on t on the f he feas easibilit ibility o y of re
play

On t On the F he Feas easibilit ibility o y of Re - PowerPoint PPT Presentation

Oct 08, 2022 •242 likes •548 views

On t On the F he Feas easibilit ibility o y of Re Rerouting-bas based D d DDoS D S Defens nses Mu Muoi Tran , Min Suk Kang, Hsu-Chun Hsiao, Wei-Hsuan Chiang, Shu-Po Tung, Yu-Su Wang May 2019 | San Francisco, CA Transit-link DDoS

  1. On t On the F he Feas easibilit ibility o y of Re Rerouting-bas based D d DDoS D S Defens nses Mu Muoi Tran , Min Suk Kang, Hsu-Chun Hsiao, Wei-Hsuan Chiang, Shu-Po Tung, Yu-Su Wang May 2019 | San Francisco, CA

  2. Transit-link DDoS attack: a powerful type of volumetric DDoS attack (distributed denial of service) Traditional: volumetric attack traffic targeting end servers Non-traditional: volumetric attack traffic targeting transit links k n Academic studies : i l t i s n a AS r t Coremelt attack (ESORICS ‘09) AS AS Crossfire attack AS (S&P ‘13) Real incidents : 2015 2013 2

  3. Handling transit-link DDoS attack is challenging Indistinguishable low-rate traffic AS AS AS AS AS Victims are AS indirectly affected AS AS Destination Source 3

  4. Transit-link DDoS attacks still remain an open problem Partial solutions RADAR CoDef defense (Zheng et al. ) (Lee et al. ) SPIFFY NetHide Crossfire attack LinkScope (Kang et al. ) (Meier et al .) (Kang et al. ) (Xue et al. ) 2016 2009 2018 2013 2014 Routing Around Congestion Not available in the Coremelt attack (Studer et al. ) current Internet (Smith et al. S&P’18) “Readily deployable solution" SIBRA STRIDE (Basescu et al. ) (Hsiao et al. ) 4

  5. Background: How BGP routing works? Border Gateway Protocol (BGP) No control over traffic path by design Traffic path AS Z AS Y AS C AS D AS X Destination Source Loop-free AS-path {D} { Z, D} { Y, Z, D} { X, Y, Z, D} BGP propagation Traffic forwarding 5

  6. Routing Around Congestion (RAC) : Rerouting using BGP poisoning [Smith et al ., S&P ’18] Loop detected! x Goal : reroute to avoid AS W AS W Original path AS C AS X AS Z AS D Critical source AS Y Victim destination Detour path {D, W , D} BGP poisoning message 6

  7. Routing Around Congestion (RAC) : Rerouting using BGP poisoning [Smith et al ., S&P ’18] AS collaboration is not needed! AS W Original path AS C AS X AS Z AS D Critical source AS Y Victim destination Switch to Detour path {D, W , D} detour path BGP poisoning message 7

  8. Will RAC defense still work against adaptive attackers ? 8

  9. Our contributions Adaptive detour-learning attack against rerouting solutions Practical challenge of mitigating adaptive detour-learning attack Future directions for transit-link DDoS defenses 9

  10. Adaptive detour-learning attack: Threat model Goals: (1) To detect rerouting in real-time (2) To learn new detour path accurately (3) To congest new detour path (see the paper) Capabilities: - Same botnets used in transit-link DDoS attack 10

  11. Adaptive detour-learning attack: (1) how to detect rerouting in real-time AS I traceroute AS W Original path Adaptive adversary AS C AS X AS Z AS D Critical source AS Y Victim destination 11

  12. Adaptive detour-learning attack: (1) how to detect rerouting in real-time Rerouting is detected ! AS I traceroute AS W Adaptive adversary AS C AS X AS Z AS D Critical source AS Y Victim destination Detour path 12

  13. Adaptive detour-learning attack: (2) how to learn detour path accurately Challenge : Which is more AS H accurate route measurement (3) congest detour path of actual detour path? (see the paper) AS G AS I closer AS Detour path (e.g., shorter AS-path) AS D AS X AS C AS Y Solution : Prioritize Critical source Victim destination measurement from bot AS E AS J closer to traffic source 13

