on t on the f he feas easibilit ibility o y of re
play

On t On the F he Feas easibilit ibility o y of Re - PowerPoint PPT Presentation

Oct 08, 2022 •242 likes •548 views

On t On the F he Feas easibilit ibility o y of Re Rerouting-bas based D d DDoS D S Defens nses Mu Muoi Tran , Min Suk Kang, Hsu-Chun Hsiao, Wei-Hsuan Chiang, Shu-Po Tung, Yu-Su Wang May 2019 | San Francisco, CA Transit-link DDoS

  1. On t On the F he Feas easibilit ibility o y of Re Rerouting-bas based D d DDoS D S Defens nses Mu Muoi Tran , Min Suk Kang, Hsu-Chun Hsiao, Wei-Hsuan Chiang, Shu-Po Tung, Yu-Su Wang May 2019 | San Francisco, CA

  2. Transit-link DDoS attack: a powerful type of volumetric DDoS attack (distributed denial of service) Traditional: volumetric attack traffic targeting end servers Non-traditional: volumetric attack traffic targeting transit links k n Academic studies : i l t i s n a AS r t Coremelt attack (ESORICS ‘09) AS AS Crossfire attack AS (S&P ‘13) Real incidents : 2015 2013 2

  3. Handling transit-link DDoS attack is challenging Indistinguishable low-rate traffic AS AS AS AS AS Victims are AS indirectly affected AS AS Destination Source 3

  4. Transit-link DDoS attacks still remain an open problem Partial solutions RADAR CoDef defense (Zheng et al. ) (Lee et al. ) SPIFFY NetHide Crossfire attack LinkScope (Kang et al. ) (Meier et al .) (Kang et al. ) (Xue et al. ) 2016 2009 2018 2013 2014 Routing Around Congestion Not available in the Coremelt attack (Studer et al. ) current Internet (Smith et al. S&P’18) “Readily deployable solution" SIBRA STRIDE (Basescu et al. ) (Hsiao et al. ) 4

  5. Background: How BGP routing works? Border Gateway Protocol (BGP) No control over traffic path by design Traffic path AS Z AS Y AS C AS D AS X Destination Source Loop-free AS-path {D} { Z, D} { Y, Z, D} { X, Y, Z, D} BGP propagation Traffic forwarding 5

  6. Routing Around Congestion (RAC) : Rerouting using BGP poisoning [Smith et al ., S&P ’18] Loop detected! x Goal : reroute to avoid AS W AS W Original path AS C AS X AS Z AS D Critical source AS Y Victim destination Detour path {D, W , D} BGP poisoning message 6

  7. Routing Around Congestion (RAC) : Rerouting using BGP poisoning [Smith et al ., S&P ’18] AS collaboration is not needed! AS W Original path AS C AS X AS Z AS D Critical source AS Y Victim destination Switch to Detour path {D, W , D} detour path BGP poisoning message 7

  8. Will RAC defense still work against adaptive attackers ? 8

  9. Our contributions Adaptive detour-learning attack against rerouting solutions Practical challenge of mitigating adaptive detour-learning attack Future directions for transit-link DDoS defenses 9

  10. Adaptive detour-learning attack: Threat model Goals: (1) To detect rerouting in real-time (2) To learn new detour path accurately (3) To congest new detour path (see the paper) Capabilities: - Same botnets used in transit-link DDoS attack 10

  11. Adaptive detour-learning attack: (1) how to detect rerouting in real-time AS I traceroute AS W Original path Adaptive adversary AS C AS X AS Z AS D Critical source AS Y Victim destination 11

  12. Adaptive detour-learning attack: (1) how to detect rerouting in real-time Rerouting is detected ! AS I traceroute AS W Adaptive adversary AS C AS X AS Z AS D Critical source AS Y Victim destination Detour path 12

  13. Adaptive detour-learning attack: (2) how to learn detour path accurately Challenge : Which is more AS H accurate route measurement (3) congest detour path of actual detour path? (see the paper) AS G AS I closer AS Detour path (e.g., shorter AS-path) AS D AS X AS C AS Y Solution : Prioritize Critical source Victim destination measurement from bot AS E AS J closer to traffic source 13

  14. Adaptive detour-learning attack: (2) how to learn detour path accurately Challenge : Which is more AS H accurate route measurement (3) congest detour path of actual detour path? (see the paper) AS G AS I Results: 94% of learned detour paths are correct closer AS Detour path (e.g., shorter AS-path) AS D AS X AS C AS Y Solution : Prioritize Critical source Victim destination measurement from bot AS E AS J closer to traffic source 14

  15. Our contributions Adaptive detour-learning attack against rerouting solutions Practical challenge of mitigating adaptive detour-learning attack Future directions for transit-link DDoS defenses 15

