Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mitigating DoS Attack Through Selective Bin Verification Micah Sherr a, Michael Greenwald b, Carl A. Gunter c, Sanjeev Khanna a, and Santosh S. Venkatesh.

Published byLillian Robertson Modified over 8 years ago

Similar presentations

Presentation on theme: "Mitigating DoS Attack Through Selective Bin Verification Micah Sherr a, Michael Greenwald b, Carl A. Gunter c, Sanjeev Khanna a, and Santosh S. Venkatesh."— Presentation transcript:

1 Mitigating DoS Attack Through Selective Bin Verification Micah Sherr a, Michael Greenwald b, Carl A. Gunter c, Sanjeev Khanna a, and Santosh S. Venkatesh a NPSec 2005 November 6 th, 2005 a University of Pennsylvania b Bell Labs c University of Illinois at Urbana-Champaign

2 Distributed Denial of Service (DDoS) Request Response

3 Existing Countermeasures ● Increase capacity – Augment networks with additional equipment – Costly $$$ ● Filter out DoS traffic – Focus of academic literature – Discriminate between normal and malicious traffic – Assumes such disambiguation is possible – Rely on traffic profiles or assistance from routers

4 Selective Bin Verification ● First proposed in “DoS Protection for Reliably Authenticated Broadcast” [Gunter et al (NDSS '04)] ● Contributions of this work: – Bin verification applied to client-server model – Introduction of multiple simultaneous senders ● Mitigates DoS attack even when – Attack packets permeate network – No network disambiguation possible ● Does not hinder (even improves!) reliability ● Assumes sparse resource is computation, not network bandwidth

5 Sequential Selective Verification ● Broadcaster transmits authenticated broadcast stream – expensive for receiver to validate (signature check) ● Observation: disparity between bandwidth used by legitimate sender (broadcaster) and attacker (assume multicast communication) 123456n... 132

6 Sequential Selective Verification Algorithm ● Assume DoS attack at maximum strength ● Assume sender uses small portion of available bandwidth ● Legitimate sender transmits c copies of each message ● Receivers selectively verify packet with probability p ● Probability that a legitimate packet will be discarded is (1-p) c ● Linear reduction in required number of inspections

7 Can we apply the same principal for client-server architectures? Selective Bin Verification Yes! Selective Bin Verification ● Server has n “bins” ● Each well-formed message has identifier b – Honest client starts at some int r, increments identifier with each message copy ● Server places incoming message into bin (b mod n) ● After collection interval, receiver processes smallest k bins, discards the rest

8 Server (Bob) Sender/Client (Alice) Zombies Cop y 1 Cop y 2 Cop y 3 Cop y 4 Cop y 5 Cop y 1 Cop y 2 Cop y 3 Cop y 4 Cop y 5 Cop y 1 Cop y 2 Cop y 3 Cop y 4 Cop y 5 Cop y 4 Cop y 5 Cop y 1 Cop y 2 Cop y 3 Cop y 4 Cop y 5 Cop y 1 Cop y 2 Cop y 3 Cop y 4 Cop y 5 Cop y 1 Cop y 2 Cop y 3 Cop y 4 Cop y 5 Cop y 6

9 Experimental Setup ● Goal: Determine how well binning technique protects expensive, real-world protocol. ● Multiple clients (threads) connected to single server ● X.509 Two-Pass: securely transmit key k to receiver (1) A → B : cert, D, S A (D) where (2) B → A : OK D = {r,B,P B (k)} ● Emulated loss rate (L) Clients Server Attacker

10 DoS Resilience ● How well does selective bin verification perform compared to straightforward implementation? ● 50 senders/clients ● 1 server ● 20 bins ● 3 selected bins ● Attack diminished approximately by factor of # bins inspected / # of bins

11 Reliability of Binning Technique ● Message may not be processed (failure) due to loss rate – w/o binning, fixed at 1-L ● Does binning impair reliability? – Can derive expected failure rate – Can adjust number of copies to compensate ● Experimental results confirms our analysis ● 100 senders ● 20 bins ● 20% loss rate

12 Subset Attack ● What if attacker doesn't stripe his attack? – Remember: sender (good or evil) controls message placement ● Theorem: The contribution of inspections due to DoS is maximized when the attack is evenly distributed across all n bins. Pf: see paper. ● Optimal strategy is therefore to use equal distribution policy.

