An Overlay Architecture for End-to-End Internet Service Availability
|
|
- Silvester Heath
- 6 years ago
- Views:
Transcription
1 An Overlay Architecture for End-to-End Internet Service Availability Angelos Stavrou Network Security Lab Computer Science Department, Columbia University
2 Overview of the talk Problem Motivation Summary of Contributions Overlay-based Protection for Internet Services Two Novel Attacks against Overlays Stateless Protocol for Multi-path Communications Conclusion & Future Research
3 Motivation: Network Service Availability
4 Motivation: Network Service Availability
5 Problem Motivation: Service Availability We are increasingly rely on Internet Services Financial services, Thin-Clients, Voice over IP (VoIP) But Internet Services are not Dependable... Denial of Service Attacks can disrupt online service Attack capabilities are increasing (botnets) Proposed solutions require network support No economic incentive to deploy DoS solutions Internet Service Providers control network paths
6 Contributions Goal: Protect End-to-End Network Connectivity without network support WebSOS: A DoS Protection Architecture for Web Services using Graphic Turing Tests (GTTs) [CCS 03, Elsevier JCN 05] Support for Dynamic Content Resilient to large-scale attacks Graphic Turing Tests (GTTs) to discriminate traffic - no zombies Relax authentication requirements: allow anonymous users
7 Contributions II Goal: Protect End-to-End Network Connectivity without network support MOVE: An End-to-End System for Service Protection [NDSS 05] No need for Network Level Packet Filtering Lightweight Migration Mechanism boosts resiliency Introduce Two Novel Attacks against Overlays Use Stateless Multi-path Overlays to Defend [CCS 05, IATAC 06] Analyze the simple but devastating attacks Introduce a stateless communication protocol Natural path diversity boosts resiliency Packet Replication lowers latency
8 Motivation: Network Service Availability
9 WebSOS: Protection for Web Services
10 WebSOS: Protection for Web Services
11 WebSOS: Protection for Web Services
12 WebSOS: Protection for Web Services
13 WebSOS: Protection for Web Services Can we remove Packet Filtering?
14 Move: An End-to-End Solution for DDoS
15 Move: An End-to-End Solution for DDoS Attack
16 Move: An End-to-End Solution for DDoS
17 Move: An End-to-End Solution for DDoS
18 Migration Performance Round Trip time
19 Limitations of WebSOS & MOVE Time (in seconds) Latency Overhead for various SSL Services Direct Original Request Cached Requests 1 0 Yahoo! Verisign Columbia Columbia (2nd) Latency increase by a factor of 2 when using Indirection
20 Limitations of WebSOS & MOVE Time (in seconds) Latency Overhead for various SSL Services Direct Original Request Cached Requests 1 0 Yahoo! Verisign Columbia Columbia (2nd) Latency increase by a factor of 2 when using Indirection Also Vulnerable to simple attacks...
21 Old fashioned DoS Attack
22 New Attack: Stalker Attack
23 New Attack: Stalker Attack
24 New Attack: Stalker Attack
25 New Attack: Stalker Attack
26 New Attack: Sweeping Attack
27 New Attack: Sweeping Attack
28 New Attack: Sweeping Attack
29 What is the underlying problem? How clients connect to the overlay: Connection to a single Indirection node (entry point) Client s state is stored to this entry point End-to-End connection depends on a small but static set of overlay nodes
