Distillation Codes and DOS Resistant Multicast Moderation Prepared - PowerPoint PPT Presentation

Distillation Codes and DOS Resistant Multicast Moderation Prepared for CS 624 – Fabian Monrose Johns Hopkins University Kevin Snow & Ryan Gardner

Recall We showed how distillation codes broke received packets into partitions to reduce the number of signatures computed by a receiver under attack

Distillation Codes – Attack Example s 2 w 2 s 1 w 1 s 7 w 7 s 1 w 1 s 2 w 2 s 7 w 7 s 3 w 3 s 4 w 4 s 5 w 5 s 4 w 4 s 2 w 2 s 6 w 6 s 2 w 2 a’ a’’ a’’’ a’’’’ Say m = 4 s 1 s 2 s 1 s 2 s 2 s 4 s 2 s 3 s 6 s 4 s 5 s 7 s 7

Distillation Codes – Attack Example a’ a’’ a’’’ s 1 s 2 s 3 s 5 s 2 s 4 s 6 s 7 s 1 s 2 s 4 s 7 Erasure decode d 1 ’ d 2 ’ d 3 ’ d 4 ’ d 2 ’’ d 4 ’’ d 6 ’’ d 7 ’’ d 1 ’’’ d 2 ’’’ d 3 ’’’ d 4 ’’’ D’ sig D’’ sig D’’’ sig Verify signature bad signature bad signature good signature Discard Discard Use

Summing It All Up We now briefly examine how effective this solution is and its general performance characteristics.

“I felt let down by the empirical evaluation in section 5.”

Distillation Codes – Computational DoS " blocks # ! b bandwidth $ % & s ' Adversary can induce max of: ( ) Hash function applications ( ) ( ) * * * b f 1 n log( ) 1 n n per second (average) hashs max_ symbols ( ) ( ) * ! ! * ! log( ) 1 n n b f 1 total _ blocks block symbol

Distillation Codes – Computational DoS Adversary can induce max of: Erasure decodings and signature " + # , - * f n b 1 $ % , - verifications per second (average) . m / & ' max_ data _ sent + ! f n block ! m min_ amount _ of _ data _ for _ verification + , f n - ! max_ verifications , - . m / block blocks b ! sec

Distillation Codes – State-holding DoS Assuming… ! d max_ packet _ delay ! r sending _ rate ! k size _ of _ packet PRABS requires at most: + " # n k ( ) bytes of memory * * r d f 1 $ % & r ' ( ) * ! r f 1 max_ rate _ traffic _ arrives ( ) * ! r f 1 d max_ data _ through _ time ( ) + * ! n k f 1 max_ data _ burst

• “How does the system hold to more high performance type applications where more bandwidth is needed?” • Microsoft classifies “500 kbps – 2 Mbps” as “high quality video and audio” for streaming Windows Media player 9

Resilience to Attacks Required vs Available Computation Stream Parameters (operations per second) Required by Capable - 2.4 % Req r = 4 Mbs stream Receiver GHz Pentium b = 4 blocks per sec. 22 byte SHA-1 45,056 540,000 8.3% 1024 byte packets hashes per sec. n = 128 packets 1024 byte SHA- 5,632 70,000 8.0% 1 hashes per m = 64 packets sec. f = 10 RSA-1024 84 1,170 7.2% d = 2 s signature verifications (128,64) Reed- 84 3,700 2.3% Solomon decodings

Resilience to Attacks • They claimed attack factor of 10 with 4Mb/s stream required ~13% of the CPU in the worst case • Memory requirements for this setting: 11.87 MB

Resilience to Attacks Overall, distillation codes is quite robust against pollution attacks with an attack factor of no more than 10.

Comparison to SAIDA on Applications • “I would like to see some descriptions of how efficient the scheme is with regard to specific forms of multicast communication.” • “If only we knew how efficient PRABS were, compared to other systems...”

Skype Parameters • Skype claims 3-16 kBs (24-108 kbs) • Observed in [1] – 67 bytes/voice_packet – Sent 60 packets/second (17 ms interval) – ~5kBs bandwidth • Our adaptation to SAIDA & PRABS – Blocks of 10 packets • 6 packets/second • Adding 167 ms delay

KevRy Stock Broadcast (RKS) • Assume 6000 companies (3300 nasdaq, 2800 NYSE) • Send 14 bytes each (6 ticker, 8 value) • Total: 84 kB • Broadcast value of stocks every 3 seconds • 28 kBs bandwidth • 256 B packets • Blocks of 112 packets

Summary of Application Parameters Skype RKS Bandwidth 5 kBs 28 kBs Packet size 67 B 256 B Block size (packets) 10 packets 112 packets Block size (bytes) 670 B 28,672 B Block frequency 167 ms 3,000 ms

Computational Comparison on Skype 2.4 GHz Required by % Req - Required by % Req - Pentium SAIDA SAIDA PRABS PRABS Capable Skype Skype Sender Sender ~20 byte SHA- 540,000 0 0% 54 0.01% 1 hashes per sec. ~1024 byte 70,000 66 ~0% 126 0.1% SHA-1 hashes per sec. RSA-1024 25 10 40% 10 40% signature generations Erasure 2,755 10 0.3% 10 0.3% encodings

Bandwidth Overhead • PRABS is same as SAIDA plus witness information for each symbol…

Comparison of Bandwidth Overhead Bandwidth overhead in bytes Bandwidth overhead (B) 10000 9390 SAIDA 7500 PRABS 5000 3972 2500 772 492 0 Skype Stocks Percentage bandwidth overhead 125 115 Bandwidth overhead (% of total block) SAIDA 100 PRABS 73 75 50 33 25 15 0 Skype Stocks

“Loss Model Independence” • One of their stated goals… • Never really defined • Assume they mean that for a given packet loss rate, the authentication probability is the same for any loss model

Verification Probability • Because distillation codes is still founded on erasure codes and it guarantees a valid reconstruction if one exists, this is the same as it was for SAIDA.

“Loss Model Independence” • Goal not met • Example Authentication Probability under System Parameters Different Loss Models Loss Loss n/m = 1.5 Model 1 Model 2 n = 128 Expected burst 1 64 packet loss percentage = 20% lost length Authentication ~100% ~90% probability

Verification Probability • The authentication probabilities are different in the different loss models • So this is not loss model independent.

Distillation Codes Summary • Solution is effective against decent sized attacks • Induces a large overhead over SAIDA, particularly in the case of small packets • Loss model dependent

References [1]S.A. Baset and H. Schulzrinne. An analysis of the Skype peer-to-peer internet telephony protocol. Technical report. 2004. www.cs.columbia.edu/techreports/cucs-039- 04.pdf