Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Case for Public Work Wu-chang Feng, Ed Kaiser Supported by:

Published byJoy Hawkins Modified over 9 years ago

Similar presentations

Presentation on theme: "The Case for Public Work Wu-chang Feng, Ed Kaiser Supported by:"— Presentation transcript:

1 The Case for Public Work Wu-chang Feng, Ed Kaiser Supported by:

2 Motivation Unwanted traffic is uncontrollable –Spam –Viruses –Worms –Port scans –Denial of service –Phishing

3 Approaches Indirection –Hide or dynamically relocate to prevent indefinite access Filtering –Drop unwanted traffic upstream to save network resources Capabilities –Provide fine-grained control over who is given service Proof-of-Work –Make adversaries commit as many resources as they request

4 Public work approach Combine salient features of each approach into single mechanism based on “public work functions” What is a public work function? –A cryptographic puzzle issued by service whose answer can be verified by anyone in the network –Specifically, anyone can verify Correctness Freshness (work performed recently) Amount of work (difficulty)

5 Basic operation Service advertises public work function with its location or resource Clients solve function and attach a valid answer on subsequent service requests Verifiers within network check for a valid answer before forwarding request

6 Basic operation

7

8

9

10 Revisiting approaches Indirection –Dynamically change reachable locations by changing public work function Filtering –Destination-controlled filtering at the client’s network edge based on function difficulty Capabilities –Fine-grained control over access using source-specific public work function Proof-of-work –Public work function is a puzzle of a given difficulty

11 Public work functions Goals –Fast issuing –Fast verification –Flexible binding –Limited pre-computation and replay

12 A novel public work function Server advertises nonce and difficulty N c,D c Client must find A for flow F that satisfies above equation –Desired output must land in ‘Bucket 0’ –Relies on pre-image resistance of SHA1 –Assumes SHA1 has uniformly distributed output Targeted Hash Reversal 0123DcDc …… SHA1(A,F,N c )  0 mod D c

13 Public work functions Goals revisited –Fast issuing Random number generation N c and table lookup for D c –Fast verification Single SHA1 hash (~ 1  s on commodity PC) –Flexible binding F can be any property of request (IP addresses, ports, URIs) –Limited pre-computation and replay Server updates N c to invalidate previous answers

14 The End Unwanted traffic meets its match The Internet is saved All is good in the world again

15 Well, not really…

16

17 The good Problems made easier

18 Floods against issuer Public work function needs to be given once per client –N c easy to generate –D c easy to lookup Floods against issuer easily identified and dropped

19 Floods against verifier and network Verification is efficient –Look up public work function –Perform a single SHA1 hash on A,F,N c Verification done near adversary –Unwanted traffic identified and dropped at source edge –Adversary cannot flood links to the issuer and verifier Adversary forced to expend arbitrary resources to attack system

20 The bad Problems that still need work

21 Granularity What should public work functions be attached to? –F is unspecified –Attach to keys or files in DHTs and P2P networks? –Attach to DNS names? –Attach to HTTP URIs? –Attach to TCP/UDP 5-tuples? –Attach to IP source/destination addresses?

22 Delivery Mutual assured delivery of work functions –Spoofing work functions and requests for work functions –Client must know that the public work function is authentic –Server must know that the public work function has been delivered to the right client Approaches for addressing delivery problems –Strong: public-key certificates SSL/X.509 certificates for TLS and DNSsec –Weak: three-way handshakes TCP seq. #s DNS request IDs

23 Difficulty Uniform difficulties are bound to fail –Adversaries can co-opt much more resources than individuals (i.e. Botnets with > 100k machines) Must give difficult functions to malicious users –Must have an accounting mechanism to track usage history (counting Bloom filters) –Must have a difficulty generation algorithm that can turn back targeted attacks

24 Spoofing Attributing activity to others –Spoofing requests with valid work from victim to increase its difficulty –Spoofing work function requests to disable a victim issuer –Spoofing requests from a targeted victim client to a large number of issuers (reflector) Must be reduced to make public work systems “work”

25 The ugly Problems that are added

26 The ugly Problems that are added Time check?

27 Replay Preventing pre-computation and replay attacks –Adversary continuously re-uses a previously solved public work function –Adversary solves a bunch of work functions in advance and bombs service at selected time Must “freshen” public work function N c,D c –Pre-computation limited to time since last update –Replay limited to time until next update

28 Asymmetry Verifier must be along the path to and from service –Must observe, validate, and store public work function –Must verify subsequent answers attached to requests –Requires path symmetry that does not exist generally Addressing asymmetry –Secure sharing of public work for multi-homed client ASs –Verifiers at first-hop routers or on the client itself A clean-slate proposal for using trusted hardware in networks

29 Statefulness Requires per-flow state to be kept at the verifier –Depends on F –Public work functions must be stored at the verifier for validating subsequent answers –Scalable only when verifiers are at the edges of the network At client edge, per-flow state scales At server edge, issuer can use keyed hashes to generate and validate N c from a single secret N i that is shared with server-side verifiers –e.g. N c =HMAC N I (IP c, D c )

30 Status Implementations –DNS system Via modifications to bind and iptables Uses iterative DNS queries to deliver work function –HTTP system Via new apache module and a client-side javascript solver –TCP system Via modifications to iptables Simulator http://thefengs.com/wuchang/work/courses/cs592_spring2006

31 Conclusion Public work functions –Combine key aspects of indirection, filtering, capabilities, and proof-of-work –Single per-client work function prevents floods against the issuer –Public traffic validation prevents floods against the verifier –Lots of problems to be solved still!

32 Questions? http://thefengs.com/wuchang/work/puzzles

33 Extra slides

34 DNS system

35 Public work management Query bloom filter Q C (T) –Keeps track of DNS requests per client Resource bloom filter R C (T) –Keeps track of current resource consumption per client –Only update for requests with valid work Averaging bloom filter M C (T) –Weighted smoothed average of resource bloom filter Generated difficulty D C (T) –Derived as g(M C (T))

36 Workload vs. Difficulty

Download ppt "The Case for Public Work Wu-chang Feng, Ed Kaiser Supported by:"

Similar presentations

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
Precept 6 Hashing & Partitioning 1 Peng Sun. Server Load Balancing Balance load across servers Normal techniques: Round-robin? 2.

Precept 6 Hashing & Partitioning 1 Peng Sun. Server Load Balancing Balance load across servers Normal techniques: Round-robin? 2.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.
Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.

Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Pseudo Trust: Zero-Knowledge Based Authentication in Anonymous Peer-to-Peer Protocols Li Lu, Lei Hu State Key Lab of Information Security, Graduate School.

Pseudo Trust: Zero-Knowledge Based Authentication in Anonymous Peer-to-Peer Protocols Li Lu, Lei Hu State Key Lab of Information Security, Graduate School.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.

Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.
Efficient and Secure Source Authentication with Packet Passports Xin Liu (UC Irvine) Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas.

Efficient and Secure Source Authentication with Packet Passports Xin Liu (UC Irvine) Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas.
Towards Application Security On Untrusted OS

Towards Application Security On Untrusted OS
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

Similar presentations

Ads by Google