30 Fix attempt: use many entry points
31 Fix attempt: use many entry points But this solution increases the state stored!!!
32 Ticket-based mechanism to the rescue Move state to the ticket Ticket is issued by the Overlay using a shared key Ticket becomes a contract between the user and the overlay Use of a shared key guarantees honor of the agreement
33 Ticket Design Random spreading sequence protects against stalker attacks
34 Ticket Design Random spreading sequence protects against stalker attacks Packet sequence range guarantees traffic control
35 Ticket Design Random spreading sequence protects against stalker attacks Packet sequence range guarantees traffic control Ticket design and issue protocol prevent replay, spoofing and computational attacks
36 Key & Ticket Establishment protocol:
37 Client Connection Initiation
38 Spread Spectrum Architecture - Replication Multi-Path + Spreading + Ticket allows Packet Replication
39 Prototype in Planet-Lab
40 Performance Results: Latency End-to-End Latency with Client Packet Replication nodes 16 nodes 32 nodes 76 nodes Overlay / Direct No Repl. 1.5x 2x 3x Client Packet Replication
41 Resilience Results: Throughput Throughput vs Error Rate in regular TCP 10 9 RTT: 6ms RTT: 24ms RTT: 104ms Goodput (Mbps) Performance region of wired networks Performance region of MANETs Packet Error Rate(%) %*=0.7(-5*>=3/-!"#-?*0-)60,7@A6+;B8;/9-C716:D-#6.E7/-F063=07-6+;-G=1/8@#6/9-F+H80*+<7+/34 %98HE=<60 '61:6+606<6+ I5#JKD-'4'4-56<6E I&!L!-)6> K
42 Resilience Results: Throughput Throughput vs Node Failure 600 Direct No Repl. 1.5x 2x 3x 500 KB/Sec % 3% 4% 9% 17% 21% 27% 35% 43% 46% 55% % Node Failure
43 Resilience Results: Video Streaming Video Quality vs Node Failure 100% 80% Video Quality 60% 40% 20% 0% 0% 50% 100% 200% % Node Failures
44 Resilience Results: Latency (Web) End-to-End Latency vs Node Failure (Web) No Repl. 1.5x 2x 3x
45 Contributions Goal: Protect End-to-End Network Connectivity without network support WebSOS: A DoS Protection Architecture for Web Services using Graphic Turing Tests (GTTs) [CCS 03, Elsevier JCN 05] Support for Dynamic Content Resilient to large-scale attacks Graphic Turing Tests (GTTs) to discriminate traffic - no zombies Relax authentication requirements: allow anonymous users
46 Contributions II Goal: Protect End-to-End Network Connectivity without network support MOVE: An End-to-End System for Service Protection [NDSS 05] No need for Network Level Packet Filtering Lightweight Migration Mechanism boosts resiliency Introduce Two Novel Attacks against Overlays Use Stateless Multi-path Overlays to Defend [CCS 05, IATAC 06] Analyze the simple but devastating attacks Introduce a stateless communication protocol Natural path diversity boosts resiliency Packet Replication lowers latency
47 List of related papers A Lightweight, Robust P2P System to Handle Flash Crowds [ICNP 02, IEEE JSAC 04] Using Graphic Turing Tests to Counter Automated DDoS Attacks Against Web Servers [CCS 03] WebSOS: An Overlay-based System For Protecting Web Servers From Denial of Service Attacks [Elsevier JCN 05] MOVE: An End-to-End Solution To Network Denial of Service [NDSS 05] Countering DoS Attacks With Stateless Multipath Overlays [CCS 05, IATAC 06]
48 Conclusion We introduced an End-to-End mechanism to protect a wide range of time-critical services Ticket-Based Stateless Spreading of packets over the overlay enables Multi-Path Routing Multi-Path routing even with naive packet replication boosts Network Performance and Resilience Can be used in a wireless setting to increase capacity
49 Discussion Any Questions?
50 Backup Slides
51 Ticket Generation Benchmark
52 MOVE Session Diagram
53 What is the underlying problem (II)? How the Overlay sees the client: User can establish multiple connections to an overlay node An authenticated client can inject any amount of traffic to the overlay network Even if there is access control in the entry point the user can reset that by attacking the entry point
54 PROOFS Performance
55 PROOFS Performance
56 PROOFS Performance
57 Front-end Web Server, eg. Apache Back-end Business Logic e.g. PHP, Tomcat
58 Resilience Results: Video Streaming 100% Video Quality vs Node Failure 80% Video Quality 60% 5 clients - 0% 5 clients - 50% 40% 5 clients - 100% 5 clients - 200% 8 clients - 0% 20% 8 clients - 50% 8 clients - 100% 8 clients - 200% 0% % Node Failures
Security in Mobile Ad-hoc Networks. Wormhole Attacks
Security in Mobile Ad-hoc Networks Wormhole Attacks What are MANETs Mobile Ad-hoc Network (MANET) is a collection of wireless mobile hosts without fixed network infrastructure and centralized administration.
