An Overlay Architecture for End-to-End Internet Service Availability

Transcription

1 An Overlay Architecture for End-to-End Internet Service Availability Angelos Stavrou Network Security Lab Computer Science Department, Columbia University

2 Overview of the talk Problem Motivation Summary of Contributions Overlay-based Protection for Internet Services Two Novel Attacks against Overlays Stateless Protocol for Multi-path Communications Conclusion & Future Research

3 Motivation: Network Service Availability

4 Motivation: Network Service Availability

5 Problem Motivation: Service Availability We are increasingly rely on Internet Services Financial services, Thin-Clients, Voice over IP (VoIP) But Internet Services are not Dependable... Denial of Service Attacks can disrupt online service Attack capabilities are increasing (botnets) Proposed solutions require network support No economic incentive to deploy DoS solutions Internet Service Providers control network paths

6 Contributions Goal: Protect End-to-End Network Connectivity without network support WebSOS: A DoS Protection Architecture for Web Services using Graphic Turing Tests (GTTs) [CCS 03, Elsevier JCN 05] Support for Dynamic Content Resilient to large-scale attacks Graphic Turing Tests (GTTs) to discriminate traffic - no zombies Relax authentication requirements: allow anonymous users

7 Contributions II Goal: Protect End-to-End Network Connectivity without network support MOVE: An End-to-End System for Service Protection [NDSS 05] No need for Network Level Packet Filtering Lightweight Migration Mechanism boosts resiliency Introduce Two Novel Attacks against Overlays Use Stateless Multi-path Overlays to Defend [CCS 05, IATAC 06] Analyze the simple but devastating attacks Introduce a stateless communication protocol Natural path diversity boosts resiliency Packet Replication lowers latency

8 Motivation: Network Service Availability

9 WebSOS: Protection for Web Services

10 WebSOS: Protection for Web Services

11 WebSOS: Protection for Web Services

12 WebSOS: Protection for Web Services

13 WebSOS: Protection for Web Services Can we remove Packet Filtering?

14 Move: An End-to-End Solution for DDoS

15 Move: An End-to-End Solution for DDoS Attack

16 Move: An End-to-End Solution for DDoS

17 Move: An End-to-End Solution for DDoS

18 Migration Performance Round Trip time

19 Limitations of WebSOS & MOVE Time (in seconds) Latency Overhead for various SSL Services Direct Original Request Cached Requests 1 0 Yahoo! Verisign Columbia Columbia (2nd) Latency increase by a factor of 2 when using Indirection

20 Limitations of WebSOS & MOVE Time (in seconds) Latency Overhead for various SSL Services Direct Original Request Cached Requests 1 0 Yahoo! Verisign Columbia Columbia (2nd) Latency increase by a factor of 2 when using Indirection Also Vulnerable to simple attacks...

21 Old fashioned DoS Attack

22 New Attack: Stalker Attack

23 New Attack: Stalker Attack

24 New Attack: Stalker Attack

25 New Attack: Stalker Attack

26 New Attack: Sweeping Attack

27 New Attack: Sweeping Attack

28 New Attack: Sweeping Attack

29 What is the underlying problem? How clients connect to the overlay: Connection to a single Indirection node (entry point) Client s state is stored to this entry point End-to-End connection depends on a small but static set of overlay nodes

30 Fix attempt: use many entry points

31 Fix attempt: use many entry points But this solution increases the state stored!!!

32 Ticket-based mechanism to the rescue Move state to the ticket Ticket is issued by the Overlay using a shared key Ticket becomes a contract between the user and the overlay Use of a shared key guarantees honor of the agreement

33 Ticket Design Random spreading sequence protects against stalker attacks

34 Ticket Design Random spreading sequence protects against stalker attacks Packet sequence range guarantees traffic control

35 Ticket Design Random spreading sequence protects against stalker attacks Packet sequence range guarantees traffic control Ticket design and issue protocol prevent replay, spoofing and computational attacks

