Presentation is loading. Please wait.

Presentation is loading. Please wait.

Faculty of Electrical Engineering, Technion DSN 2004 Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Faculty of Electrical Engineering, Technion DSN 2004 Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based."— Presentation transcript:

1 Faculty of Electrical Engineering, Technion DSN 2004 Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based Multicast Gal Badishi, Idit Keidar, Amir Sasson

2 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 OutlineOutline The problem The problem Overview of gossip-based multicast Overview of gossip-based multicast Proposed solution - Drum Proposed solution - Drum Analysis and simulations Analysis and simulations Implementation and measurements Implementation and measurements Summary and general principles Summary and general principles The problem The problem Overview of gossip-based multicast Overview of gossip-based multicast Proposed solution - Drum Proposed solution - Drum Analysis and simulations Analysis and simulations Implementation and measurements Implementation and measurements Summary and general principles Summary and general principles

3 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Denial of Service (DoS) Unavailability of service Unavailability of service –Exhausting resources Remote attacks Remote attacks –Network level Solutions do not solve all application problems Solutions do not solve all application problems –Application level Got little attention Got little attention Quantitative analysis of impact on application and identification of vulnerabilities needed Quantitative analysis of impact on application and identification of vulnerabilities needed Unavailability of service Unavailability of service –Exhausting resources Remote attacks Remote attacks –Network level Solutions do not solve all application problems Solutions do not solve all application problems –Application level Got little attention Got little attention Quantitative analysis of impact on application and identification of vulnerabilities needed Quantitative analysis of impact on application and identification of vulnerabilities needed

4 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 ChallengesChallenges Quantify the effect of DoS at the application level Quantify the effect of DoS at the application level Expose vulnerabilities Expose vulnerabilities Find effective DoS-mitigation techniques Find effective DoS-mitigation techniques –Prove their usefulness using the found metric Multicast as an example Multicast as an example Quantify the effect of DoS at the application level Quantify the effect of DoS at the application level Expose vulnerabilities Expose vulnerabilities Find effective DoS-mitigation techniques Find effective DoS-mitigation techniques –Prove their usefulness using the found metric Multicast as an example Multicast as an example

5 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Tree-Based Multicast Use a spanning tree – most common solution Use a spanning tree – most common solution No duplicates (optimal BW when network-level) No duplicates (optimal BW when network-level) Single points of failure Single points of failure Use a spanning tree – most common solution Use a spanning tree – most common solution No duplicates (optimal BW when network-level) No duplicates (optimal BW when network-level) Single points of failure Single points of failure Source

6 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Gossip-Based Multicast Progresses in rounds Progresses in rounds Every round Every round –Choose random partners (view ) –Send or receive messages –Discard old msgs from buffer Probabilistic reliability Probabilistic reliability Uses redundancy to achieve robustness Uses redundancy to achieve robustness Two methods Two methods –Push –Pull Progresses in rounds Progresses in rounds Every round Every round –Choose random partners (view ) –Send or receive messages –Discard old msgs from buffer Probabilistic reliability Probabilistic reliability Uses redundancy to achieve robustness Uses redundancy to achieve robustness Two methods Two methods –Push –Pull

7 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 PushPush Source

8 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 PullPull Source

9 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Effects of DoS on Gossip Surprisingly, we show that naïve gossip is vulnerable to DoS attacks Surprisingly, we show that naïve gossip is vulnerable to DoS attacks Attacking a process in pull-based gossip may prevent it from sending messages Attacking a process in pull-based gossip may prevent it from sending messages Attacking a process in push-based gossip may prevent it from receiving messages Attacking a process in push-based gossip may prevent it from receiving messages Surprisingly, we show that naïve gossip is vulnerable to DoS attacks Surprisingly, we show that naïve gossip is vulnerable to DoS attacks Attacking a process in pull-based gossip may prevent it from sending messages Attacking a process in pull-based gossip may prevent it from sending messages Attacking a process in push-based gossip may prevent it from receiving messages Attacking a process in push-based gossip may prevent it from receiving messages

10 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 DrumDrum A new gossip-based ALM protocol A new gossip-based ALM protocol Utilizes DoS-mitigation techniques Utilizes DoS-mitigation techniques –Using random one-time ports to communicate –Combining both push and pull –Separating and bounding resources Eliminates vulnerabilities to DoS Eliminates vulnerabilities to DoS Proven robust using formal analysis and quantitative evaluation Proven robust using formal analysis and quantitative evaluation A new gossip-based ALM protocol A new gossip-based ALM protocol Utilizes DoS-mitigation techniques Utilizes DoS-mitigation techniques –Using random one-time ports to communicate –Combining both push and pull –Separating and bounding resources Eliminates vulnerabilities to DoS Eliminates vulnerabilities to DoS Proven robust using formal analysis and quantitative evaluation Proven robust using formal analysis and quantitative evaluation