More informationAdvanced Network Design
Advanced Network Design Organization Whoami, Book, Wikipedia www.cs.uchicago.edu/~nugent/cspp54015 Grading Homework/project: 60% Midterm: 15% Final: 20% Class participation: 5% Interdisciplinary Course
More informationCS November 2018
Distributed Systems 21. Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2018 1 2 Motivation Serving web content from one location presents problems Scalability Reliability Performance
More informationDistributed Systems. 21. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 21. Content Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2018 1 2 Motivation Serving web content from one location presents problems Scalability Reliability Performance
More informationYour projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /30 * 100
You should worry if you are below this point Your projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /0 * 100 o Optimistic: (Your
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Yes: Creating a secure channel for communication (Part I) Protecting
More informationSPDY - A Web Protocol. Mike Belshe Velocity, Dec 2009
SPDY - A Web Protocol Mike Belshe Velocity, Dec 2009 What is SPDY? Concept SPDY is an application layer protocol for transporting content over the web with reduced latency. Basic Features 1. Multiplexed
More informationProtocol Layers, Security Sec: Application Layer: Sec 2.1 Prof Lina Battestilli Fall 2017
CSC 401 Data and Computer Communications Networks Protocol Layers, Security Sec:1.5-1.6 Application Layer: Sec 2.1 Prof Lina Battestilli Fall 2017 Outline Computer Networks and the Internet (Ch 1) 1.1
More informationThe Design Space of Network Mobility
The Design Space of Network Mobility Key ideas Network Mobility Seamless Mobility Overview of implementations and challenges Geomorphic model New abstraction for the network stack Helps us discuss, understand
More informationDenial of Service, Traceback and Anonymity
Purdue University Center for Education and Research in Information Assurance and Security Denial of Service, Traceback and Anonymity Clay Shields Assistant Professor of Computer Sciences CERIAS Network
More informationAN INTRODUCTION TO ARP SPOOFING
AN INTRODUCTION TO ARP SPOOFING April, 2001 Sean Whalen Sophie Engle Dominic Romeo GENERAL INFORMATION Introduction to ARP Spoofing (April 2001) Current Revision: 1.8 Available: http://chocobospore.org
More informationArchitectural Principles
Architectural Principles Brighten Godfrey cs598pbg August 31 2010 slides 2010 by Brighten Godfrey unless otherwise noted Today Clark: TCP / IP design philosophy Architectural principles Goals of the architecture
More informationSmart Attacks require Smart Defence Moving Target Defence
Smart Attacks require Smart Defence Moving Target Defence Prof. Dr. Gabi Dreo Rodosek Executive Director of the Research Institute CODE 1 Virtual, Connected, Smart World Real World Billions of connected
More informationCS November 2017
Distributed Systems 21. Delivery Networks () Paul Krzyzanowski Rutgers University Fall 2017 1 2 Motivation Serving web content from one location presents problems Scalability Reliability Performance Flash
More informationATL : An Adaptive Transport Layer Protocol Suite for Next Generation Wireless Internet
ATL : An Adaptive Transport Layer Protocol Suite for Next Generation Wireless Internet O. B. Akan and F. Akyildiz IEEE Trans. On Selected Areas in Communications, vol. 22, no. 5, 2004 First paper deals
More informationFrom network-level measurements to expected Quality of Experience. the Skype use case
From network-level measurements to expected Quality of Experience the Skype use case 2015 IEEE 2015 International IEEE International Workshop Workshop on Measurements on Measurements & Networking & Networking
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 18: Network Attacks Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Network attacks denial-of-service (DoS) attacks SYN
