16
SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

Embed Size (px)

Citation preview

Page 1: SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

SOS: Secure Overlay Services

A. Keromytis, V. Misra, and D. Rubenstein

Presented by Tsirbas Rafail

Page 2: SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

The main components

• Target

• Legitimate user

• Attacker

Page 3: SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

The basic idea

• DoS attacks succeed because the target is easy to find

• SOS Idea: Create an overlay and send the traffic through it

Page 4: SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

The Goal

• Allow already approved users to communicate with a target

• Prevent attackers packets from reaching the target

• The solution must be easy to distribute

Page 5: SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

1st Step - Filter• Routers near target filter packets

according to their IP address– Legitimate users’ IP addresses

allowed through– Illegitimate users’ IP addresses

aren’t

Problems:I)“good” and “bad” user

share the same IP addressII)”bad” user knows “good”

user’s IPIII)”good” user changes IP

frequently

Target

Filter

Page 6: SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

2nd Step - Proxy• Install Proxies outside the filter

whose IP addresses are permitted through the filter– Proxy only lets verified packets

from legitimate sources through the filter

Problem:I)Attacker pretends to be

the proxyII)Attacker attacks the

proxy

Proxy Target

Page 7: SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

3rd Step – Secret Servlet• Keep the identity of the proxy

secret– Name it Secret Servlet– Secret Servlet is known only by the

target, and a few other points in the network

Page 8: SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

4th Step – Overlays

• Send traffic to the secret servlet via a network overlay– Nodes: Devices– Paths: IP paths

Verification can be performed inside each node

Node

Node

Network overlay

Page 9: SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

5th Step – SOAP

• Secure Overlay Access Points– Receive unverified packets and

verify(IPsec,TLS)– Large number of SOAPS– Distributed firewall

Node

Node

soap

soap

soap

Page 10: SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

Routing inside SOS

• Random route until secure servlet is reached(Inefficient)

• Instead use Chord service(hash function)

• Reaches a unique node called beacon

• Secret servlet, target inform beacon

Node

Node

soap

soap

soap

Node

beacon

Page 11: SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

Overview of SOS

User

Node

Node

soap

soap

soap

Node

beaconNode

Node

SecureServlet

Target

SecureServlet

SecureServlet

SecureServlet

beacon

beacon

Page 12: SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

Attacking SOS

• You can not directly attack target• Attack secret servlet• Attack beacons• Attack other overlay nodes

Page 13: SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

Attacking Analysis

Static Attack• N # of nodes in the overlay• SOAP = 10• Beacon = 10• Secure Servlet = 10

In order to have a successful DoS attack almost all overlay nodes must be compromised!

Page 14: SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

Attacking Analysis

Static Attack• Overlay Nodes • Compromised Nodes • Change the number of

beacons/servlets

In order to have a successful DoS attack number of beacons must be quite small!

Page 15: SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

Attacking Analysis

• Dynamic Attacks– SOS detects & removes attacked nodes– Attacker shifts from a removed node to an active one

• Overlay Nodes

• Change the value of r

Page 16: SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail

Conclusions

• SOS protects a target from DoS attacks• How?– Filter around the target– Hidden proxies– Network overlay for legitimate users to reach

hidden proxies