SOS: Secure Overlay Services

A. Keromytis, V. Misra, and D. Rubenstein

Presented by Tsirbas Rafail

The main components

• Target

• Legitimate user

• Attacker

The basic idea

• DoS attacks succeed because the target is easy to find

• SOS Idea: Create an overlay and send the traffic through it

The Goal

• Allow already approved users to communicate with a target

• Prevent attackers packets from reaching the target

• The solution must be easy to distribute

1st Step - Filter• Routers near target filter packets

according to their IP address– Legitimate users’ IP addresses

allowed through– Illegitimate users’ IP addresses

aren’t

Problems:I)“good” and “bad” user

share the same IP addressII)”bad” user knows “good”

user’s IPIII)”good” user changes IP

frequently

Target

Filter

2nd Step - Proxy• Install Proxies outside the filter

whose IP addresses are permitted through the filter– Proxy only lets verified packets

from legitimate sources through the filter

Problem:I)Attacker pretends to be

the proxyII)Attacker attacks the

proxy

Proxy Target

3rd Step – Secret Servlet• Keep the identity of the proxy

secret– Name it Secret Servlet– Secret Servlet is known only by the

target, and a few other points in the network

4th Step – Overlays

• Send traffic to the secret servlet via a network overlay– Nodes: Devices– Paths: IP paths

Verification can be performed inside each node

Node

Node

Network overlay

5th Step – SOAP

• Secure Overlay Access Points– Receive unverified packets and

verify(IPsec,TLS)– Large number of SOAPS– Distributed firewall

Node

Node

soap

soap

soap

Routing inside SOS

• Random route until secure servlet is reached(Inefficient)

• Instead use Chord service(hash function)

• Reaches a unique node called beacon

• Secret servlet, target inform beacon

Node

Node

soap

soap

soap

Node

beacon

Overview of SOS

User

Node

Node

soap

soap

soap

Node

beaconNode

Node

SecureServlet

Target

SecureServlet

SecureServlet

SecureServlet

beacon

beacon

Attacking SOS

• You can not directly attack target• Attack secret servlet• Attack beacons• Attack other overlay nodes

Attacking Analysis

Static Attack• N # of nodes in the overlay• SOAP = 10• Beacon = 10• Secure Servlet = 10

In order to have a successful DoS attack almost all overlay nodes must be compromised!

Attacking Analysis

Static Attack• Overlay Nodes • Compromised Nodes • Change the number of

beacons/servlets

In order to have a successful DoS attack number of beacons must be quite small!

Attacking Analysis

• Dynamic Attacks– SOS detects & removes attacked nodes– Attacker shifts from a removed node to an active one

• Overlay Nodes

• Change the value of r

Conclusions

• SOS protects a target from DoS attacks• How?– Filter around the target– Hidden proxies– Network overlay for legitimate users to reach

hidden proxies