mitigating attacks in unstructured multicast overlay
play

Mitigating Attacks in Unstructured Multicast Overlay Networks - PowerPoint PPT Presentation

Sep 09, 2023 •211 likes •781 views

Mitigating Attacks in Unstructured Multicast Overlay Networks Cristina Nita-Rotaru,Aaron Walters, David Zage Dependable and Secure Distributed Systems Lab ((DS) 2 ) Department of Computer Science and CERIAS Purdue University Dependable and

  1. Mitigating Attacks in Unstructured Multicast Overlay Networks Cristina Nita-Rotaru,Aaron Walters, David Zage Dependable and Secure Distributed Systems Lab ((DS) 2 ) Department of Computer Science and CERIAS Purdue University

  2. Dependable and Secure Distributed Systems Lab � Collaborative services for wireless mesh networks � Security of peer-to-peer multicast/streaming systems � Byzantine-resilient replication � Funding: NSF CyberTrust and DARPA Cristina Nita-Rotaru UC Irvine 2

  3. A Paradigm Shift � Web traffic was dominant in the previous decade � Explosion of p2p traffic, file sharing, Skype, streaming M. Meeker D. Joseph Web 2.0 2006 Some reports claim about 60% of Internet traffic is P2P Cristina Nita-Rotaru UC Irvine 3

  4. INTRODUCTION Overlay Networks � Enable file sharing and multicast applications Provide performance and reliability � Increased capacity : nodes provide storage space, • and computing power Increased performance : nodes dynamically • optimize application-centric metrics Increased reliability : more resilient dissemination, • data replicated over multiple peers, data lookup without relying on a centralized index server Cristina Nita-Rotaru UC Irvine 4

  5. INTRODUCTION Overlays Architectures � Structured overlay networks : • Neighbor set selection is constrained: a small subset of nodes meeting prescribed conditions are eligible to become neighbors � Unstructured overlay networks : • Neighbor set selection is not constrained: anybody can be a neighbor � Hybrid overlay networks : • Combines characteristics of both Cristina Nita-Rotaru UC Irvine 5

  6. INTRODUCTION Zooming on Overlay Multicast � Multicast tree(s) or a mesh that adapts to meet/improve application performance and resilience • structured overlays: Scribe, SplitStream • unstructured overlays: ESM, Nice, Overcast, ALMI, Chainsaw Example of a mesh overlay Cristina Nita-Rotaru UC Irvine 6

  7. INTRODUCTION Security and Overlay Networks � Deployment over public open networks Vulnerable to malicious attacks coming • from outside the overlay network Push trust to end-nodes: anybody can � be part of the overlay Vulnerable to malicious attacks coming • from inside the overlay network ( Byzantine attacks ): attacker can use the overlay to attack the Internet, or attack the overlay itself Cristina Nita-Rotaru UC Irvine 7

  8. INTRODUCTION In Summary … Security is critical for Explosion of p2p systems these systems Need to examine security of overlays and make them more resilient to attacks Cristina Nita-Rotaru UC Irvine 8

  9. INTRODUCTION Beyond Overlay Networks … Many distributed services Security threats are rely on adaptivity increasing as everything (for good reasons) is connected to Internet Need to make adaptation mechanisms more resilient to attacks Cristina Nita-Rotaru UC Irvine 9

  10. This Talk … � Presents Byzantine attacks against adaptation mechanisms in unstructured multicast overlays � Describes mechanisms to prevent incorrect adaptation decisions and limit the impact of the attack � Shows how to apply the proposed solution to other services such as Internet virtual coordinate systems Cristina Nita-Rotaru UC Irvine 10

  11. Outline � Introduction � System and attacker model � Attacks classification and demonstration QuickTime™ and a TIFF (Uncompressed) decompressor � Discuss solution space are needed to see this picture. Prevent poor adaptations • Isolating malicious nodes • � Virtual coordinate systems � Conclusion Cristina Nita-Rotaru UC Irvine 11

  12. Related Work � Adaptivity exploited by adversaries against TCP: [KK03], generalized in [GBM04,GBMZ05] � Solutions against malicious attacks or mis-configurations of BGP [ZPW+02] � Attacks against routing in structured overlay networks [CDGRW02,SNDW06] Attacks using p2p against Internet � [NR06], [DKM07], [STR07] Cristina Nita-Rotaru UC Irvine 12