More informationSecurity Challenges Facing the Future Wireless World (aka.. Alice and Bob in the Wireless Wonderland) Wade Trappe
Security Challenges Facing the Future Wireless World (aka.. Alice and Bob in the Wireless Wonderland) Wade Trappe Talk Overview Security has been one of the great detractors for wireless technologies (and
More informationCSE 461 MIDTERM REVIEW
CSE 461 MIDTERM REVIEW NETWORK LAYERS & ENCAPSULATION Application Application Transport Transport Network Network Data Link/ Physical Data Link/ Physical APPLICATION LAYER Application Application Used
More informationExploring Alternative Routes Using Multipath TCP
Exploring Alternative Routes Using Multipath TCP 1/51 Exploring Alternative Routes Using Multipath TCP Stephen Brennan Case Western Reserve University June 5, 2017 Exploring Alternative Routes Using Multipath
More informationAnalyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks. Carlos García Cordero Sascha Hauke Max Mühlhäuser Mathias Fischer
Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks Carlos García Cordero Sascha Hauke Max Mühlhäuser Mathias Fischer The Beautiful World of IoT 06.03.2018 garcia@tk.tu-darmstadt.de
More informationChapter 3. Technology Adopted. 3.1 Introduction
Chapter 3 Technology Adopted 3.1 Introduction The previous chapter described difference between the propose system and traditional methods and also about the existing similar systems. In this chapter,
More informationLecture 12. Application Layer. Application Layer 1
Lecture 12 Application Layer Application Layer 1 Agenda The Application Layer (continue) Web and HTTP HTTP Cookies Web Caches Simple Introduction to Network Security Various actions by network attackers
More informationCorrelation Based Approach with a Sliding Window Model to Detect and Mitigate Ddos Attacks
Journal of Computer Science Original Research Paper Correlation Based Approach with a Sliding Window Model to Detect and Mitigate Ddos Attacks 1 Ayyamuthukumar, D. and 2 S. Karthik 1 Department of CSE,
More informationIslamic University of Gaza Faculty of Engineering Department of Computer Engineering ECOM 4021: Networks Discussion. Chapter 1.
Islamic University of Gaza Faculty of Engineering Department of Computer Engineering ECOM 4021: Networks Discussion Chapter 1 Foundation Eng. Haneen El-Masry February, 2014 A Computer Network A computer
More informationOverlay and P2P Networks. Introduction and unstructured networks. Prof. Sasu Tarkoma
Overlay and P2P Networks Introduction and unstructured networks Prof. Sasu Tarkoma 14.1.2013 Contents Overlay networks and intro to networking Unstructured networks Overlay Networks An overlay network
More informationIntrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks
Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks So we are proposing a network intrusion detection system (IDS) which uses a Keywords: DDoS (Distributed Denial
More informationVulnerability Management & Vulnerability Assessment. Nessus Attack Scripting Language (NASL). CVE databases, NVD database
Case Study 2018 Solution/Service Title Vulnerability Management & Vulnerability Assessment Client Industry Cybersecurity, Vulnerability Assessment and Management, Network Security Client Overview Client
More informationNetwork Security - ISA 656 Review
Network Security - ISA 656 Review Material Test Conditions 7:20pm - 9:30pm, Thursday, Dec 11th, in the Lab (STI-128) Same style of questions as the midterm I m not asking you to write programs Angelos
More informationDrafting Behind Akamai (Travelocity-Based Detouring)
(Travelocity-Based Detouring) Ao-Jan Su, David R. Choffnes, Aleksandar Kuzmanovic and Fabián E. Bustamante Department of EECS Northwestern University ACM SIGCOMM 2006 Drafting Detour 2 Motivation Growing
More informationSubject: Adhoc Networks
ISSUES IN AD HOC WIRELESS NETWORKS The major issues that affect the design, deployment, & performance of an ad hoc wireless network system are: Medium Access Scheme. Transport Layer Protocol. Routing.
