Presentation is loading. Please wait.

Presentation is loading. Please wait.

NC STATE UNIVERSITY / MCNC Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves  S. Felix Wu  Fengmin Gong Talk:

Similar presentations


Presentation on theme: "NC STATE UNIVERSITY / MCNC Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves  S. Felix Wu  Fengmin Gong Talk:"— Presentation transcript:

1 NC STATE UNIVERSITY / MCNC Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves  S. Felix Wu  Fengmin Gong Talk: “00-17 reeves” CACC Research Review Meeting October 25, 2000

2 NC STATE UNIVERSITY / MCNC 2 New Capabilities... Discriminating between users; a good thing! –Bandwidth, quality, response time, … Based on trust, need, importance, credit, urgency,.... : Policies!

3 NC STATE UNIVERSITY / MCNC 3...New Vulnerabilities Steps –provisioning –user signaling –Admission control –network signaling –Traffic policing Each step is vulnerable!

4 NC STATE UNIVERSITY / MCNC 4 Attack 1: Excessive User Demands Everyone asks for... –...maximum resource amount –...premium service

5 NC STATE UNIVERSITY / MCNC 5 Our Solution: Resource Pricing (An example: Telephone Network)

6 NC STATE UNIVERSITY / MCNC 6 Resource Prices Based on Demand Predicted-load (static) pricing Auction-based (semi-static) pricing Congestion-based (dynamic) pricing Combined approaches

7 NC STATE UNIVERSITY / MCNC 7 Policy Specification / Enforcement What determines the price? How much can each user pay?

8 NC STATE UNIVERSITY / MCNC 8 Provable Fairness Fairness is a policy Achievable... –Pareto optimal –Weighted max-min fair –Proportional fair –Equal QoS –Maximal aggregate utility –Maximum revenue

9 NC STATE UNIVERSITY / MCNC 9 Comparison With Other Approaches First-come, first-served –“grab resources early and often” Fixed (absolute) priority –starvation problems Non-weighted fairness (TCP) –everyone is equal? Other resource pricing work –static / centralized, restricted fairness

10 NC STATE UNIVERSITY / MCNC 10 Future Work: Implementation Fall 2000 (management tools: Summer 2001)

11 NC STATE UNIVERSITY / MCNC 11 Fut. Wk.: 3rd Party Authorization Spring 2001

12 NC STATE UNIVERSITY / MCNC 12 Future Work: Service Class Provisioning Given predicted demand for each service class... –how much of each service class should network owner provision? –what price charge for each class? Goals: maximum profit, maximum utility,...?

13 NC STATE UNIVERSITY / MCNC 13 Future Work: Protecting the Pricing Mechanism Vulnerability to attack Protecting… –RSVP –COPS –SIP –Policy server and databases –Authorization server, user database, billing database Spring 2002

14 NC STATE UNIVERSITY / MCNC 14 Impact of This Work Disincentives for "bad" user behavior Ability to flexibly specify and enforce policies Efficient (optimal) allocation Economic incentives for deployment of new services

15 NC STATE UNIVERSITY / MCNC 15 Attack 3: TCP Packet Dropping Congestion causes "normal" packet dropping Can malicious packet dropping (not due to normal congestion) be detected? –due to corrupted routers –due to "unfriendly" users

16 NC STATE UNIVERSITY / MCNC 16 Attack 4: Compromised DiffServ Routers

17 NC STATE UNIVERSITY / MCNC 17 Attack Types Dropping one data flow to benefit others Injecting(spoofing, flooding,...) packets to a high priority flow Remarking packets in a data flow Delaying packets in a data flow Compromised ingress, core, or egress routers


Download ppt "NC STATE UNIVERSITY / MCNC Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves  S. Felix Wu  Fengmin Gong Talk:"

Similar presentations


Ads by Google