Distillation Codes and DOS Resistant Multicast Moderation Prepared - - PowerPoint PPT Presentation

Distillation Codes and DOS Resistant Multicast

Moderation Prepared for CS 624 – Fabian Monrose Johns Hopkins University Kevin Snow & Ryan Gardner

Recall

We showed how distillation codes broke received packets into partitions to reduce the number of signatures computed by a receiver under attack

Distillation Codes – Attack Example

s5 s3 s2 s7 s2 w7 w5 w2 w2 w3

a’ a’’ a’’’

s2 w2 s4 w4 s4 w4 s1 w1 s2 w2 s6 w6 s1 w1 s5 s3 s2 s7 s6 s2 s4 s4 s1 s2 s7 s1

a’’’’

s7 w7 s2

Say m = 4

Distillation Codes – Attack Example

a’ a’’’

s5 s3 s2 s7 s4 s1 s2 s1

Erasure decode

d4’ d3’ d2’ d1’ d4’’’ d3’’’ d2’’’ d1’’’ D’ sig D’’’ sig

Verify signature

bad signature Discard good signature Use

a’’

s4 s7 s6 s2 d7’’ d6’’ d4’’ d2’’ D’’ sig bad signature Discard

Summing It All Up

We now briefly examine how effective this solution is and its general performance characteristics.

“I felt let down by the empirical evaluation in section 5.”

Distillation Codes – Computational DoS

Adversary can induce max of:

b bandwidth !

blocks s " # $ % & '

( ) ( )

( )

1 log( ) 1 b f n n n * * *

Hash function applications per second (average) ( )

1 _ b f total blocks * !

( )

log( ) 1 hashs n symbol * ! max_ symbols n block !

Distillation Codes – Computational DoS

Adversary can induce max of:

1 f n b m " + # ,

• *

$ % ,

• .

/ & '

Erasure decodings and signature verifications per second (average)

sec blocks b ! max_ _ data sent f n block + ! min_ _ _ _ _ m amount

• f

data for verification ! max_ f n verifications m block + ,

• !

,

• .

/

Distillation Codes – State-holding DoS

max_ _ d packet delay !

PRABS requires at most:

_ r sending rate ! _ _ k size

• f

packet !

( )

1 n k r d f r + " # * * $ % & '

bytes of memory

Assuming…

( )

1 max_ _ _ r f d data through time * !

( )

1 max_ _ _ r f rate traffic arrives * !

( )

1 max_ _ n k f data burst + * !

• “How does the system hold to more high

performance type applications where more bandwidth is needed?”

• Microsoft classifies “500 kbps – 2 Mbps”

as “high quality video and audio” for streaming Windows Media player 9

Resilience to Attacks

Required vs Available Computation (operations per second)

3,700 1,170 70,000 540,000 Capable - 2.4 GHz Pentium 2.3% 7.2% 8.0% 8.3% % Req 84 (128,64) Reed- Solomon decodings 84 RSA-1024 signature verifications 5,632 1024 byte SHA- 1 hashes per sec. 45,056 22 byte SHA-1 hashes per sec. Required by Receiver r = 4 Mbs stream b = 4 blocks per sec. 1024 byte packets n = 128 packets m = 64 packets f = 10 d = 2 s

Stream Parameters

Resilience to Attacks

• They claimed attack factor of 10 with 4Mb/s

stream required ~13% of the CPU in the worst case

• Memory requirements for this setting:

11.87 MB

Resilience to Attacks

Overall, distillation codes is quite robust against pollution attacks with an attack factor of no more than 10.

Comparison to SAIDA on Applications

• “I would like to see some descriptions of

how efficient the scheme is with regard to specific forms of multicast communication.”

• “If only we knew how efficient PRABS

were, compared to other systems...”

Skype Parameters

• Skype claims 3-16 kBs (24-108 kbs)
• Observed in [1]

– 67 bytes/voice_packet – Sent 60 packets/second (17 ms interval) – ~5kBs bandwidth

• Our adaptation to SAIDA & PRABS

– Blocks of 10 packets

• 6 packets/second
• Adding 167 ms delay

KevRy Stock Broadcast (RKS)

• Assume 6000 companies (3300 nasdaq,

2800 NYSE)

• Send 14 bytes each (6 ticker, 8 value)
• Total: 84 kB
• Broadcast value of stocks every 3 seconds
• 28 kBs bandwidth
• 256 B packets
• Blocks of 112 packets

RKS Bandwidth Packet size 67 B 256 B Block size (packets) 10 packets 112 packets Block size (bytes) 670 B 28,672 B Block frequency 167 ms 3,000 ms Skype 5 kBs 28 kBs

Summary of Application Parameters

Computational Comparison on Skype

2,755 25 70,000 540,000 2.4 GHz Pentium Capable 0.3% 40% ~0% 0% % Req - SAIDA 0.3% 40% 0.1% 0.01% % Req - PRABS 10 10 66 Required by SAIDA Skype Sender 10 Erasure encodings 10 RSA-1024 signature generations 126 ~1024 byte SHA-1 hashes per sec. 54 ~20 byte SHA- 1 hashes per sec. Required by PRABS Skype Sender

Bandwidth Overhead

• PRABS is same as SAIDA plus witness

information for each symbol…

Comparison of Bandwidth Overhead

Bandwidth overhead in bytes Percentage bandwidth overhead

Skype Stocks 2500 5000 7500 10000

492 3972 772 9390

SAIDA PRABS Bandwidth overhead (B)

Skype Stocks 25 50 75 100 125

73 15 115 33

SAIDA PRABS Bandwidth overhead (% of total block)

“Loss Model Independence”

• One of their stated goals…
• Never really defined
• Assume they mean that for a given packet

loss rate, the authentication probability is the same for any loss model

Verification Probability

• Because distillation codes is still founded
• n erasure codes and it guarantees a valid

reconstruction if one exists, this is the same as it was for SAIDA.

“Loss Model Independence”

• Goal not met
• Example

~90% ~100% Authentication probability 64 1 Expected burst lost length Loss Model 2 Loss Model 1 Authentication Probability under Different Loss Models System Parameters n/m = 1.5 n = 128 packet loss percentage = 20%

Verification Probability

• The authentication probabilities are

different in the different loss models

• So this is not loss model independent.

Distillation Codes Summary

• Solution is effective against decent sized

attacks

• Induces a large overhead over SAIDA,

particularly in the case of small packets

• Loss model dependent

References

[1]S.A. Baset and H. Schulzrinne. An analysis of the Skype peer-to-peer internet telephony protocol. Technical report.

• 2004. www.cs.columbia.edu/techreports/cucs-039-

04.pdf