tiered incentives for integrity based queuing fariba khan, carl a. gunter university of illinois at...
TRANSCRIPT
![Page 1: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/1.jpg)
Tiered Incentives for Integrity Based Queuing
Fariba Khan, Carl A. GunterUniversity of Illinois at Urbana-Champaign
![Page 2: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/2.jpg)
2
• Problem setting• Challenges and existing work• Infrastructures for IBQ• Queuing• Analytic and experimental results
Outline
![Page 3: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/3.jpg)
3
• Finding the source of an attack is difficult
• It is often difficult to detect an attack packet
Internet DDoS Attack
![Page 4: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/4.jpg)
4
Internet DDoS Attack
• Finding the source of an attack is difficult
• It is often difficult to detect an attack packet
• Legitimate client has to get through• Could we make it so that the
magnitude of the attack packet is less important
![Page 5: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/5.jpg)
5
Fair-queuing• Figure she is the good guy and
skip the long line?• No? Cannot tell if a packet is
from an Alice or Eve• May be give everybody
opportunity to send one packet
• No one gets to send a million
Head of line blocking
Eve 1
Eve 2
Alice 1
Eve 3
Alice 2
Eve 4
Alice 3
All Alice’s
All Eve’s
![Page 6: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/6.jpg)
6
Fair-queue: Head of Line Blocking
Alice 1
Alice 2
Alice 3
Alice 4
Alice 5
Alice 6
Alice 7
Eve
![Page 7: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/7.jpg)
7
Performance of Integrity Protection and Fairness
ns2 Simulation Setup: Depth 10, 1024 clients/flows, 10Mbps links, 102 attackers, 10 Mbps/attacker, Client bandwidth 0.01 Mbps
No attack, no defense
Attack, no defense
Attack, FQ,
no spoofing
Attack, FQ,
spoofing
Attack, FQ,
spoofing (20%)
0
20
40
60
80
100100
3.78
100
4.34
45
Client Packet Success (%)
![Page 8: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/8.jpg)
8
• Ingress Filtering: Neither a complete nor verifiable • IP of a filtered domain can be spoofed
– In the same domain– From an unfiltered domain
Source Address Validation
1 2 3 4 5 6 7 8
1,2
3,4 3,4
3,4
1-4
1-8 1-8 1-8 1-8
1-8
1 2
1-81-8
RFC 2827
![Page 9: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/9.jpg)
9
• Effectiveness of fair-queuing is dependent on accurate flow classification.
• Even with partial authentication legitimate flows can be spoofed by the spoofed origin flows.
• As the legitimate flows are choked, an ISP cannot see the benefit of deploying filtering or an advanced protocol.
Client: received level of service participation∝
Motivation
![Page 10: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/10.jpg)
10
Concept: Integrity Based Queuing (IBQ)
High
Integrit
y
• Highly effective queuing• Each flow gets its own bucket
Medium
Integrit
y
• Less effective service• Rate-limited flows• Shared buckets
Low
Integrit
y
• Generic service• Rate limited• Least priority
![Page 11: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/11.jpg)
11
Effort
Integrity
Defense
Service
Incentive
Cycle of Network Assurance
![Page 12: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/12.jpg)
12
• Integrity Levels• MAC• Queue
Design
![Page 13: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/13.jpg)
13
• Strict filtering vs Regular filtering: – The address range is divided in smaller subdomains – Spoofing is restricted within that subdomain only
• Example– In University of Illinois a host can spoof 511 neighboring
addresses within its /23 prefix– Spoofing index = 9 for University of Illinois or AS3
• Spoofing index table for all autonomous systems available for routers
Integrity Levels: Spoofing Index Table
BB05
![Page 14: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/14.jpg)
14
MAC
RFC4301, YPS03, YWA05, LLY08, GH09, YL09
![Page 15: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/15.jpg)
15
Queue
15
MAC verified?
N
Spoofing Index ?
Y
=0
>0
Per source high integrity queues
Per integrity-block queues
Low integrity queue
![Page 16: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/16.jpg)
16
• α >> s >> β• Spoofing index, i• Probability that A and B
are in the same domain, p = 1/232 – i
• Loss rate,
Analytic Results
![Page 17: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/17.jpg)
17
Experimental Results
• 2000 clients, 256 AS, 16-512 attackers• Client rate 64kbps, attacker 64 Mbps
Effort = Integrity level = Success
![Page 18: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/18.jpg)
Experimental Results – Example Traffic VoIP
18
• 2000 clients, 256 AS, 16-512 attackers
• Client rate 64kbps, attacker 64 Mbps
![Page 19: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/19.jpg)
19
Experimental Results: Two Attack Styles
0 5 10 15 20 25 300.0
0.2
0.4
0.6
0.8
1.0
FQ, lo integrityIBQ, hi integrity IBQ, mid integrity, si = 8, no of attacker increased
Attacker BW (Gbps)
Lo
ss
Ra
te
![Page 20: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/20.jpg)
20
• Thesis– Using IBQ gives legitimate users an avenue to
communicate with a server while the network is under attack. The service they get directly relates to the effort their ISP spent for integrity protection and validation thus incentivizing its investment.
• Future Work– Experiment with real DDoS attack data– Overhead Measurement– Use of IBQ for network assurance
Conclusion
![Page 21: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/21.jpg)
Thank You
Questions?
21
![Page 22: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/22.jpg)
22
![Page 23: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/23.jpg)
23
[0] Adaptive Selective Verification: An Efficient Adaptive Countermeasure to Thwart DoS Attacks. S. Khanna, S. S. Venkatesh, O. Fatemieh, F. Khan, and C. A. Gunter. (Submission) IEEE Transactions on Network (ToN).
[1] Attribute-Based Messaging: Access Control and Confidentiality. R. Bobba, O. Fatemieh, F. Khan, A. Khan, C. A. Gunter, H. Khurana, and M. Prabhakaran. (First three authors in alphabetic order)IN ACM Transactions on Information and System Security (TISSEC).
[2] Adaptive Selective Verification,Sanjeev Khanna, Santosh S. Venkatesh, Omid Fatemieh, Fariba Khan, and Carl A. Gunter,IEEE Conference on Computer Communications (INFOCOM '08), Phoenix, AZ, April 2008.
[3] Using Attribute-Based Access Control to Enable Attribute-Based Messaging,Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter, and Himanshu Khurana. (First three authors in alphabetic order) IEEE Annual Computer Security Applications Conference (ACSAC '06) , Miami, FL, December 2006.
[4] Using Attribute-Based Access Control to Enable Attribute-Based Messaging. Fariba KhanMaster's Thesis, University of Illinois, October 2006.
Other Work
![Page 24: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/24.jpg)
24
•1974: The Internet was designed with an openness
•1989: FQ->active research for congestion control ->RED
•1999: FQ-> again for congestion control -> 40Gbps•2005: FQ-> active research for DDoS defenses
Fairness
![Page 25: Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign](https://reader035.vdocuments.us/reader035/viewer/2022062722/56649f315503460f94c4be74/html5/thumbnails/25.jpg)
25
• 1024 hosts• 33 routers• 32 subdomains• Spoofing index: 8 (scaled
down for small topology)• Links
– 200 Mbps links, 10 ms delay
– 5% of channel for request (10 Mbps)
– Bottleneck 1Gbps– Comparative to 40-100
Gbps Internet links.
Related Work Analysis
• 10% hosts are attackers• Attack bandwidth 100-700
Mbps• 50B request from a client