  14. Adaptive detour-learning attack: (2) how to learn detour path accurately Challenge : Which is more AS H accurate route measurement (3) congest detour path of actual detour path? (see the paper) AS G AS I Results: 94% of learned detour paths are correct closer AS Detour path (e.g., shorter AS-path) AS D AS X AS C AS Y Solution : Prioritize Critical source Victim destination measurement from bot AS E AS J closer to traffic source 14

  15. Our contributions Adaptive detour-learning attack against rerouting solutions Practical challenge of mitigating adaptive detour-learning attack Future directions for transit-link DDoS defenses 15

  16. How to defend against detour-learning attack? Detour Detour path must be AS I learned! isolated! AS W AS C AS X AS Z AS D Critical source AS Y Victim destination Exclusively used AS J for critical flows How to isolate? Poison all peers of ASes on detour path! 16

  17. Detour path isolation => poisoning too many ASes 1 1 Tier-1 or large Tier-2 Thousands 0.8 0.8 on the detour paths ASes should 0.6 0.6 (more in the paper) be poisoned CDF 0.4 0.4 But why ? 0.2 0.2 0 0 100 1000 10000 2 3 4 Number of ASes that should be poisoned 17

  18. Can we poison that many ASes? 1 1 Specification 0.8 0.8 0.6 0.6 0.4 CDF 0.4 0.2 0.2 Implementation 0 0 2 3 2034 4 100 1000 10000 255 Number of ASes that should be poisoned Specification Implementation Configuration up to 2034 up to 255 up to 30-50 18

  19. Confirmed : ISPs do not support poisoning > 255 ASes slowly decrease Number of in frequency 50x drop observed 99.99% BGP in frequency messages 1 10 100 1000 30 255 Number of ASes seen in a BGP message 19 19

  20. Confirmed : ISPs do not support poisoning > 255 ASes slowly decrease Number of in frequency Poisoning > 1,000 ASes is nearly impossible 50x drop observed 99.99% BGP in frequency => Detour path isolation is infeasible messages => Detour-learning attack is almost always possible 1 10 100 1000 30 255 Number of ASes seen in a BGP message 20 20

  21. Our contributions Adaptive detour-learning attack against rerouting solutions Practical challenge of mitigating adaptive detour-learning attack Future directions for transit-link DDoS defenses 21

  22. Desired defense property: destination-controlled routing Clean-slate Internet ? Hacking BGP architecture e.g., Routing Around e.g., explicit BGP rerouting e.g., STRIDE, SIBRA Congestion for critical flows under emergency ✕ Too costly to deploy ✕ Does not work 22

  23. Two Lessons Learned 23

  24. Lesson 1 Hacking the current Internet routing is a flawed idea! 24

  25. ü Adaptive attacks are possible ü Mitigation is hard ü Adaptive defense is slower than adaptive attacker (more in the paper) 25

  26. Lesson 2 Analysis of protocol specifications alone is insufficient ! 26

  27. Specification Implementation Configuration 27

  28. Conclusion • Detour-learning attacks are effective and hard to mitigate ü Transit-link DDoS attacks still remain an open problem • Suggestion on research direction ü Balance destination-controlled routing and deployability • 2 lessons learned: ü Hacking BGP for rerouting is a flawed idea ü Analysis with specification only can be dangerous 28

  29. Question? Muoi Tran muoitran@comp.nus.edu.sg

Recommend

Co Cont ntrib ributing uting to to the the ac access essibi ibility lity of of qua

Co Cont ntrib ributing uting to to the the ac access essibi ibility lity of of qua

Co Cont ntrib ributing uting to to the the ac access essibi ibility lity of of qua uantitative titative sk skil ills ls The efforts of COMPASS since 2004 Martin von Randow Data Manager/Analyst Ov Overview iew Reporting on

516 views • 19 slides
ELECT CTROTHE OTHERM RM CORP RPORA RATE E SOCIAL L RE RESPOSIBILI IBILITY TY We e

ELECT CTROTHE OTHERM RM CORP RPORA RATE E SOCIAL L RE RESPOSIBILI IBILITY TY We e

ELECT CTROTHE OTHERM RM CORP RPORA RATE E SOCIAL L RE RESPOSIBILI IBILITY TY We e Rise se By y Lifting ting Ot Other ers . Our Purpose se is is to to im improve ve th the qual alit ity y of li life of th the comm

670 views • 38 slides
Access(ibility) is What We Do Practical Strategies for Taking Charge of Accessibility Jennie

Access(ibility) is What We Do Practical Strategies for Taking Charge of Accessibility Jennie

Access(ibility) is What We Do Practical Strategies for Taking Charge of Accessibility Jennie Archer & Ginny Connell Carl B. Ylvisaker Library Concordia College, Moorhead MN Slides Welcome Jennie Archer Ginny Connell First-Year

624 views • 40 slides
SREFLEX: S AXS REF inement through FLEX ibility Alejandro Panjkovich EMBL Hamburg 20.10.2016 A.