36 Key & Ticket Establishment protocol:

37 Client Connection Initiation

38 Spread Spectrum Architecture - Replication Multi-Path + Spreading + Ticket allows Packet Replication

39 Prototype in Planet-Lab

40 Performance Results: Latency End-to-End Latency with Client Packet Replication nodes 16 nodes 32 nodes 76 nodes Overlay / Direct No Repl. 1.5x 2x 3x Client Packet Replication

41 Resilience Results: Throughput Throughput vs Error Rate in regular TCP 10 9 RTT: 6ms RTT: 24ms RTT: 104ms Goodput (Mbps) Performance region of wired networks Performance region of MANETs Packet Error Rate(%) %*=0.7(-5*>=3/-!"#-?*0-)60,7@A6+;B8;/9-C716:D-#6.E7/-F063=07-6+;-G=1/8@#6/9-F+H80*+<7+/34 %98HE=<60 '61:6+606<6+ I5#JKD-'4'4-56<6E I&!L!-)6> K

42 Resilience Results: Throughput Throughput vs Node Failure 600 Direct No Repl. 1.5x 2x 3x 500 KB/Sec % 3% 4% 9% 17% 21% 27% 35% 43% 46% 55% % Node Failure

43 Resilience Results: Video Streaming Video Quality vs Node Failure 100% 80% Video Quality 60% 40% 20% 0% 0% 50% 100% 200% % Node Failures

44 Resilience Results: Latency (Web) End-to-End Latency vs Node Failure (Web) No Repl. 1.5x 2x 3x

45 Contributions Goal: Protect End-to-End Network Connectivity without network support WebSOS: A DoS Protection Architecture for Web Services using Graphic Turing Tests (GTTs) [CCS 03, Elsevier JCN 05] Support for Dynamic Content Resilient to large-scale attacks Graphic Turing Tests (GTTs) to discriminate traffic - no zombies Relax authentication requirements: allow anonymous users

46 Contributions II Goal: Protect End-to-End Network Connectivity without network support MOVE: An End-to-End System for Service Protection [NDSS 05] No need for Network Level Packet Filtering Lightweight Migration Mechanism boosts resiliency Introduce Two Novel Attacks against Overlays Use Stateless Multi-path Overlays to Defend [CCS 05, IATAC 06] Analyze the simple but devastating attacks Introduce a stateless communication protocol Natural path diversity boosts resiliency Packet Replication lowers latency

47 List of related papers A Lightweight, Robust P2P System to Handle Flash Crowds [ICNP 02, IEEE JSAC 04] Using Graphic Turing Tests to Counter Automated DDoS Attacks Against Web Servers [CCS 03] WebSOS: An Overlay-based System For Protecting Web Servers From Denial of Service Attacks [Elsevier JCN 05] MOVE: An End-to-End Solution To Network Denial of Service [NDSS 05] Countering DoS Attacks With Stateless Multipath Overlays [CCS 05, IATAC 06]

48 Conclusion We introduced an End-to-End mechanism to protect a wide range of time-critical services Ticket-Based Stateless Spreading of packets over the overlay enables Multi-Path Routing Multi-Path routing even with naive packet replication boosts Network Performance and Resilience Can be used in a wireless setting to increase capacity

49 Discussion Any Questions?

50 Backup Slides

51 Ticket Generation Benchmark

52 MOVE Session Diagram

53 What is the underlying problem (II)? How the Overlay sees the client: User can establish multiple connections to an overlay node An authenticated client can inject any amount of traffic to the overlay network Even if there is access control in the entry point the user can reset that by attacking the entry point

54 PROOFS Performance

55 PROOFS Performance

56 PROOFS Performance

57 Front-end Web Server, eg. Apache Back-end Business Logic e.g. PHP, Tomcat

58 Resilience Results: Video Streaming 100% Video Quality vs Node Failure 80% Video Quality 60% 5 clients - 0% 5 clients - 50% 40% 5 clients - 100% 5 clients - 200% 8 clients - 0% 20% 8 clients - 50% 8 clients - 100% 8 clients - 200% 0% % Node Failures