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationReal-time protocol. Chapter 16: Real-Time Communication Security
Chapter 16: Real-Time Communication Security Mohammad Almalag Dept. of Computer Science Old Dominion University Spring 2013 1 Real-time protocol Parties negotiate interactively (Mutual) Authentication
More informationImproving the Robustness of TCP to Non-Congestion Events
Improving the Robustness of TCP to Non-Congestion Events Presented by : Sally Floyd floyd@acm.org For the Authors: Sumitha Bhandarkar A. L. Narasimha Reddy {sumitha,reddy}@ee.tamu.edu Problem Statement
More informationLocal Area Networks (LANs) SMU CSE 5344 /
Local Area Networks (LANs) SMU CSE 5344 / 7344 1 LAN/MAN Technology Factors Topology Transmission Medium Medium Access Control Techniques SMU CSE 5344 / 7344 2 Topologies Topology: the shape of a communication
More informationAn Introduction to Overlay Networks PlanetLab: A Virtual Overlay Network Testbed
An Introduction to Overlay Networks PlanetLab: A Virtual Overlay Network Testbed Suhas Mathur suhas@winlab.rutgers.edu Communication Networks II Spring 2005 Talk Outline Introduction: The future internet
More informationCONTENT-DISTRIBUTION NETWORKS
CONTENT-DISTRIBUTION NETWORKS George Porter June 1, 2018 ATTRIBUTION These slides are released under an Attribution-NonCommercial-ShareAlike 3.0 Unported (CC BY-NC-SA 3.0) Creative Commons license These
More informationArchitectural Principles
Architectural Principles Brighten Godfrey CS 538 January 29 2018 slides 2010-2017 by Brighten Godfrey unless otherwise noted Cerf and Kahn: TCP/IP Clark: TCP / IP design philosophy Goals of the architecture
More informationStudent ID: CS457: Computer Networking Date: 5/8/2007 Name:
CS457: Computer Networking Date: 5/8/2007 Name: Instructions: 1. Be sure that you have 10 questions 2. Write your Student ID (email) at the top of every page 3. Be sure to complete the honor statement
More informationETSF10 Internet Protocols Transport Layer Protocols
ETSF10 Internet Protocols Transport Layer Protocols 2012, Part 2, Lecture 2.1 Kaan Bür, Jens Andersson Transport Layer Protocols Process-to-process delivery [ed.4 ch.23.1] [ed.5 ch.24.1] Transmission Control
More informationMITIGATING DENIAL OF SERVICE ATTACKS IN OLSR PROTOCOL USING FICTITIOUS NODES
MITIGATING DENIAL OF SERVICE ATTACKS IN OLSR PROTOCOL USING FICTITIOUS NODES 1 Kalavathy.D, 2 A Gowthami, 1 PG Scholar, Dept Of CSE, Salem college of engineering and technology, 2 Asst Prof, Dept Of CSE,
More informationHost Identity Indirection Infrastructure Hi 3. Jari Arkko, Pekka Nikander and Börje Ohlman Ericsson Research
Host Identity Indirection Infrastructure Hi 3 Jari Arkko, Pekka Nikander and Börje Ohlman Ericsson Research Presentation outline Motivation Background Secure i 3 Hi 3 Summary 2 Hi 3 motivation Question:
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationCyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies
Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies lwihl@scalable-networks.com 2 The Need OT security particularly in the
More informationSecure Routing in Wireless Sensor Networks: Attacks and Countermeasures
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures By Chris Karlof and David Wagner Lukas Wirne Anton Widera 23.11.2017 Table of content 1. Background 2. Sensor Networks vs. Ad-hoc
More informationWhat is Eavedropping?
WLAN Security What is Eavedropping? War Driving War Driving refers to someone driving around with a laptop and an 802.11 client card looking for an 802.11 system to exploit. War Walking Someone walks
More information10 Reasons your WAN is Broken
Lack of Visibility Most WAN performance problems are driven by underperforming connections or applications. It isn t uncommon to be paying for a 20 Mbps WAN link that performs at 10 Mbps. The root cause
More informationIxLoad-Attack TM : Network Security Testing
IxLoad-Attack TM : Network Security Testing IxLoad-Attack tests network security appliances to validate that they effectively and accurately block attacks while delivering high end-user quality of experience
More informationChapter 7. Denial of Service Attacks
Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU),
More informationVirtual Dispersive Networking Spread Spectrum IP
Virtual Dispersive Networking Spread Spectrum IP DSI Proprietary 1 DSI Proprietary 2 Problem Lies Outside of Existing Security: On the Internet Internet Routers Virus Software Phishing Software etc POLICY
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 8 Announcements Reminder: Project 1 is due on tonight by midnight. Midterm 1 will be held next Thursday, Feb. 8th. Example midterms
More informationAchieving Lightweight Multicast in Asynchronous Networks-on-Chip Using Local Speculation