13 Conclusions ● Under certain protocol and topology assumptions, selective bin verification is effective even when flood reaches receiver ● Tunable parameters make it a promising technique for large attacks ● Future enhancements: – Activating binning during attack, deactivated in steady state (reduces overhead) – Formal analysis of which protocols may benefit best – Combining with network-based defenses – Formulate and prove optimality theorem

14 Questions?

15 Extra Slides (not part of presentation)

16 Theorem: The contribution of inspections due to DoS is maximized when the attack is evenly distributed across all n bins. Proof: Let L(σ)=total number of adversary packets in S smallest bins, where σ is attacker's distribution function (σ(i) = # of packets sent to bin i). Let σ' be the equal distribution (for simplicity, for all i,j, σ'(i)=σ'(j)). Since the k-smallest bins can never contain more messages than k times the average bin load, then for all σ, L(σ) ≤ L(σ').

17 Sequential vs. Bin Verification ● Bin verification: – Suppose we have n bins and m senders and each sender sends n copies – In absence of network loss, satisfy all m senders by choosing single bin. Server's load is therefore 1 packet/sender ● Sequential verification: – To get load of 1 packet/sender, server needs to discard with probability (1-1/n) – Probability that none of a sender's packets are received is roughly 1/e (m/e senders will have no packets received) ● With binning, 100% success rate, w/o binning only 63.21%

18 In n rounds of the protocol: Without selective verification:With selective verification: inspections = n(1+A)E[inspections] = n(p(c + A)) failures = 0E[failures] = n*((1-p) c ) E.g., n=1000, A = 1000; set c = 25, p=0.12 Without selective verification:With selective verification: inspections = 1,001,000E[inspections] = 123,000 failures = 0E[failures] = 40.9 A = attack messages/round, p = insp. probability, c = sender copies

Download ppt "Mitigating DoS Attack Through Selective Bin Verification Micah Sherr a, Michael Greenwald b, Carl A. Gunter c, Sanjeev Khanna a, and Santosh S. Venkatesh."

Similar presentations

Quality-of-Service Routing in IP Networks Donna Ghosh, Venkatesh Sarangan, and Raj Acharya IEEE TRANSACTIONS ON MULTIMEDIA JUNE 2001.

Quality-of-Service Routing in IP Networks Donna Ghosh, Venkatesh Sarangan, and Raj Acharya IEEE TRANSACTIONS ON MULTIMEDIA JUNE 2001.
2009-03-16 1 Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.

Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.
Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.
Multicast in Wireless Mesh Network Xuan (William) Zhang Xun Shi.

Multicast in Wireless Mesh Network Xuan (William) Zhang Xun Shi.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
1 Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories Gul Agha Michael Greenwald Carl Gunter Sanjeev Khanna Jose Meseguer Koushik.

1 Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories Gul Agha Michael Greenwald Carl Gunter Sanjeev Khanna Jose Meseguer Koushik.
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.

Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
A Probabilistic Misbehavior Detection Scheme towards Efficient Trust Establishment in Delay-tolerant Networks Haojin Zhu, Suguo Du, Zhaoyu Gao, Mianxiong.

A Probabilistic Misbehavior Detection Scheme towards Efficient Trust Establishment in Delay-tolerant Networks Haojin Zhu, Suguo Du, Zhaoyu Gao, Mianxiong.
PROMISE: Peer-to-Peer Media Streaming Using CollectCast Mohamed Hafeeda, Ahsan Habib et al. Presented By: Abhishek Gupta.

PROMISE: Peer-to-Peer Media Streaming Using CollectCast Mohamed Hafeeda, Ahsan Habib et al. Presented By: Abhishek Gupta.
Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Formal Models of Availability Carl A. Gunter University of Pennsylvania (Soon to be the University of Illinois)

Formal Models of Availability Carl A. Gunter University of Pennsylvania (Soon to be the University of Illinois)
Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.

Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.
Peer-to-Peer Based Multimedia Distribution Service Zhe Xiang, Qian Zhang, Wenwu Zhu, Zhensheng Zhang IEEE Transactions on Multimedia, Vol. 6, No. 2, April.

Peer-to-Peer Based Multimedia Distribution Service Zhe Xiang, Qian Zhang, Wenwu Zhu, Zhensheng Zhang IEEE Transactions on Multimedia, Vol. 6, No. 2, April.
Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.

Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.

A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World

Similar presentations

Ads by Google