  13. MODEL Unstructured Multicast Overlay � Mesh control plane � Tree-based multicast: adapts to maintain application specific performance � Each node maintains: Parent • Peer set: no constraint on • neighbor selection Routing table (children) • Cristina Nita-Rotaru UC Irvine 13

  14. MODEL Adaptation � Metrics are collected by nodes through Passive observation of their own performance • from the source Periodic probing of peer nodes about their • performance from the source � Metrics are used to compute a utility function � Based on the utility function, a node makes the decision to change its parent in the tree Accurate interpretation of performance observations and the correctness of the responses from probed nodes are critical! Cristina Nita-Rotaru UC Irvine 14

  15. MODEL Example: ESM Adaptation � Metrics considered: available bandwidth, latency, RTT and saturation degree Data quality: � Data sampling and smoothing are used to • address variations in the metrics Damping, randomization, hysteresis are used to • address instabilities in the observed data Decision quality: � Utility functions based on bandwidth, and/or • latency Cristina Nita-Rotaru UC Irvine 15

  16. MODEL Attacker Model � Attacker is one of the nodes in the overlay (he compromised one or several nodes, or infiltrated in the overlay) � Bounded percentage of malicious nodes f (0 ≤ f < 1) out of total N nodes � Attacker has access to all cryptographic keys stored on the compromised node. � Compromised nodes can lie about the observation space • (bandwidth, latency, degree) can impose an artificial influence toward • the observation space Cristina Nita-Rotaru UC Irvine 16

  17. Outline � Introduction. � System and attacker model � Attacks classification and demonstration � Discuss solution space Prevent poor adaptations • Isolating malicious nodes QuickTime™ and a • TIFF (Uncompressed) decompressor are needed to see this picture. � Virtual coordinate systems � Conclusion Cristina Nita-Rotaru UC Irvine 17

  18. Attacks Exploiting Adaptation � Classification of attacks based on their effect on the control of path: • Attraction attacks • Repulsion attacks • Disruption attacks � Used to facilitate further attacks: • Selective data forwarding • Traffic analysis • Overlay partitioning • and more …. Cristina Nita-Rotaru UC Irvine 18

  19. ATTACKS Attraction Attacks � The more children a node has or higher in the tree is, the higher the control of data traffic � Attacker goal : attract more nodes as children in the overlay structure � How does it work: a node makes things look better by lying about its reported metrics � Result: controlling significant traffic, further conduct traffic analysis or selective data forwarding Cristina Nita-Rotaru UC Irvine 19

  20. ATTACKS Repulsion Attacks � A node in the overlay may affect the perception of the performance from the source � Attacker goal : reduce the appealing of other nodes or its own � How does it work : a node lies in responses to probes • a node manipulates the physical or • logical infrastructure to create the perception of lower utility of other nodes � Result : freeloading, traffic pattern manipulation, augmenting attraction attacks, instability Cristina Nita-Rotaru UC Irvine 20

  21. ATTACKS Disruption Attacks � Frequent adaptations can create instability Attacker goal : exploit the adaptation to turn the system � against itself � How does it work: attacker injects data to influence the observation space metric data to generate a series of unnecessary adaptations, similar with TCP attack � Result : jitter, flapping, or partitioning the overlay Cristina Nita-Rotaru UC Irvine 21

  22. ATTACKS Experimental Setup � Using ESM � Planetlab and DETER � Deployments of 100 nodes � Experiment durations of 30 and 90 minutes. � Saturation degree of 4-6 nodes � Constant bit rate of 480 Kbps Cristina Nita-Rotaru UC Irvine 22

  23. ATTACKS Attraction Attacks 100 nodes, PlanetLab, 60 minutes, malicious nodes lie about bandwidth, latency, saturation Impact of % of malicious nodes Impact of 1 malicious node Selected Parent as parent Changes Lying 72 369 Not Lying 15 216 Lying increases the chance of a node being selected as parent almost 5 times Cristina Nita-Rotaru UC Irvine 23

  24. ATTRACTION ATTACKS Impact of Number of Adversaries 30% 10% 50% Nodes were randomly selected Tree is not resilient to malicious behavior, several malicious nodes can cause significant disturbance ! Cristina Nita-Rotaru UC Irvine 24

  25. ATTACKS Repulsion Attacks D exploits the physical topology to make C disconnect from the source C is now 3 hops away from the source Cristina Nita-Rotaru UC Irvine 25