  16. How to defend against detour-learning attack? Detour Detour path must be AS I learned! isolated! AS W AS C AS X AS Z AS D Critical source AS Y Victim destination Exclusively used AS J for critical flows How to isolate? Poison all peers of ASes on detour path! 16

  17. Detour path isolation => poisoning too many ASes 1 1 Tier-1 or large Tier-2 Thousands 0.8 0.8 on the detour paths ASes should 0.6 0.6 (more in the paper) be poisoned CDF 0.4 0.4 But why ? 0.2 0.2 0 0 100 1000 10000 2 3 4 Number of ASes that should be poisoned 17

  18. Can we poison that many ASes? 1 1 Specification 0.8 0.8 0.6 0.6 0.4 CDF 0.4 0.2 0.2 Implementation 0 0 2 3 2034 4 100 1000 10000 255 Number of ASes that should be poisoned Specification Implementation Configuration up to 2034 up to 255 up to 30-50 18

  19. Confirmed : ISPs do not support poisoning > 255 ASes slowly decrease Number of in frequency 50x drop observed 99.99% BGP in frequency messages 1 10 100 1000 30 255 Number of ASes seen in a BGP message 19 19

  20. Confirmed : ISPs do not support poisoning > 255 ASes slowly decrease Number of in frequency Poisoning > 1,000 ASes is nearly impossible 50x drop observed 99.99% BGP in frequency => Detour path isolation is infeasible messages => Detour-learning attack is almost always possible 1 10 100 1000 30 255 Number of ASes seen in a BGP message 20 20

  21. Our contributions Adaptive detour-learning attack against rerouting solutions Practical challenge of mitigating adaptive detour-learning attack Future directions for transit-link DDoS defenses 21

  22. Desired defense property: destination-controlled routing Clean-slate Internet ? Hacking BGP architecture e.g., Routing Around e.g., explicit BGP rerouting e.g., STRIDE, SIBRA Congestion for critical flows under emergency ✕ Too costly to deploy ✕ Does not work 22

  23. Two Lessons Learned 23

  24. Lesson 1 Hacking the current Internet routing is a flawed idea! 24

  25. ü Adaptive attacks are possible ü Mitigation is hard ü Adaptive defense is slower than adaptive attacker (more in the paper) 25

  26. Lesson 2 Analysis of protocol specifications alone is insufficient ! 26

  27. Specification Implementation Configuration 27

  28. Conclusion • Detour-learning attacks are effective and hard to mitigate ü Transit-link DDoS attacks still remain an open problem • Suggestion on research direction ü Balance destination-controlled routing and deployability • 2 lessons learned: ü Hacking BGP for rerouting is a flawed idea ü Analysis with specification only can be dangerous 28

  29. Question? Muoi Tran muoitran@comp.nus.edu.sg

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Co Cont ntrib ributing uting to to the the ac access essibi ibility lity of of qua

Co Cont ntrib ributing uting to to the the ac access essibi ibility lity of of qua

Co Cont ntrib ributing uting to to the the ac access essibi ibility lity of of qua uantitative titative sk skil ills ls The efforts of COMPASS since 2004 Martin von Randow Data Manager/Analyst Ov Overview iew Reporting on

516 views • 19 slides
ELECT CTROTHE OTHERM RM CORP RPORA RATE E SOCIAL L RE RESPOSIBILI IBILITY TY We e

ELECT CTROTHE OTHERM RM CORP RPORA RATE E SOCIAL L RE RESPOSIBILI IBILITY TY We e

ELECT CTROTHE OTHERM RM CORP RPORA RATE E SOCIAL L RE RESPOSIBILI IBILITY TY We e Rise se By y Lifting ting Ot Other ers . Our Purpose se is is to to im improve ve th the qual alit ity y of li life of th the comm

670 views • 38 slides
Access(ibility) is What We Do Practical Strategies for Taking Charge of Accessibility Jennie

Access(ibility) is What We Do Practical Strategies for Taking Charge of Accessibility Jennie

Access(ibility) is What We Do Practical Strategies for Taking Charge of Accessibility Jennie Archer & Ginny Connell Carl B. Ylvisaker Library Concordia College, Moorhead MN Slides Welcome Jennie Archer Ginny Connell First-Year

624 views • 40 slides
SREFLEX: S AXS REF inement through FLEX ibility Alejandro Panjkovich EMBL Hamburg 20.10.2016 A.

SREFLEX: S AXS REF inement through FLEX ibility Alejandro Panjkovich EMBL Hamburg 20.10.2016 A.