Achieving Lightweight Multicast in Asynchronous Networks-on-Chip Using Local Speculation Kshitij Bhardwaj Dept. of Computer Science Columbia University Steven M. Nowick 2016 ACM/IEEE Design Automation
More informationCSE 124: CONTENT-DISTRIBUTION NETWORKS. George Porter December 4, 2017
CSE 124: CONTENT-DISTRIBUTION NETWORKS George Porter December 4, 2017 ATTRIBUTION These slides are released under an Attribution-NonCommercial-ShareAlike 3.0 Unported (CC BY-NC-SA 3.0) Creative Commons
More informationISA 564 SECURITY LAB. Introduction & Class Mechanics. Angelos Stavrou, George Mason University
ISA 564 SECURITY LAB Introduction & Class Mechanics Angelos Stavrou, George Mason University Course Mechanics Course URL: http://cs.gmu.edu/~astavrou/isa564_f15.html Instructor Angelos Stavrou Email: astavrou@gmu.edu
More informationDistributed Denial of Service
Distributed Denial of Service Vimercate 17 Maggio 2005 anegroni@cisco.com DDoS 1 Agenda PREFACE EXAMPLE: TCP EXAMPLE: DDoS CISCO S DDoS SOLUTION COMPONENTS MODES OF PROTECTION DETAILS 2 Distributed Denial
More informationSAE J2931 test plan: PLC Testing Results. Tim Godfrey Arindam Maitra John Halliwell Daniel Foster John Harding Satish Rajagopalan
SAE J2931 test plan: PLC Testing Results Tim Godfrey Arindam Maitra John Halliwell Daniel Foster John Harding Satish Rajagopalan 12-14-2011 Introduction SAE J2931 test plan (S316) was developed to test
More informationIntroductions. Computer Networking Lecture 01. January 16, HKU SPACE Community College. HKU SPACE CC CN Lecture 01 1/36
Introductions Computer Networking Lecture 01 HKU SPACE Community College January 16, 2012 HKU SPACE CC CN Lecture 01 1/36 Outline What is a Computer Network? Basic Requirements of Building a Computer Network
More informationTamoSoft Throughput Test
TAKE CONTROL IT'S YOUR SECURITY TAMOSOFT df TamoSoft Throughput Test Help Documentation Version 1.0 Copyright 2011-2016 TamoSoft Contents Contents... 2 Introduction... 3 Overview... 3 System Requirements...
More informationCTS2134 Introduction to Networking. Module 08: Network Security
CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting
More informationCooperation in Open Distributed Systems. Stefan Schmid
Cooperation in Open Distributed Systems Stefan Schmid T-Labs, Berlin, July 2, 2009 Distributed Systems 2008/9 Wireless: Many mobile phones today have WLAN (and even Skype) P2P: Olympic games 2008 live-broadcast
More informationCSEE 4119 Computer Networks. Chapter 1 Introduction (4/4) Introduction 1-1
CSEE 4119 Computer Networks Chapter 1 Introduction (4/4) Introduction 1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge! end systems, access networks, links 1.3 Network core! circuit switching,
More informationThe Scalability of Swarming Peer-to-Peer Content Delivery
The Scalability of Swarming Peer-to-Peer Content Delivery Daniel Zappala Brigham Young University zappala@cs.byu.edu with Daniel Stutzbach Reza Rejaie University of Oregon Page 1 Motivation Small web sites
More informationDistributed Denial of Service
Distributed Denial of Service John Ioannidis ji@research.att.com AT&T Labs Research Joint work with Steve Bellovin, Matt Blaze (AT&T), Sally Floyd, Vern Paxson, Scott Shenker (ICIR), Ratul Mahajan (University
More informationCS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:
50fb6be35f4c3105 9d4ed08fb86d8887 b746c452a9c9443b 15b22f450c76218e CS 470 Spring 2017 9df7031cdbff9d10 b700a92855f16328 5b757e66d2131841 62fedd7d9131e42e Mike Lam, Professor Security a.k.a. Why on earth
More informationGuide To TCP/IP, Second Edition UDP Header Source Port Number (16 bits) IP HEADER Protocol Field = 17 Destination Port Number (16 bit) 15 16
Guide To TCP/IP, Second Edition Chapter 5 Transport Layer TCP/IP Protocols Objectives Understand the key features and functions of the User Datagram Protocol (UDP) Explain the mechanisms that drive segmentation,
More informationCS 494/594 Computer and Network Security
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Real-Time Communication Security Network layers
More informationNetwork Security (and related topics)
Network Security (and related topics) EE122 Fall 2012 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other colleagues at Princeton
More informationWQM: Practical, Adaptive, and Lightweight Wireless Queue Management System
WQM: Practical, Adaptive, and Lightweight Wireless Queue Management System Basem Shihada Computer Science & Electrical Engineering CEMSE, KAUST University of Waterloo Seminar December 8 th, 2014 2 3 How
More informationStudent ID: CS457: Computer Networking Date: 5/8/2007 Name:
CS457: Computer Networking Date: 5/8/2007 Name: Instructions: 1. Be sure that you have 10 questions 2. Write your Student ID (email) at the top of every page 3. Be sure to complete the honor statement
More information1. Which network design consideration would be more important to a large corporation than to a small business?
