Countering Large-Scale Internet Pollution and Poisoning

1
Countering Large-Scale Internet Pollution and
Poisoning

• Aleksandar Kuzmanovic
• Northwestern University

http//www.cs.northwestern.edu/akuzma/
2
Problem and Approach (general)

• Denial of service (DoS) attacks in the Internet
• Serious problem
• Becoming more and more sophisticated
• Approach I
• Search for new classes of DoS attacks and system
  vulnerabilities
• It is interesting it makes sense it is
  relevant
• Approach II
• Exploit asymmetric costs
• Small efforts by defenders will require attackers
  to multiply the amount of resources (e.g.,
  bandwidth, time, precision)
• Raise the bar high enough to make the attacks
  hard (vs. impossible) to conduct

3
Pollution in P2P File Sharing Systems

• Music industry vs. p2p networks
• Our work
• Denial-of-Service Resilience in Peer-to-Peer File
  Sharing Systems
• In Proceedings of ACM SIGMETRICS 2005.
• Insight
• Despite highly replicated content and a
  decentralized system design, pollution attacks
  can be highly effective
• Is it feasible to conduct similar type of attacks
  in the Internet at a large scale?

4
Large-Scale TCP Poisoning Attacks

• Attack scenario
• Sniff and shoot
• Extremely easy to desynchronize TCP endpoints
• a single packet needed (e.g., low rate attacks)

5
(No Transcript)
6
(No Transcript)
7
(No Transcript)
8
Large-Scale TCP Poisoning Attacks (II)

• Our Approach
• No explicit security association between
  endpoints
• Protocol design
• Raise the bar high enough to exploit asymmetric
  costs
• Solution-specific details
• Deferred protocol reaction
• Forward hashing
• Self-clocking correlation method
• Kernel-level implementation in FreeBSD

9
Pollution Attacks against Internet Caches

• Fact
• Majority of requests for Web, p2p, and DNS are
  served from caches

10
Pollution Attack Scenarios (I)
Attacking a web cache
Attacking an ISP cache
11
Pollution Attack Scenarios (II)
?
?
?
?
?
?
?
?
Pollution attack against a local DNS server
12
Pollution Attack Classes (I)
Before attack
After attack
New unpopular files
Popular files
....
....
....
....
Cache
Cache
Locality-disruption attacks
13
Pollution Attack Classes (II)
Before attack
After attack
Bogus popular files
Popular files
....
....
....
....
Cache
Cache
False locality attacks
14
Our Solution

• Design goals
• High accuracy and scalability
• Approach
• Streaming computation techniques, i.e., Bloom
  filters
• Squid-based implementation

AE
Spawn
Spawn
Squid
File
Auxiliary part of
Detection Module
AE
Signal
AEI
Daemon
Signal
A pair of pipes
Triggered
Module
Detection Module
File
(Main part)
15
Summary

• Actively searching (and developing solutions) for
  new types of DoS attacks
• Pollution and poisoning
• P2p networks, TCP, Internet caches
• Solutions
• Exploit asymmetric costs between defenders and
  attackers
• Prototype implementations