1 / 29

A DoS -Resilient Information System for Dynamic Data Management

A DoS -Resilient Information System for Dynamic Data Management. Stefan Schmid & Christian Scheideler Dept. of Computer Science University of Paderborn. Matthias Baumgart Dept. of Computer Science Technische Universität München. Motivation. In 2007, a major DoS attack was launched

lilia
Download Presentation

A DoS -Resilient Information System for Dynamic Data Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A DoS-Resilient Information System for Dynamic Data Management Stefan Schmid & Christian Scheideler Dept. of Computer Science University of Paderborn Matthias Baumgart Dept. of Computer Science TechnischeUniversitätMünchen

  2. Motivation In 2007, a majorDoSattack was launched againsttherootserversofthe DNS system d d Internet d d d d

  3. DoS-resistant Information System Problem: DNS-approach of full replication not feasible in large information systems off-the-shelfservers Internet

  4. DoS-resistant Information System Scalable information system: storage over-head limited to logarithmic factor d Internet d d

  5. DoS-resistant Information System storageoverheadlimited tolog factor: scalableput und getoperationspossible d Internet d d

  6. DoS-resistant Information System storageoverheadlimited tolog factor: but howtobe robust againstDoSattacks? d Internet d d

  7. Fundamental Dilemma • Scalability: minimize replication of information • Robustness: maximize resources needed by attacker d Internet d d

  8. Fundamental Dilemma • Limitation to „legal“ attacks / information hiding • Information hiding difficult under insider attacks d Internet d d

  9. You are fired! DoS-resistant Information System Past-Insider-Attack:Attackerknowsevery-thingaboutsystemtill (unknown) time t0 Goal:scalableinformationsystem so thateverythingthat was insertedaftert0issafe (w.h.p.) againstanypast-insiderDoSattackthatcanshut down any-fractionoftheservers, forsome>0, andcreateany legal setofputandgetrequests

  10. Formal Model Wearegiven a staticsetofnreliableservers. -boundedattacker: • knowsentiresystemtill time t0 (unknowntosystem) • can block any-fractionofservers • cangenerateanysetofput/getrequests, one per server Goals: • Scalability: everyserverspendsatmostpolylog time andwork on putandgetrequests • Robustness: everygetrequestto a data item insertedorupdated after t0isservedcorrectly • Correctness: everygetrequestto a data item isservedcorrectlyifthesystemis not underDoS-attack

  11. DoS-resilient Information System Dilemma: • just polylogcopiesallowed per data item tobescalable ??? ??? deterministicplacement randomizedplacement

  12. DoS-resilient Information System Basic strategy: • choosesuitablehashfunctionsh1,..,hc:DV(D: namespaceofdata, V: setofservers) • Store copyof item dforeveryiandjrandomlyin a setofserversofsize2jthatcontainshi(d) hi(d) difficultto find difficultto block easy to find easy to block

  13. DoS-resilient Information System „Tie“ sufficientforgetrequests [DISC 07]: • Most getrequestscanaccessclose-bycopies, only a fewgetrequestshaveto find distantcopies • Work foreachserveraltogether just polylog(n)foranysetofngetrequests, one per server hi(d)

  14. DoS-resilient Information System „Tie“ sufficientforgetrequests [DISC 07]: BUTforgetrequeststowork, all areas must haveup-to-datecopies, so putrequestsmayfailunderDoSattack hi(d)

  15. DoS-resilient Information System Chameleonsystem: • Permanent distributedhashtable (p-store)h1,..,hcfixed, must satisfyexpansionproperties(that hold w.h.p. forrandomhashfunctions) • Temporarydistributedhashtable (t-store)hashfunctionh continuouslychanges t-store p-store

  16. DoS-resilient Information System Phase ofChameleonsystem: • Adversaryblocksserversandinitiatesput & getrequests • buildnewt-store, transferdatafromoldtonew t-store • process all putrequests in t-store • process all getrequests in t-storeand p-store • trytotransferdataitemsfrom t-storetop-store t-store p-store Internet

  17. Stage 2: Buildnew t-store t-store:distributedhashtable (DHT)(de Bruijnnetwork + consistenthashing) New t-store: • Joinprotocol: Every nodechoosesnewrandomlocation in de Bruijnnetwork, searchesforneighbors in p-store • Insert protocol: Data items in oldt-storearestored in newt-store (just O(n) itemsw.h.p.) O(log n) time andcongestionw.h.p. p-store

  18. Stage 3: Processputs in t-store • t-putprotocol: de-Bruijnroutingwithcombiningtostoredata in new t-store O(log n) time andO(log2 n) congestion

  19. Stage 4: ProcessgetRequests • t-getprotocol: de Bruijnroutingwithcombiningtolookupdata in t-store(O(log n) time andO(log2 n) congestion) • p-getprotocol(relatedto [DISC 07]): • Preprocessingstage: determineblockedareas in p-store via sampling(O(1) time andO(log2n)congestion) • Contractionstage:trytogetascloseaspossibletohash-basedpositions(O(log n) time andO(log3n) congestion) • Expansion stage:lookforcopiesatsuccessively wider areas(O(log2n) time andO(log3 n) congestion)

  20. hi(x) log n 2 1 0 0 1 Contraction Stage

  21. Expansion Stage hi(x) log n inactive 2 1 0 0 1

  22. Stage 5: datafrom t-storeto p-store • p-putprotocol: • Preprocessingstage: determineblockedareasandaverageload in p-store via sampling(O(1) time andO(log2 n)congestion) • Contractionstage:trytogettosufficientlymanyhash-basedpositions in p-store(O(log n) time andO(log3 n) congestion) • Permanent storagestage: foreachsuccessfuldata item, storenewcopiesanddeleteasmanyoldonesaspossible(O(log n)time andO(log2n) congestion)

  23. DoS-resistantInformation System Theorem:Underany-boundedpast-insiderattack (forsomeconstant>0), theChameleonsystemcanserveanysetofrequests (one per server) in O(log2 n)time s.t. everygetrequestto a data item insertedorupdated aftert0isservedcorrectly, w.h.p. Nodegradationover time: • O(log2 n)copies per data item • fair distributionofdataamongservers

  24. Related Work Many scalable information systems: • Chord, CAN, Pastry, Tapestry,… But many of these designs not even robust against flash crowds

  25. Related Work Caching strategies against flash crowds: • CoopNet, Backlash, PROOFS,… • Naor&Wieder 03 But not robust against adaptive lookup attacks a b c d

  26. Related Work Systems robust against DoS-attacks: • SOS, WebSOS, Mayday, III,… • Basic strategy: indirection infrastructure to hide original location of data Does not work against past insiders

  27. Related Work Awerbuch & Sch. (DISC 07):DoS-resistent informationsystemthatcanonly handle getrequestsunderDoSattack

  28. Conclusion Applications:DoS-resistantplatformfor e-commerceorcriticalinformationservices Open problems: • More light-weightsolution • DoS-resistantsystemwithboundeddegree

  29. Any Questions?

More Related