CCNA 1 Chapter 11 v5.0 Exam Answers 2015 (100%) 1. Which network design consideration would be more important to a large corporation than to a small business? Internet router firewall low port density
More informationNext Week. Network Security (and related topics) Project 3 Q/A. Agenda. My definition of network security. Network Security.
Next Week No sections Network Security (and related topics) EE122 Fall 2012 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other
More informationA 2 M: Access-Assured Mobile Desktop Computing
A 2 M: Access-Assured Mobile Desktop Computing Angelos Stavrou 1, Ricardo A. Barrato 2, Angelos D. Keromytis 2, and Jason Nieh 2 1 Computer Science Department, George Mason University 2 Computer Science
More informationIxChariot. Predict Device and System Performance Under Realistic Load Conditions
0:00:02.0 0:00:00.3 0:00:00.6 0:00:01.8 Throughput 90.50 60.50 30.50 0.50 0:00:00 0:00:20 0:00:40 0:01:00 Predict Device and System Performance Under Realistic Load Conditions Test Triple Play Performance
More informationThe Changing Usage of a Mature Campus-wide Wireless Network
The Changing Usage of a Mature Campus-wide Wireless Network Andrew Stone CS525m Mobile and Ubiquitous Computing Overview Project Goal Data Collection Methods Findings and Data Analysis Conclusions and
More informationIxLoad. Determine Performance of Content-Aware Devices and Networks
Determine Performance of Content-Aware Devices and Networks Determine Performance Limits of Load Balancers, Firewalls, and Content Switches Test Triple Play Network Performance by Emulating Subscribers
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 4.1: Network Security Basics Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) 2 Network Security INTRODUCTION 3 What
More informationCSE Computer Security (Fall 2006)
CSE 543 - Computer Security (Fall 2006) Lecture 18 - Network Security November 7, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ 1 Denial of Service Intentional prevention of access to valued resource
More informationTCP Nice: A Mechanism for Background Transfers
Improving Internet Availability and Reliability TCP : A Mechanism for Background Transfers Z. Morley Mao Lecture 7 Feb 2, 2004 Arun Venkataramani, Ravi Kokku, Mike Dahlin Laboratory of Advanced Systems
More informationEnterprise D/DoS Mitigation Solution offering
Enterprise D/DoS Mitigation Solution offering About the Domain TCS Enterprise Security and Risk Management (ESRM) offers full services play in security with integrated security solutions. ESRM s solution
More informationMultimedia! 23/03/18. Part 3: Lecture 3! Content and multimedia! Internet traffic!
Part 3: Lecture 3 Content and multimedia Internet traffic Multimedia How can multimedia be transmitted? Interactive/real-time Streaming 1 Voice over IP Interactive multimedia Voice and multimedia sessions
More informationPart 3: Lecture 3! Content and multimedia!
