Adaptive DoS Defense Omid Fatemieh, Fariba Khan, Michael B. Greenwald, Carl A. Gunter, Sanjeev Khanna, Jose Messeguer, and Santosh Venkantesh Denial of Service Protection Sponsored by ONR, NSF and MacArthur Foundat University of Illinois at Urbana-Champaign www.iti.uiuc.ed u Information Trust Institute seclab.uiuc.ed u • Defense mechanism questions: • When should they be triggered? • What is the desired level of strictness? • How should the parameters be set to achieve the desired level of strictness? • What are the trade-offs? • Two possibilities for mechanisms: • Protection is intrinsic or has no cost (e.g. IPSec, Syn Cookies) • Protection has costs (e.g. Client Puzzles, Filtering Schemes) •Need to control trade-offs •Need adaptation strategy Classification from Adaptation Perspective 1. Network –based Filtering 2. Target-based Filtering 3. Capabilities 4. Proof-of-work Selective Verification Trade-offs • Server capacity: s REQ/sec • Clients’ rate: r s/2 ≤ c ; c 1 ≥ • Attackers’ rate up to s2 a ; (c 3 lg a ≥ ) • Client: Set j=0 • Send 2 j REQ messages to server • If no ACK in T time units, j=j+1 • If j a+c ≤ go to step 2, else exit • Server: Every T seconds choose uniformly at random sT pkts from receiving buffer; Discard remaining pkts • Omniscient case: Clients and server have global knowledge about attack • Summary of analysis results: Client’s chance of success is equal to, and bandwidth consumption is O(a/c) times, the omniscient case Adaptive Selective Verification Research Directions • Mitigate DoS attacks that target computationally expensive protocols • Intelligently trade bandwidth resources for CPU resources • Idea: process only a random subset of requests. Ask clients to send n duplicates for each request. • Adapting n • Cost(n) = C CPU * processed requests + C BW * incoming requests • Goal: At regular intervals, determine n such that Cost(n) is minimized: • Bandwidth limitations • Elevator rise but soft landing 1. Better understand the inherent trade-offs in DoS defense solutions 2. Use the adaptation-aware DoS classification and trade-off analyses to propose for each category: 2.1. Procedures that, with minimal change, can be applied to existing approaches to make them adaptive 2.2. Design guidelines that would help the introduction of next generation protocols with adaptation in mind Filter RTT C apability C apability R ate Lim it R ate Lim it R ate Lim it Categor y Examples 1 Pushback (Sigcomm ’02), Max-Min Server Centric Throttles (IEEE/ACM Trans. Netw. ’05) 2 SC (Sigcomm ’00), NAC (WWW ’02), Pi (Oakland ’03), HCF (CCS ’03) 3 SIFF (Oakland ’04), TVA (Sigcomm ’05) 4 Selective Verification (NDSS ’04), RTTs (EUROCRYPT ‘03), Crypto Puzzles (Oakland ‘03) S Legitimate Client Attacker C A S A gets reduced channel A S makes channels lossy L adds redundancy Selective Verification C

Adaptive DoS Defense

Download PPT Report

Upload
abia
View
47
Download
1

Tags:

Embed Size (px)

DESCRIPTION

Selective Verification. A. S. Adaptive DoS Defense. Attacker. seclab.uiuc.edu. Omid Fatemieh, Fariba Khan, Michael B. Greenwald, Carl A. Gunter, Sanjeev Khanna, Jose Messeguer, and Santosh Venkantesh. C. Legitimate Client. A. S. A gets reduced channel. S makes channels lossy. - PowerPoint PPT Presentation

Citation preview

Adaptive DoS DefenseOmid Fatemieh, Fariba Khan, Michael B.

Greenwald, Carl A. Gunter, Sanjeev Khanna, Jose Messeguer, and Santosh Venkantesh

Denial of Service Protection

Sponsored by ONR, NSF and MacArthur Foundation

University of Illinois at Urbana-Champaign

www.iti.uiuc.edu

Information Trust Institute

seclab.uiuc.edu

• Defense mechanism questions:• When should they be triggered?• What is the desired level of strictness?• How should the parameters be set to achieve the desired level of strictness?• What are the trade-offs?

• Two possibilities for mechanisms:• Protection is intrinsic or has no cost (e.g. IPSec, Syn Cookies)• Protection has costs (e.g. Client Puzzles, Filtering Schemes)

• Need to control trade-offs• Need adaptation strategy

Classification from Adaptation Perspective1. Network –based Filtering

2. Target-based Filtering3. Capabilities4. Proof-of-work

Selective Verification Trade-offs • Server capacity: s REQ/sec

• Clients’ rate: r ≤ s/2c ; c ≥ 1• Attackers’ rate up to s2a ; (c ≥ 3 lg a)• Client: Set j=0

• Send 2j REQ messages to server• If no ACK in T time units, j=j+1• If j ≤ a+c go to step 2, else exit

• Server: Every T seconds choose uniformly at random sT pkts from receiving buffer; Discard remaining pkts• Omniscient case: Clients and server have global knowledge about attack• Summary of analysis results: Client’s chance of success is equal to, and bandwidth consumption is O(a/c) times, the omniscient case

Adaptive Selective Verification

Research Directions

• Mitigate DoS attacks that target computationally expensive protocols• Intelligently trade bandwidth resources for CPU resources• Idea: process only a random subset of requests. Ask clients to send n duplicates for each request.• Adapting n

• Cost(n) = CCPU * processed requests +

CBW * incoming requests• Goal: At regular intervals, determine n such that Cost(n) is minimized:

• Bandwidth limitations• Elevator rise but soft landing

1. Better understand the inherent trade-offs in DoS defense solutions2. Use the adaptation-aware DoS classification and trade-off analyses to propose for each category:

2.1. Procedures that, with minimal change, can be applied to existing approaches to make them adaptive2.2. Design guidelines that would help the introduction of next generation protocols with adaptation in mind

Filter

RTT

CapabilityCapability

Rate Limit

Category Examples

1 Pushback (Sigcomm ’02), Max-Min Server Centric Throttles (IEEE/ACM Trans. Netw. ’05)

2 SC (Sigcomm ’00), NAC (WWW ’02), Pi (Oakland ’03), HCF (CCS ’03)

3 SIFF (Oakland ’04), TVA (Sigcomm ’05)

4 Selective Verification (NDSS ’04), RTTs (EUROCRYPT ‘03), Crypto Puzzles (Oakland ‘03)

Legitimate Client

Attacker

A getsreducedchannel