SREFLEX: S AXS REF inement through FLEX ibility Alejandro Panjkovich EMBL Hamburg 20.10.2016 A.

SREFLEX: S AXS REF inement through FLEX ibility Alejandro Panjkovich EMBL Hamburg 20.10.2016 A. Panjkovich (EMBL) SAXS + NMA 20.10.2016 1 / 27 Outline Motivation for flexible refinement SREFLEX method Example from user Running the

282 views • 27 slides
Iron-based superconductors La[O 1 - x F x ]FeAs Kamihara et al. [2008] 1

Iron-based superconductors La[O 1 - x F x ]FeAs Kamihara et al. [2008] 1

14 th Young Researchers Conference Materials Science and Engineering Hyperfine interactions in superconducting KFe 2 Se 2 I. Madjarevic a , V. Koteski a , V. Ivanovski a , C. Petrovic b a Laboratory of Nuclear and Plasma Physics, University

853 views • 14 slides
ST ANTHONY PARISH All Are Welcome! WEEKDA KDAY L Y LIT ITUR URGI GIES S Please pick them

ST ANTHONY PARISH All Are Welcome! WEEKDA KDAY L Y LIT ITUR URGI GIES S Please pick them

THE HE FEAS EAST OF OF THE HE PR PRES ESENT ENTATION TION O OF F THE THE LORD ORD FEBRUARY 02, 2020 THE PIZZAS ARE FRESH & READY FOR WEEKE KEND L D LIT ITUR URGI GIES PICKUP THIS WEEKEND! Winter Mass Schedule The youth

153 views • 4 slides
Corporate Presentation Our Concept www.nss.gr 2 01 Founded by y Engineers 01 02 02 Valu

Corporate Presentation Our Concept www.nss.gr 2 01 Founded by y Engineers 01 02 02 Valu

TM Corporate Presentation Our Concept www.nss.gr 2 01 Founded by y Engineers 01 02 02 Valu lues (F (Fle lexib ibility, Tru rust, Effe ffectiveness) 03 Solu lutions Orie riented 06 03 04 Valu lue Added Dis istrib ibutor

527 views • 27 slides
All T hing s E xo tic !! Clinic a l Dia g nosis of Me nta l Disorde rs Disc e rning Outside

All T hing s E xo tic !! Clinic a l Dia g nosis of Me nta l Disorde rs Disc e rning Outside

1 2 All T hing s E xo tic !! Clinic a l Dia g nosis of Me nta l Disorde rs Disc e rning Outside Dia g no sis(e s) Unde r vs. Artic le 7 E lig ib ility Artic le 7 Spe c ia l E duc a tion E lig ibility: De te r mining e ligibility

270 views • 5 slides
Electronic Visit Verification File Specification: Visit Interface Electronic Visit Verification

Electronic Visit Verification File Specification: Visit Interface Electronic Visit Verification

Electronic Visit Verification File Specification: Visit Interface Electronic Visit Verification Project February 26, 2020 Welcome HMOs, MCOs, IRIS FEAs Sandata team (EVV vendor) Wisconsin Department of Health Services team

941 views • 47 slides
Crystal lattice 1 CeCu 2 Si 2 NaCl SmRu 14 P 12 periodic array of atoms complex

Crystal lattice 1 CeCu 2 Si 2 NaCl SmRu 14 P 12 periodic array of atoms complex

Crystal lattice 1 CeCu 2 Si 2 NaCl SmRu 14 P 12 periodic array of atoms complex sub-structures (Ba,K)FeAs K-(BEDT-TTF) 2 Cu[N(CN) 2 ]Br x Cl 1-x Crystal lattice 2 unit cell Wigner-Seitz cell lattice vectors primitive lattice vectors

637 views • 4 slides

More recommend