Part 3: Lecture 3! Content and multimedia! Internet traffic! Multimedia! How can multimedia be transmitted?! Interactive/real-time! Streaming! Interactive multimedia! Voice over IP! Voice and multimedia
More informationISA 564 SECURITY LAB. Introduction & Class Mechanics. Angelos Stavrou, George Mason University
ISA 564 SECURITY LAB Introduction & Class Mechanics Angelos Stavrou, George Mason University Course Mechanics Course URL: http://cs.gmu.edu/~astavrou/isa564_f16.html Instructor Angelos Stavrou Email: astavrou@gmu.edu
More informationCustomer Agreements, Policies & Service Disclosures for PINE TELEPHONE COMPANY
Customer Agreements, Policies & Service Disclosures for PINE TELEPHONE COMPANY The FCC requires that PINE TELEPHONE COMPANY INC. (or PINE TELEPHONE) and all providers of Broadband Internet Access services
More informationPLEASE READ CAREFULLY BEFORE YOU START
Page 1 of 11 MIDTERM EXAMINATION #1 OCT. 16, 2013 COMPUTER NETWORKS : 03-60-367-01 U N I V E R S I T Y O F W I N D S O R S C H O O L O F C O M P U T E R S C I E N C E Fall 2013-75 minutes This examination
More informationA Survey on Economic Denial of Sustainability Attack Mitigation Techniques
A Survey on Economic Denial of Sustainability Attack Mitigation Techniques Rohit Thaper 1, Amandeep Verma 2 Research Scholar, Dept. of IT, U.I.E.T., PU, Chandigarh, India 1 Assistant Professor, Dept. of
More informationUpgrading Transport Protocols using Untrusted Mobile Code
Key Point Upgrading Transport Protocols using Untrusted Mobile Code Parveen Patel Jay Lepreau Tim Stack (Univ. of Utah) Andrew Whitaker David Wetherall (Univ. of Washington) Untrusted mobile code can allow
More informationCIS 632 / EEC 687 Mobile Computing
CIS 632 / EEC 687 Mobile Computing TCP in Mobile Networks Prof. Chansu Yu Contents Physical layer issues Communication frequency Signal propagation Modulation and Demodulation Channel access issues Multiple
More informationDenial of Service prevention in the IoT
Lund, May 19 th, 2015 Marco Tiloca Denial of Service prevention in the IoT Denial of Service (DoS) Main goal Make a victim host unavailable Compromise service availability DoS criteria Consume non renewable
More informationIxLoad Data Streaming (RTSP, RTP)
IxLoad Data Streaming (RTSP, RTP) IxLoad can be used to: Benchmark the performance of streaming media servers and media caches Measure the impact of network degradation on the quality of media delivered
More informationNetwork Security Issues and New Challenges
Network Security Issues and New Challenges Brijesh Kumar, Ph.D. Princeton Jct, NJ 08550 Brijesh_kumar@hotmail.com A talk delivered on 11/05/2008 Contents Overview The problem Historical Perspective Software
More informationTHE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul
THE SECOND GENERATION ONION ROUTER Roger Dingledine Nick Mathewson Paul Syverson 1 -Presented by Arindam Paul Menu Motivation: Why do we need Onion Routing? Introduction : What is TOR? Basic TOR Design
More informationA Survey of Defense Mechanisms Against DDoS Flooding A
DDoS Defense: Scope And A Survey of Defense Mechanisms Against DDoS Flooding Attacks IIT Kanpur IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 15, NO. 4, FOURTH QUARTER 2013 DDoS Defense: Scope And Outline
More informationInterdomain Routing Design for MobilityFirst
Interdomain Routing Design for MobilityFirst October 6, 2011 Z. Morley Mao, University of Michigan In collaboration with Mike Reiter s group 1 Interdomain routing design requirements Mobility support Network
More informationSurvey of Cyber Moving Targets. Presented By Sharani Sankaran
Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 8 Denial of Service First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Denial of Service denial of service (DoS) an action
More informationVendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo
Vendor: HP Exam Code: HP2-Z32 Exam Name: Implementing HP MSM Wireless Networks Version: Demo QUESTION 1 A network administrator deploys several HP MSM APs and an HP MSM Controller. The APs discover the
More informationCISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks
CISNTWK-440 Intro to Network Security Chapter 4 Network Vulnerabilities and Attacks Objectives Explain the types of network vulnerabilities List categories of network attacks Define different methods of
More informationA Security Orchestration System for CDN Edge Servers
A Security Orchestration System for CDN Edge Servers ELAHEH JALALPOUR STERE PREDA MILAD GHAZNAVI MAKAN POURZANDI DANIEL MIGAULT RAOUF BOUTABA 1 Outline Introduction Edge Server Security Orchestration Implementation
More informationNETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
NETWORK INTRUSION Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Recognize different
More informationUpgrading Transport Protocols using Untrusted Mobile Code
Upgrading Transport Protocols using Untrusted Mobile Code Parveen Patel Jay Lepreau Tim Stack (Univ. of Utah) Andrew Whitaker David Wetherall (Univ. of Washington) Key Point Untrusted mobile code can allow
More information