A Denial-of-Service Resistant DHT

Christian ScheidelerTechnische Universität München

Joint work with Baruch Awerbuch, JHU

Motivation

On Feb 6, a major DoS attack was launchedagainst the root servers of the DNS system

Internet

d

dd

d

dd

DoS-resistant Information System

Problem: DNS-approach of full replication not feasible in large information systems

Internet

off-the-shelfservers

DoS-resistant Information System

Scalable information system: storage over-head limited to logarithmic factor

Internet

d

d

d

Fundamental Dilemma

• Scalability: minimize replication of information• Robustness: maximize resources needed by

attacker

Internet

d

d

d

Fundamental Dilemma

• Limitation to „legal“ attacks / information hiding• Information hiding difficult under insider attacks

Internet

d

d

d

DoS-resistent Information System

Past-Insider-Attack: Attacker knows every-thing about system till (unknown) time t0

Goal: scalable information system so that everything that was inserted or updated after t0 is safe (w.h.p.) against any past-insider DoS attack that can shut down any -fraction of the servers, for some >0, and create any legal set of requests

You are fired!

Past Insider DoS Attack

Dilemma:• Explicit data structure: problems with

consistency and robustness• Fixed hash function: consistency much

easier to maintain, but easy to attack• Random placement: difficult to attack, but

also difficult to search for data

Combine hashing with random placement!!

DoS-resistant DHT

Our solution is a DHT-based system on• n completely interconnected, reliable servers• with O(log n) data redundancy (coding)

Theorem: Under any -bounded past-insider attack (for some constant >0), our lookup protocol can serve any set of requests (one per server) in polylog time s.t. every request to a data item inserted or updated after t0 is served correctly, w.h.p.

Conclusion

Application: DoS-resistant platform for e-commerce or critical information services (Akamai)

Regular paper: DISC 2007.

Any questions?