a denial-of-service resistant dht christian scheideler technische universität münchen joint work...
DESCRIPTION
DoS-resistant Information System Problem: DNS-approach of full replication not feasible in large information systems Internet off-the-shelf serversTRANSCRIPT
![Page 1: A Denial-of-Service Resistant DHT Christian Scheideler Technische Universität München Joint work with Baruch Awerbuch, JHU](https://reader038.vdocuments.us/reader038/viewer/2022100505/5a4d1af27f8b9ab05997f017/html5/thumbnails/1.jpg)
A Denial-of-Service Resistant DHT
Christian ScheidelerTechnische Universität München
Joint work with Baruch Awerbuch, JHU
![Page 2: A Denial-of-Service Resistant DHT Christian Scheideler Technische Universität München Joint work with Baruch Awerbuch, JHU](https://reader038.vdocuments.us/reader038/viewer/2022100505/5a4d1af27f8b9ab05997f017/html5/thumbnails/2.jpg)
Motivation
On Feb 6, a major DoS attack was launchedagainst the root servers of the DNS system
Internet
d
dd
d
dd
![Page 3: A Denial-of-Service Resistant DHT Christian Scheideler Technische Universität München Joint work with Baruch Awerbuch, JHU](https://reader038.vdocuments.us/reader038/viewer/2022100505/5a4d1af27f8b9ab05997f017/html5/thumbnails/3.jpg)
DoS-resistant Information System
Problem: DNS-approach of full replication not feasible in large information systems
Internet
off-the-shelfservers
![Page 4: A Denial-of-Service Resistant DHT Christian Scheideler Technische Universität München Joint work with Baruch Awerbuch, JHU](https://reader038.vdocuments.us/reader038/viewer/2022100505/5a4d1af27f8b9ab05997f017/html5/thumbnails/4.jpg)
DoS-resistant Information System
Scalable information system: storage over-head limited to logarithmic factor
Internet
d
d
d
![Page 5: A Denial-of-Service Resistant DHT Christian Scheideler Technische Universität München Joint work with Baruch Awerbuch, JHU](https://reader038.vdocuments.us/reader038/viewer/2022100505/5a4d1af27f8b9ab05997f017/html5/thumbnails/5.jpg)
Fundamental Dilemma
• Scalability: minimize replication of information• Robustness: maximize resources needed by
attacker
Internet
d
d
d
![Page 6: A Denial-of-Service Resistant DHT Christian Scheideler Technische Universität München Joint work with Baruch Awerbuch, JHU](https://reader038.vdocuments.us/reader038/viewer/2022100505/5a4d1af27f8b9ab05997f017/html5/thumbnails/6.jpg)
Fundamental Dilemma
• Limitation to „legal“ attacks / information hiding• Information hiding difficult under insider attacks
Internet
d
d
d
![Page 7: A Denial-of-Service Resistant DHT Christian Scheideler Technische Universität München Joint work with Baruch Awerbuch, JHU](https://reader038.vdocuments.us/reader038/viewer/2022100505/5a4d1af27f8b9ab05997f017/html5/thumbnails/7.jpg)
DoS-resistent Information System
Past-Insider-Attack: Attacker knows every-thing about system till (unknown) time t0
Goal: scalable information system so that everything that was inserted or updated after t0 is safe (w.h.p.) against any past-insider DoS attack that can shut down any -fraction of the servers, for some >0, and create any legal set of requests
You are fired!
![Page 8: A Denial-of-Service Resistant DHT Christian Scheideler Technische Universität München Joint work with Baruch Awerbuch, JHU](https://reader038.vdocuments.us/reader038/viewer/2022100505/5a4d1af27f8b9ab05997f017/html5/thumbnails/8.jpg)
Past Insider DoS Attack
Dilemma:• Explicit data structure: problems with
consistency and robustness• Fixed hash function: consistency much
easier to maintain, but easy to attack• Random placement: difficult to attack, but
also difficult to search for data
Combine hashing with random placement!!
![Page 9: A Denial-of-Service Resistant DHT Christian Scheideler Technische Universität München Joint work with Baruch Awerbuch, JHU](https://reader038.vdocuments.us/reader038/viewer/2022100505/5a4d1af27f8b9ab05997f017/html5/thumbnails/9.jpg)
DoS-resistant DHT
Our solution is a DHT-based system on• n completely interconnected, reliable servers• with O(log n) data redundancy (coding)
Theorem: Under any -bounded past-insider attack (for some constant >0), our lookup protocol can serve any set of requests (one per server) in polylog time s.t. every request to a data item inserted or updated after t0 is served correctly, w.h.p.
![Page 10: A Denial-of-Service Resistant DHT Christian Scheideler Technische Universität München Joint work with Baruch Awerbuch, JHU](https://reader038.vdocuments.us/reader038/viewer/2022100505/5a4d1af27f8b9ab05997f017/html5/thumbnails/10.jpg)
Conclusion
Application: DoS-resistant platform for e-commerce or critical information services (Akamai)
Regular paper: DISC 2007.
Any questions?