Download presentation
Presentation is loading. Please wait.
Published byAlan Eaton Modified over 9 years ago
1
NC STATE UNIVERSITY / MCNC Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves S. Felix Wu Fengmin Gong DARPA IA&S Meeting July 20, 2000
2
NC STATE UNIVERSITY / MCNC 2 New Capabilities... Different classes of service for users –how much bandwidth –what quality level (delay, loss rates) Based on trust, need, importance, urgency,.... : Policies!
3
NC STATE UNIVERSITY / MCNC 3 Provided By... Service provider provisions the resources for the expected demand User makes request Network allocates bandwidth amount and quality level, sends response Network enforces amount / quality
4
NC STATE UNIVERSITY / MCNC 4 …Create New Vulnerabilities! Each step can be attacked
5
NC STATE UNIVERSITY / MCNC 5 Attack 1: Excessive User Demands Everyone asks for... –maximum resource amount –premium service Why not?
6
NC STATE UNIVERSITY / MCNC 6 Our Solution: Resource Pricing (An example: Telephone Network)
7
NC STATE UNIVERSITY / MCNC 7 Resource Prices Based on Demand Predicted-load (static) pricing –ex.: provisioning, time-of-day pricing Auction-based (semi-static) pricing –ex.: bandwidth exchanges, time-slot assignment Congestion-based (dynamic) pricing –ex.: congestion control Combined approaches
8
NC STATE UNIVERSITY / MCNC 8 Policy Specification / Enforcement What determines the price? How much can each user pay?
9
NC STATE UNIVERSITY / MCNC 9 Provable Fairness Fairness is the consequence of a policy Achievable... –Pareto optimal –Weighted max-min fair –Proportional fair –Equal QoS –Maximal aggregate utility –Maximum revenue
10
NC STATE UNIVERSITY / MCNC 10 Properties Simple, distributed computation Fast convergence Low overhead
11
NC STATE UNIVERSITY / MCNC 11 Comparison With Other Approaches First-come, first-served –“grab resources early and often” Fixed (absolute) priority –starvation problems Non-weighted fairness (TCP) –everyone is equal? Other resource pricing work –static / centralized, restricted fairness
12
NC STATE UNIVERSITY / MCNC 12 Future Work: Implementation Fall 2000 (management tools: Summer 2001)
13
NC STATE UNIVERSITY / MCNC 13 Fut. Wk.: 3rd Party Authorization Fall 2000
14
NC STATE UNIVERSITY / MCNC 14 Future Work: Service Class Provisioning Given predicted demand for each service class... –how much of each service class should network owner provision? –what price charge for each class? Goals: maximum profit, maximum utility,...? Spring 2001
15
NC STATE UNIVERSITY / MCNC 15 Future Work: Protecting the Pricing Mechanism Vulnerability to attack Protecting… –RSVP –COPS –SIP –Policy server and databases –Authorization server, user database, billing database Spring 2002
16
NC STATE UNIVERSITY / MCNC 16 Impact of This Work Disincentives for "bad" user behavior Ability to flexibly specify and enforce policies Efficient (optimal) allocation Economic incentives for deployment of new services
17
NC STATE UNIVERSITY / MCNC 17 Attack 2: Modify Resource Request / Response Signals RSVP is the control mechanism for QoS Routers can "legally" modify these signals How detect illegal modification?
18
NC STATE UNIVERSITY / MCNC 18 RSVP Attack Examples
19
NC STATE UNIVERSITY / MCNC 19 RSVP Attack Examples
20
NC STATE UNIVERSITY / MCNC 20 RSVP Attack Examples
21
NC STATE UNIVERSITY / MCNC 21 Our Solution: Selective Signing + Auditing 1. Sign at the end-points the message contents that cannot be changed 2. Each router audits fields that can be changed –remember values transmitted downstream –compare with values propagated upstream Has been implemented and tested
22
NC STATE UNIVERSITY / MCNC 22 Comparison With Other Approaches End-to-end signing of complete message contents –Won't work with changeable contents Hop-by-hop signing of message contents –Excessive overhead –Does not detect attacks by corrupted routers
23
NC STATE UNIVERSITY / MCNC 23 Future Work Other attacks –Message dropping –Message insertion –Resource "hoarding" –Summer 2001 Auditing –Integration with intrusion detection –Fall 2001
24
NC STATE UNIVERSITY / MCNC 24 Impact of This Work Practical, more effective detection of DoS attacks on control flow
25
NC STATE UNIVERSITY / MCNC 25 Attack 3: TCP Packet Dropping Congestion causes "normal" packet dropping Can malicious packet dropping (not due to normal congestion) be detected? –due to corrupted routers –due to "unfriendly" users
26
NC STATE UNIVERSITY / MCNC 26 Our Solution Build a profile of normal dropping behavior Compare with observed dropping behavior –statistical techniques –neural net techniques Experiments: 5 sites in 4 countries over several weeks
27
NC STATE UNIVERSITY / MCNC 27 Effectiveness Created several types of dropping attacks –random –periodic –re-transmissions only Measured losses and latency High detection rate (> 80%), low (1%- 5%) false positive rate
28
NC STATE UNIVERSITY / MCNC 28 Impact Attacks will become less obvious; degraded service, not disrupted service First work on monitoring this type of attack
29
NC STATE UNIVERSITY / MCNC 29 Attack 4: Compromised DiffServ Routers
30
NC STATE UNIVERSITY / MCNC 30 Attack Types Dropping one data flow to benefit others Injecting(spoofing, flooding,...) packets to a high priority flow Remarking packets in a data flow Delaying packets in a data flow Compromised ingress, core, or egress routers
31
NC STATE UNIVERSITY / MCNC 31 Approach Monitor router behavior externally Monitoring agents externally controlled by intrusion detection system (IDS) –selectively enabled when needed IDS performs analysis of measurements
32
NC STATE UNIVERSITY / MCNC 32 Monitoring Granularity is Per-Hop-Behavior (PHB, macroflow) Metrics: ingress rate, egress rate, drop rate, delay Passive (packet counting) Active (packet probing)
33
NC STATE UNIVERSITY / MCNC 33 Status Attack analysis Architecture Testbed, measurements Future work –Implement passive monitoring, Fall 2000 –Implement active monitoring, Spring 2001 –Implement analysis, Summer 2001 –Integrate with existing intrusion-detection engine, Year 3
34
NC STATE UNIVERSITY / MCNC 34 Impact First work on detecting and preventing attacks on DiffServ
35
NC STATE UNIVERSITY / MCNC 35 Technology Transfer Code release (pricing simulator, TCP dropping attack analyzer) Patent application on pricing with NEC Collaboration with Nortel on resource authorization Discussions with Enron, NEC, IETF DiffServ WG
36
NC STATE UNIVERSITY / MCNC 36 General Hicks’ “Hot List” of Needs Prevent Denial of Service attacks Automate network bandwidth allocation –reallocate to other, changing priorities
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.