11 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Random Ports Any request necessitating a reply contains a random port number Any request necessitating a reply contains a random port number –“Invisible” to the attacker (e.g., encrypted) The reply is sent to that random port The reply is sent to that random port Assumption: Network withstands load Assumption: Network withstands load Any request necessitating a reply contains a random port number Any request necessitating a reply contains a random port number –“Invisible” to the attacker (e.g., encrypted) The reply is sent to that random port The reply is sent to that random port Assumption: Network withstands load Assumption: Network withstands load Request + random port number Wait on random port Wait on well- known port

12 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Combining Push and Pull Attacking push cannot prevent receiving messages via pull (random ports) Attacking push cannot prevent receiving messages via pull (random ports) Attacking pull cannot prevent sending via push Attacking pull cannot prevent sending via push Each process has some control over the processes it communicates with Each process has some control over the processes it communicates with Attacking push cannot prevent receiving messages via pull (random ports) Attacking push cannot prevent receiving messages via pull (random ports) Attacking pull cannot prevent sending via push Attacking pull cannot prevent sending via push Each process has some control over the processes it communicates with Each process has some control over the processes it communicates with

13 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Bounding Resources Motivation: prevent resource exhaustion Motivation: prevent resource exhaustion Each round process a random subset of the arriving messages and discard the rest Each round process a random subset of the arriving messages and discard the rest Separate resources for orthogonal operations Separate resources for orthogonal operations Motivation: prevent resource exhaustion Motivation: prevent resource exhaustion Each round process a random subset of the arriving messages and discard the rest Each round process a random subset of the arriving messages and discard the rest Separate resources for orthogonal operations Separate resources for orthogonal operations Valid Request Bogus Request Round Duration

14 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Evaluation: Staged DoS Attacks Increasing strength Increasing strength –shows trend under DoS Fixed strength Fixed strength –exposes vulnerabilities Source is always attacked Source is always attacked Analysis, simulations, measurements Analysis, simulations, measurements Increasing strength Increasing strength –shows trend under DoS Fixed strength Fixed strength –exposes vulnerabilities Source is always attacked Source is always attacked Analysis, simulations, measurements Analysis, simulations, measurements

15 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Analysis – Increasing Strength Assume static group, strict subset is attacked Assume static group, strict subset is attacked Lemma 1: Drum’s propagation time is bounded from above by a constant independent of the attack rate Lemma 1: Drum’s propagation time is bounded from above by a constant independent of the attack rate Lemma 2: The propagation time of Push grows at least linearly with the attack rate Lemma 2: The propagation time of Push grows at least linearly with the attack rate Lemma 3: The propagation time of Pull grows at least linearly with the attack rate Lemma 3: The propagation time of Pull grows at least linearly with the attack rate Assume static group, strict subset is attacked Assume static group, strict subset is attacked Lemma 1: Drum’s propagation time is bounded from above by a constant independent of the attack rate Lemma 1: Drum’s propagation time is bounded from above by a constant independent of the attack rate Lemma 2: The propagation time of Push grows at least linearly with the attack rate Lemma 2: The propagation time of Push grows at least linearly with the attack rate Lemma 3: The propagation time of Pull grows at least linearly with the attack rate Lemma 3: The propagation time of Pull grows at least linearly with the attack rate

16 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004

17 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004

18 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004

19 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 Analysis – Fixed Strength Lemma 4: For strong enough attacks, Drum’s expected propagation time is monotonically increasing as the percentage of attacked processes increases Lemma 4: For strong enough attacks, Drum’s expected propagation time is monotonically increasing as the percentage of attacked processes increases

20 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004

21 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 High-Throughput Experiments Multithreaded Java implementation Multithreaded Java implementation Single source creates 40 msgs/sec Single source creates 40 msgs/sec Round duration = 1 second Round duration = 1 second Measure throughput and latency at the receiving processes Measure throughput and latency at the receiving processes Multithreaded Java implementation Multithreaded Java implementation Single source creates 40 msgs/sec Single source creates 40 msgs/sec Round duration = 1 second Round duration = 1 second Measure throughput and latency at the receiving processes Measure throughput and latency at the receiving processes

22 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004

23 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004

24 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 SummarySummary Gossip-based protocols are very robust, but… Gossip-based protocols are very robust, but… –naïve gossip-based protocols are vulnerable to targeted DoS attacks Drum uses simple techniques to mitigate the effects of DoS attacks Drum uses simple techniques to mitigate the effects of DoS attacks Evaluations show Drum’s resistance to DoS Evaluations show Drum’s resistance to DoS The most effective attack against Drum is a broad one The most effective attack against Drum is a broad one Gossip-based protocols are very robust, but… Gossip-based protocols are very robust, but… –naïve gossip-based protocols are vulnerable to targeted DoS attacks Drum uses simple techniques to mitigate the effects of DoS attacks Drum uses simple techniques to mitigate the effects of DoS attacks Evaluations show Drum’s resistance to DoS Evaluations show Drum’s resistance to DoS The most effective attack against Drum is a broad one The most effective attack against Drum is a broad one