  26. ATTACKS 26 UC Irvine Disruption Attacks System is destabilized Cristina Nita-Rotaru

  27. Outline � Introduction. � System and attacker model � Attacks classification and demonstration � Discuss solution space Prevent poor adaptations • Isolating malicious nodes QuickTime™ and a • TIFF (Uncompressed) decompressor are needed to see this picture. � Virtual coordinate systems � Conclusion Cristina Nita-Rotaru UC Irvine 27

  28. Solution Framework Primary source of information Secondary source of information Prevent bad adaptations Make decision to adapt Detection New parent Response Cristina Nita-Rotaru UC Irvine 28

Recommend

Eliminating Bottlenecks in Overlay Multicast Min Sik Kim Yi Li Simon S. Lam Department

Eliminating Bottlenecks in Overlay Multicast Min Sik Kim Yi Li Simon S. Lam Department

Eliminating Bottlenecks in Overlay Multicast Min Sik Kim Yi Li Simon S. Lam Department of Computer Sciences The University of Texas at Austin Overlay Multicast IP multicast overlay multicast N unicast Bottleneck How to

519 views • 18 slides
CompSci 356: Computer Network Architectures Lecture 24: Overlay Networks Chap 9.4 Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 24: Overlay Networks Chap 9.4 Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 24: Overlay Networks Chap 9.4 Xiaowei Yang xwy@cs.duke.edu Overview What is an overlay network? Examples of overlay networks End system multicast Unstructured Gnutella,

972 views • 61 slides
Enabling Conferencing Applications on the Internet using an Overlay Multicast Architecture

Enabling Conferencing Applications on the Internet using an Overlay Multicast Architecture

Enabling Conferencing Applications on the Internet using an Overlay Multicast Architecture Yang-hua Chu, Sanjay Rao, Srini Seshan and Hui Zhang Carnegie Mellon University Supporting Multicast on the Internet Application ? At which layer

666 views • 32 slides
Topology Management for Unstructured Jo ao Leit ao Introduction Overlay Networks Overview

Topology Management for Unstructured Jo ao Leit ao Introduction Overlay Networks Overview

Topology Management for Unstructured Overlay Networks Topology Management for Unstructured Jo ao Leit ao Introduction Overlay Networks Overview CellFarm X-BOT Jo ao Leit ao Thicket OpenFire Conclusions September 5 th ,

1.29k views • 101 slides
Implementation of Host-based Overlay Multicast in Support of Web Based Services for RT-DVS

Implementation of Host-based Overlay Multicast in Support of Web Based Services for RT-DVS

Implementation of Host-based Overlay Multicast in Support of Web Based Services for RT-DVS Dennis Moen, Mark Pullen &amp; Fei Zhao George Mason University {dmoen,mpullen,fzhao}@gmu.edu Network Service Requirements for Real Time Distributed

473 views • 15 slides
Chainsaw: Eliminating Trees From Overlay Multicast Vinay Pai Kapil Kumar Karthik Tamilmani

Chainsaw: Eliminating Trees From Overlay Multicast Vinay Pai Kapil Kumar Karthik Tamilmani

Chainsaw Problem Statement Chainsaw: Eliminating Trees From Overlay Multicast Vinay Pai Kapil Kumar Karthik Tamilmani Vinay Sambamurthy Alexander E. Mohr { vinay,kkumar,tamilman,vsmurthy,amohr } @cs.stonybrook.edu Department of Computer

660 views • 47 slides
B. Hull et al., Techniques for Mitigating Congestion in Sensor Network , Proceedings of 5.3.

B. Hull et al., Techniques for Mitigating Congestion in Sensor Network , Proceedings of 5.3.

Suggested presentation topics 1. Multicast Routing in Multi-hop Wireless Networks Sang Ho Bae; Sung- Ju Lee; Su, W.; Gerla, M., The design, implementation, and performance 1.1. evaluation of the on-demand multicast routing protocol in multihop

224 views • 3 slides
KRACKing WPA2 and Mitigating Future Attacks Mathy Vanhoef @vanhoefm CRYPTO Workshop on

KRACKing WPA2 and Mitigating Future Attacks Mathy Vanhoef @vanhoefm CRYPTO Workshop on

KRACKing WPA2 and Mitigating Future Attacks Mathy Vanhoef @vanhoefm CRYPTO Workshop on Attacks (WAC), Santa Barbara, 18 August 2018 Overview Key reinstalls in 4-way handshake Misconceptions Practical impact Channel validation 2

646 views • 51 slides
Structured Overlays: Eclipse Attacks on Overlay Networks April 28th, 2006 Wyman Park 4 th Floor

