 2, April.
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric (07016080)

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
A Poisoning-Resilient TCP Stack Amit Mondal Aleksandar Kuzmanovic Northwestern University

A Poisoning-Resilient TCP Stack Amit Mondal Aleksandar Kuzmanovic Northwestern University

Similar presentations

Ads by Google