25 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004 General Principles DoS-mitigation techniques: DoS-mitigation techniques: –random ports –neighbor-selection by local choices –separate resource bounds Design goal: eliminate vulnerabilities Design goal: eliminate vulnerabilities –The most effective attack is a broad one Analysis and quantitative evaluation of impact of DoS Analysis and quantitative evaluation of impact of DoS DoS-mitigation techniques: DoS-mitigation techniques: –random ports –neighbor-selection by local choices –separate resource bounds Design goal: eliminate vulnerabilities Design goal: eliminate vulnerabilities –The most effective attack is a broad one Analysis and quantitative evaluation of impact of DoS Analysis and quantitative evaluation of impact of DoS

26 Gal BadishiFaculty of Electrical Engineering, TechnionDSN 2004

Download ppt "Faculty of Electrical Engineering, Technion DSN 2004 Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based."

Similar presentations

Consistency and Replication Chapter 7 Part II Replica Management & Consistency Protocols.

Consistency and Replication Chapter 7 Part II Replica Management & Consistency Protocols.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Playback delay in p2p streaming systems with random packet forwarding Viktoria Fodor and Ilias Chatzidrossos Laboratory for Communication Networks School.

Playback delay in p2p streaming systems with random packet forwarding Viktoria Fodor and Ilias Chatzidrossos Laboratory for Communication Networks School.
On Large-Scale Peer-to-Peer Streaming Systems with Network Coding Chen Feng, Baochun Li Dept. of Electrical and Computer Engineering University of Toronto.

On Large-Scale Peer-to-Peer Streaming Systems with Network Coding Chen Feng, Baochun Li Dept. of Electrical and Computer Engineering University of Toronto.
Optimizing Buffer Management for Reliable Multicast Zhen Xiao AT&T Labs – Research Joint work with Ken Birman and Robbert van Renesse.

Optimizing Buffer Management for Reliable Multicast Zhen Xiao AT&T Labs – Research Joint work with Ken Birman and Robbert van Renesse.
CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.

CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.
The SMART Way to Migrate Replicated Stateful Services Jacob R. Lorch, Atul Adya, Bill Bolosky, Ronnie Chaiken, John Douceur, Jon Howell Microsoft Research.

The SMART Way to Migrate Replicated Stateful Services Jacob R. Lorch, Atul Adya, Bill Bolosky, Ronnie Chaiken, John Douceur, Jon Howell Microsoft Research.
Gossip Algorithms and Implementing a Cluster/Grid Information service MsSys Course Amar Lior and Barak Amnon.

Gossip Algorithms and Implementing a Cluster/Grid Information service MsSys Course Amar Lior and Barak Amnon.
Reliable Group Communication Quanzeng You & Haoliang Wang.

Reliable Group Communication Quanzeng You & Haoliang Wang.
Structural Reliability Analysis – Basics

Structural Reliability Analysis – Basics
LightFlood: An Optimal Flooding Scheme for File Search in Unstructured P2P Systems Song Jiang, Lei Guo, and Xiaodong Zhang College of William and Mary.

LightFlood: An Optimal Flooding Scheme for File Search in Unstructured P2P Systems Song Jiang, Lei Guo, and Xiaodong Zhang College of William and Mary.
Faculty of Electrical Engineering, Technion Drum Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.

Faculty of Electrical Engineering, Technion Drum Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.
1 Principles of Reliable Distributed Systems Lecture 6: Synchronous Uniform Consensus Spring 2005 Dr. Idit Keidar.

1 Principles of Reliable Distributed Systems Lecture 6: Synchronous Uniform Consensus Spring 2005 Dr. Idit Keidar.
Distributed Algorithms for Secure Multipath Routing

Distributed Algorithms for Secure Multipath Routing
Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.
Directed Diffusion: A Scalable and Robust Communication Paradigm for Sensor Networks.

Directed Diffusion: A Scalable and Robust Communication Paradigm for Sensor Networks.
Implementing dynamic membership in a secure multicast protocol Ilana Sarfati and Orna Dutech Winter 2005 Supervisor : Gal Badishi הטכניון – מכון טכנולוגי.

Implementing dynamic membership in a secure multicast protocol Ilana Sarfati and Orna Dutech Winter 2005 Supervisor : Gal Badishi הטכניון – מכון טכנולוגי.
1 Principles of Reliable Distributed Systems Lecture 3: Synchronous Uniform Consensus Spring 2006 Dr. Idit Keidar.

1 Principles of Reliable Distributed Systems Lecture 3: Synchronous Uniform Consensus Spring 2006 Dr. Idit Keidar.
 Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 1 Principles of Reliable Distributed Systems Lecture 7: Failure Detectors.

 Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 7: Failure Detectors.
CS 582 / CMPE 481 Distributed Systems

CS 582 / CMPE 481 Distributed Systems

Similar presentations

Ads by Google