Structured Overlays: Eclipse Attacks on Overlay Networks April 28th, 2006 Wyman Park 4 th Floor

Structured Overlays: Eclipse Attacks on Overlay Networks April 28th, 2006 Wyman Park 4 th Floor Conference Room Presentation by: Dan Liu &amp; Jay Zarfoss 1 The idea of churn as shelter from route poisoning attacks is an interesting, if

874 views • 44 slides
Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches Menghao Zhang 1 , Guanyu

Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches Menghao Zhang 1 , Guanyu

Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches Menghao Zhang 1 , Guanyu Li 1 , Shicheng Wang 1 , Chang Liu 1 , Ang Chen 2 , Hongxin Hu 3 , Guofei Gu 4 , Qi Li 1 , Mingwei Xu 1 , Jianping Wu 1 1 4 2 3 DDoS Attacks are

480 views • 23 slides
Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar &amp; Dirk

Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar &amp; Dirk

Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar &amp; Dirk Gaastra Supervisor: Vincent Van Mieghem, Deloitte 3 July, 2018 MSc Security and Network Engineering University of Amsterdam Introduction I2P -

720 views • 37 slides
Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 ,

Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 ,

Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 , Pierre-Alain Fouque 2 , Brice Minaud 3 1 Direction Gnrale de lArmement - Matrise de lInformation 2 Universit de Rennes 1 3 INRIA &amp;

836 views • 45 slides
Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance

Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance

Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance Vector Multicast Routing Protocol (DVMRP) Last Modified: Core Based Trees (CBT) Protocol Independent Multicast (PIM) 4/9/2003 1:15:00 PM

619 views • 12 slides
L2 Overlay L2 Overlay

L2 Overlay L2 Overlay

L2 Overlay L2 Overlay July 30, 2019 A. Gerrard, What Is Kubernetes?

536 views • 24 slides
Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network

Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network

Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network Coding Based Systems Vahid N. Talooki, University of Aveiro, Portugal Network Coding (NC) allows intermediate nodes not only to store and forward

307 views • 4 slides
Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks Bolun Wang*,

Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks Bolun Wang*,

Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks Bolun Wang*, Yuanshun Yao, Shawn Shan, Huiying Li, Bimal Viswanath , Haitao Zheng, Ben Y. Zhao University of Chicago, *UC Santa Barbara, Virginia Tech

770 views • 17 slides
IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to

IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to

IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to many propagation of data Uses of multicast Financial data IPTV Gaming T ypes of multicast Any-source multicast (ASM)

297 views • 17 slides
A Tough call : Mitigating Advanced Code-Reuse Attacks At The Binary Level Victor van der Veen,

A Tough call : Mitigating Advanced Code-Reuse Attacks At The Binary Level Victor van der Veen,

A Tough call : Mitigating Advanced Code-Reuse Attacks At The Binary Level Victor van der Veen, Enes Gkta (joint first author) (VU) Moritz Contag, Andre Pawlowski, Thorsten Holz (RUB) Xi Chen, Sanjay Rawat, Herbert Bos, Elias Athanasopoulos,

587 views • 26 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.2121 / Fall-2007 / RKa, NB Multicast2-1 Multicast in local area networks

489 views • 25 slides
Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks

Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks

Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks Aron Laszka 1 , 2 Benjamin Johnson 3 Jens Grossklags 1 1 Pennsylvania State University 2 Budapest University of Technology and Economics 3 University

867 views • 43 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.121 / Fall-04 / RKa, NB Multicast2-1 Multicast in local area networks

621 views • 24 slides
Mitigating IoT Device Based DDoS Attacks Using Blockchain Uzair Javaid, Ang Kiang Siang, Muhammad

Mitigating IoT Device Based DDoS Attacks Using Blockchain Uzair Javaid, Ang Kiang Siang, Muhammad

Mitigating IoT Device Based DDoS Attacks Using Blockchain Uzair Javaid, Ang Kiang Siang, Muhammad Naveed Aman, Biplab Sikdar by Uzair Javaid National University of Singapore, Singapore Cryblock , MobiSys 18, Munich, Germany Dated: June 15,

404 views • 15 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.121 / S-03 / RKa, NB Multicast2-1 Multicast in local area networks

529 views • 26 slides
Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode

Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode

Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode Source Tree, Shared Tree Reliable Multicast Polly Huang Whiteboard, File Transfer AT&amp;T Labs Research huang@catarina.usc.edu

510 views • 6 slides

More recommend