SREFLEX: S AXS REF inement through FLEX ibility Alejandro Panjkovich EMBL Hamburg 20.10.2016 A. Panjkovich (EMBL) SAXS + NMA 20.10.2016 1 / 27 Outline Motivation for flexible refinement SREFLEX method Example from user Running the

282 views • 27 slides
Iron-based superconductors La[O 1 - x F x ]FeAs Kamihara et al. [2008] 1

Iron-based superconductors La[O 1 - x F x ]FeAs Kamihara et al. [2008] 1

14 th Young Researchers Conference Materials Science and Engineering Hyperfine interactions in superconducting KFe 2 Se 2 I. Madjarevic a , V. Koteski a , V. Ivanovski a , C. Petrovic b a Laboratory of Nuclear and Plasma Physics, University

853 views • 14 slides
ST ANTHONY PARISH All Are Welcome! WEEKDA KDAY L Y LIT ITUR URGI GIES S Please pick them

ST ANTHONY PARISH All Are Welcome! WEEKDA KDAY L Y LIT ITUR URGI GIES S Please pick them

THE HE FEAS EAST OF OF THE HE PR PRES ESENT ENTATION TION O OF F THE THE LORD ORD FEBRUARY 02, 2020 THE PIZZAS ARE FRESH & READY FOR WEEKE KEND L D LIT ITUR URGI GIES PICKUP THIS WEEKEND! Winter Mass Schedule The youth

153 views • 4 slides
Corporate Presentation Our Concept www.nss.gr 2 01 Founded by y Engineers 01 02 02 Valu

Corporate Presentation Our Concept www.nss.gr 2 01 Founded by y Engineers 01 02 02 Valu

TM Corporate Presentation Our Concept www.nss.gr 2 01 Founded by y Engineers 01 02 02 Valu lues (F (Fle lexib ibility, Tru rust, Effe ffectiveness) 03 Solu lutions Orie riented 06 03 04 Valu lue Added Dis istrib ibutor

527 views • 27 slides
All T hing s E xo tic !! Clinic a l Dia g nosis of Me nta l Disorde rs Disc e rning Outside

All T hing s E xo tic !! Clinic a l Dia g nosis of Me nta l Disorde rs Disc e rning Outside

1 2 All T hing s E xo tic !! Clinic a l Dia g nosis of Me nta l Disorde rs Disc e rning Outside Dia g no sis(e s) Unde r vs. Artic le 7 E lig ib ility Artic le 7 Spe c ia l E duc a tion E lig ibility: De te r mining e ligibility

270 views • 5 slides
Electronic Visit Verification File Specification: Visit Interface Electronic Visit Verification

Electronic Visit Verification File Specification: Visit Interface Electronic Visit Verification

Electronic Visit Verification File Specification: Visit Interface Electronic Visit Verification Project February 26, 2020 Welcome HMOs, MCOs, IRIS FEAs Sandata team (EVV vendor) Wisconsin Department of Health Services team

941 views • 47 slides
Crystal lattice 1 CeCu 2 Si 2 NaCl SmRu 14 P 12 periodic array of atoms complex

Crystal lattice 1 CeCu 2 Si 2 NaCl SmRu 14 P 12 periodic array of atoms complex

Crystal lattice 1 CeCu 2 Si 2 NaCl SmRu 14 P 12 periodic array of atoms complex sub-structures (Ba,K)FeAs K-(BEDT-TTF) 2 Cu[N(CN) 2 ]Br x Cl 1-x Crystal lattice 2 unit cell Wigner-Seitz cell lattice vectors primitive lattice vectors

637 views • 4 slides
Surveillance Defense Small Easy Steps for Security and Privacy Pete Snyder psnyde2@uic.edu -

Surveillance Defense Small Easy Steps for Security and Privacy Pete Snyder psnyde2@uic.edu -

Surveillance Defense Small Easy Steps for Security and Privacy Pete Snyder psnyde2@uic.edu - peteresnyder.com Surveillance Defense 1. Good Practices 2. System / PC Security 3. Mobile Security 4. Browser Security 5. Secure Networking Tools

443 views • 27 slides
CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CSE 544 Advanced Systems Security Trent Jaeger Systems and

651 views • 28 slides
Outline Return address protections CSci 5271 Introduction to Computer Security Announcements

Outline Return address protections CSci 5271 Introduction to Computer Security Announcements

Outline Return address protections CSci 5271 Introduction to Computer Security Announcements intermission Day 5: Low-level defenses and counterattacks ASLR and counterattacks Stephen McCamant University of Minnesota, Computer Science &

269 views • 5 slides
Defending against malicious peripherals with Cinch Presented by Avesta Hojjati CS598 Computer

Defending against malicious peripherals with Cinch Presented by Avesta Hojjati CS598 Computer

Defending against malicious peripherals with Cinch Presented by Avesta Hojjati CS598 Computer Security in the Physical World University of Illinois Based on slides by Sebastian Angel Citation S. Angel,R. Wahby, M. Howald, J. Leners, M.

