Game-based Analysis of Denial-of-Service Prevention ProtocolsOverviewDDoS AttacksDefense Mechanisms (1)Defense Mechanisms (2)Push-back MechanismDefense Mechanisms (3)ProblemsClient PuzzlesClient Puzzle Protocols (1)Client Puzzle Protocols (2)Basic Client Puzzle ProtocolDistributed Approach (1)Distributed Approach (2)Analysis of the Protocols (1)Analysis of the Protocols (2)Liveness in ATLAvailability in ATLClient Authentication in ATLAdaptability in ATLConclusions and Future WorkGame-based Analysis of Denial-of-Service Prevention ProtocolsAjay MahimkarClass Project: CS 395TOverviewIntroduction to DDoS AttacksCurrent DDoS Defense StrategiesClient Puzzle Protocols for DoS PreventionDistributed ApproachGame-based Verification using MOCHAConclusions and future workDDoS AttacksWhat is a Denial-of-Service Attack?Degrade the service quality or completely disable the target service by overloading critical resources of the target system or by exploiting software bugsWhat is a Distributed Denial-of-Service Attack?The objective is the same with DoS attacks but is accomplished by a set of compromised hosts distributed over the InternetDefense Mechanisms (1)Victim-endMost existing intrusion detection systems and DDoS detection systems fall in this categoryUsed to protect a set of hosts from being attackedAdvantagesDDoS attacks are easily detected due to aggregate of huge traffic volumeDisadvantagesAttack flows can still incur congestion along the attack pathFiltering of attack flows using IP TracebackDefense Mechanisms (2)Intermediate NetworkRouters identify attack packet characteristics, send messages to upstream routers to limit traffic rateAttack packets filtered by Internet core routersAdvantagesEffectiveness of filtering improvedDisadvantagesInternet-wide authentication framework is requiredExamplePush-back MechanismPush-back MechanismR2R0R1R3R7R6R5R4Heavy traffic flowPush-back messages●Challenge – attack/legitimate packet differentiationAttack trafficAttack trafficLegitimate trafficLegitimate trafficLegitimate trafficDefense Mechanisms (3)Source-endAttack packets dropped at sourcesPrevents attack traffic from entering the InternetAdvantagesEffectiveness of packet filter is the bestDisadvantagesIt is very hard to identify DDoS attack flows at sources since the traffic is not so aggregateRequires support of all edge routersProblemsIn DDoS Attack Mitigation techniques, filters do not accurately differentiate legitimate and attack trafficMechanisms like IP Traceback, Push-back could drop legitimate trafficDropping legitimate traffic serves the purpose of the attacker Question is How to differentiate legitimate and attack traffic behavior?SolutionUse Client PuzzlesClient PuzzlesForce each client to solve a cryptographic puzzle for each request before server commits its resourcesIn other words, “Make client commit its resources before receiving resource”Client puzzles defends against Distributed DoS attacksStudy shows that existing DDoS tools are carefully designed not to disrupt the zombie computers, so as to avoid alerting the machine ownersFilter packets from clients that do not solve puzzlesThis differentiates legitimate users from attackersClient Puzzle Protocols (1)Puzzle Auctions ProtocolBefore initiating session, client solves a puzzle of some difficulty level and sends request along with puzzle solution to the serverDepending upon the server utilization and the puzzle difficulty levelThe server sends an accept and continues with the session communication or,It sends a reject and asks client to increase the puzzle difficulty level If client can solve puzzle with higher difficulty level, it gets serviceLegitimate clients can solve puzzles of high difficulty, whereas attackers have an upper boundThus attacker cannot prevent legitimate users from accessing serviceClient Puzzle Protocols (2)Challenge-Response Type Client Puzzle ProtocolWhen server receives request from client, depending upon the current utilization it asks the client to solve a puzzle of some difficulty levelServer allocates resources only if it receives solution from the clientServer does not maintain information about the puzzlesAvoids denial-of-service attacks on the puzzle generationBasic Client Puzzle ProtocolClientServerSYN, NcRequest ServiceGenerate puzzle(F is the flow ID and X is solution to puzzle) P, Ns, h’ = hashKs (Ns, Nc, F, X)Nc, X, h’Solve puzzleVerify solution using X and hashSYN-ACKACKDistributed Approach (1)The two protocols solve Resource-exhaustion DDoS attacksCannot prevent the attacker from flooding the link to the server, thereby exhibiting Bandwidth-consumption attacksI propose a new approach that shifts puzzle distribution and verification from server to intermediate routers or monitoring nodesIntermediate routers collaborate and determine the total traffic to a certain destinationThey adapt the difficulty level depending on traffic informationPackets from clients that fail to solve puzzles of appropriate difficulty levels are filtered in the intermediate networkDistributed Approach (2)t ij is the traffic on a link from client i to router jAnalysis of the Protocols (1)Protocol PropertiesLivenessIf a server has enough resources to handle connection requests, then it should allocate resources to clients (genuine or legitimate) that solve puzzles of any difficulty levelAvailabilityA set of attackers should not be able to prevent legitimate users from accessing the serviceClient AuthenticationServer allocates resources after authenticating the clients by verifying the solution to the puzzleAdaptabilityPuzzle difficulty level should be in proportion to the traffic levels going to a serverAnalysis of the Protocols (2)Game-based verification using MOCHASituation between the attacker and the server modeled as a two-player strategic gameServer’s strategy is characterized by the complexity of the puzzle that it generatesAttacker’s strategy is characterized by the amount of effort he invests in solving the received puzzles Σ ((full) ((requestC allocatedC) (requestA allocatedA))Liveness in ATLIt is always true in all states that If the server has not committed all of its resources Request from client C implies
View Full Document