650 views • 43 slides
Tor: Anonymous Communications for the US Dept of Defense ... and you. Roger Dingledine The Free

Tor: Anonymous Communications for the US Dept of Defense ... and you. Roger Dingledine The Free

Tor: Anonymous Communications for the US Dept of Defense ... and you. Roger Dingledine The Free Haven Project http://tor.eff.org/ 1 Tor: Big Picture Freely available (Open Source), unencumbered. Comes with a spec and full

1k views • 54 slides
Attacking the stack (continued) hic 1 1 Firefox bugs this morning hic 2 Last week

Attacking the stack (continued) hic 1 1 Firefox bugs this morning hic 2 Last week

Attacking the stack (continued) hic 1 1 Firefox bugs this morning hic 2 Last week Using buffer overruns or format string attacks to read out or corrupt the stack, esp. the control data on the stack: frame pointers and return

647 views • 42 slides
Efficient and Accurate Estimation of Lipschitz Constants for Deep Neural Networks Mahyar Fazlyab,

Efficient and Accurate Estimation of Lipschitz Constants for Deep Neural Networks Mahyar Fazlyab,

Efficient and Accurate Estimation of Lipschitz Constants for Deep Neural Networks Mahyar Fazlyab, Alexander Robey Hamed Hassani, Manfred Morari, George J. Pappas NeurIPS 2019 Lipschitz Constant of Neural Networks Definition: the smallest L

521 views • 8 slides
Gradient Masking in Machine Learning Nicolas Papernot Pennsylvania State University ARO

Gradient Masking in Machine Learning Nicolas Papernot Pennsylvania State University ARO

@NicolasPapernot Gradient Masking in Machine Learning Nicolas Papernot Pennsylvania State University ARO Workshop on Adversarial Machine Learning, Stanford September 2017 @NicolasPapernot Thank you to our collaborators Sandy Huang

432 views • 32 slides
InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy Mengjia Yan, Jiho Choi,

InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy Mengjia Yan, Jiho Choi,

InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy Mengjia Yan, Jiho Choi, Dimitrios Skarlatos, Adam Morrison, Christopher W. Fletcher, and Josep Torrellas University of Illinois at Urbana-Champaign Tel Aviv

559 views • 22 slides
Effective Layering of Defenses Nathaniel Boggs, Salvatore J. Stolfo Columbia University

Effective Layering of Defenses Nathaniel Boggs, Salvatore J. Stolfo Columbia University

ALDR: A New Metric for Measuring Effective Layering of Defenses Nathaniel Boggs, Salvatore J. Stolfo Columbia University 12/6/2011 Layered Assurance Workshop 1 Motivation Buy security product X? Am I secure? 12/6/2011 Layered

630 views • 18 slides
CSC 4992 Cyber Security Prac1ce Fengwei Zhang Wayne State University CSC 4992 Cyber Security

CSC 4992 Cyber Security Prac1ce Fengwei Zhang Wayne State University CSC 4992 Cyber Security

CSC 4992 Cyber Security Prac1ce Fengwei Zhang Wayne State University CSC 4992 Cyber Security Prac1ce 1 Who Am I? Fengwei Zhang Assistant Professor of Computer Science Office: Maccabees Building, Room 14109.3 Emai: fengwei at

616 views • 19 slides
Jonathan Sacks Executive Director Wayne County Criminal Advocacy Program September 2015

Jonathan Sacks Executive Director Wayne County Criminal Advocacy Program September 2015

Jonathan Sacks Executive Director Wayne County Criminal Advocacy Program September 2015 Background Counties Studied: Alpena, Bay, Chippewa, Grand Traverse, Jackson, Marquette, Oakland, Ottawa, Shiawassee and Wayne In the year-long study of

406 views • 40 slides
Forwarding-Loop Attacks in Content Delivery Networks Jianjun Chen , Jian Jiang, Xiaofeng Zheng,

Forwarding-Loop Attacks in Content Delivery Networks Jianjun Chen , Jian Jiang, Xiaofeng Zheng,

Forwarding-Loop Attacks in Content Delivery Networks Jianjun Chen , Jian Jiang, Xiaofeng Zheng, Haixin Duan, Jinjin Liang, Kang Li, Tao Wan, Vern Paxson 1 Content Delivery Networks CDN is now an important Internet infrastructure, it is a

381 views • 22 slides
SoK: The Evolution of Sybil Defense via Social Networks Alessandro Epasto 1 joint work with L.

SoK: The Evolution of Sybil Defense via Social Networks Alessandro Epasto 1 joint work with L.

IEEE Symposium on Security & Privacy SAN FRANCISCO 21 ST MAY 2013 SoK: The Evolution of Sybil Defense via Social Networks Alessandro Epasto 1 joint work with L. Alvisi 2 , A. Clement 3 , S. Lattanzi 4 , A. Panconesi 1 Sapienza U.

855 views • 41 slides

More recommend