Denial Of Service Flooding Detection In Anonymity Networks
•
2 likes•995 views
1. The document discusses detection of denial-of-service flooding attacks in anonymity networks. 2. It proposes using internal message tagging to differentiate senders, receivers, and time frames to cluster message flows without compromising anonymity. 3. The access control entity would count messages per tag to detect abnormal arrival rates indicating potential flooding attacks.
Recommended
Recommended
More Related Content
More from Jens Oberender
More from Jens Oberender (17)
Recently uploaded
Recently uploaded (20)
Denial Of Service Flooding Detection In Anonymity Networks
- 1. MonAM 2007 LAAS-CNRS, Toulouse, Toulouse France 5. November 2007 Denial-of-Service Flooding Detection g in Anonymity Networks Jens Oberender Computer Networks & Communications Group Melanie Volkamer Institute for IT-Security and Security Law Hermann de Meer University of Passau Germany y Network of Excellence: Design and Engineering of the Future Generation Internet ( (IST-028022) ) Performance Measurement and Management for Two-Level Optimization of Networks and Peer-to-Peer Applications (GR/S69009/01)
- 2. Attacks in Anonymity Networks Chaum’s Mixer A sender remains anonymous, if an adversary catches no evidence on sender identity d t h id d id tit Application Attacks Transport p Network Data Link DoS Sender G t Gateway Detection D t ti i Receiver R jens.oberen j Anonymity Network nder@uni-p How to protect receivers from anonymous flooding attacks? 1. Enable traffic flow detection DoS attack detection passau.de 1 2. Prevent anonymity breach protect sender identity Message Tagging g gg g 07.11.2007 DoS Flooding Detection in Anonymity Networks 2
- 3. Linkability Continuum Two messages are linkable by an adversary, if evidence on their relation can be provided. 1 ∞ # Messages per Profile None Limited Lifelong Message Linkability Pseudonyms – Adversary links all messages malicious profiling U b Unobservability bilit jens.oberen j + Observer cannot link any messages together Limited Linkability ed ab y nder@uni-p Restricted number of linkable messages Enables traffic flow clustering passau.de 07.11.2007 DoS Flooding Detection in Anonymity Networks 3
- 4. Attacker Model Assumptions Privacy Adversary Anonymity Network unbroken • Aim: disclose sender anonymity y y Access Control Entity trusted • Observe incoming tags by sender & receivers • Collude with other DoS engines Access DoS Adversary Control Mitigation Access j jens.oberen Attacker Anonymity Network Adversary Receiver Control Access Control Adversary Receiver nder@uni-p Message Flooding Attacker Security Objectives 1. Limited linkabilit linkability passau.de • Aim: Denial-of-Service • Exhausts victim resources 2. Linkability resistant to malicious influence 07.11.2007 DoS Flooding Detection in Anonymity Networks 4
- 5. Message tagging Fast, local traffic flow cluster criteria Hash from characteristic strings (key derivation function) Values not comparable with fresh salt Linkability control Tag properties Sender differentiate senders j jens.oberen nder@uni-p Receiver disables cross-server profiling passau.de Time Frame disables lifelong linkability 07.11.2007 DoS Flooding Detection in Anonymity Networks 5
- 6. Internal vs. External Tags Anonymity Attack using external tags Collude to learn anonymous paths Proposed internal Message Tagging j jens.oberen h(SenderX, Receiver, ) Tags reside within encrypted channel nder@uni-passau.de p 07.11.2007 DoS Flooding Detection in Anonymity Networks 6
- 7. Clustering of Anonymous Traffic Flows Anonymous Messages Header data stripped off, application level analysis needed Regular Use Message Tag e Flooding jens.oberen j t t t Time at Access Control Entity Message tags enable flow clustering nder@uni-p h(SenderX, Receiver, ) Clusters of [ Sender, , ] at Engine g passau.de Detection frames cluster partial message flows Arrival rate 07.11.2007 DoS Flooding Detection in Anonymity Networks 7
- 8. Clustering of time-based Tags j jens.oberender@uni-passau.de n p 07.11.2007 DoS Flooding Detection in Anonymity Networks 8
- 9. Scalability Issues Clock skew in distributed systems misuse degrades linkability Access control entity Counts messages jens.oberen j nt u essage Tag ... per sender co Logarithm oga nder@uni-p Me effects on tag passau.de Traffic flow classification Arrival rate per message tag Activity profiling 07.11.2007 DoS Flooding Detection in Anonymity Networks 9
- 10. Sender Linkability Scales with message volume Depends on arrival rate towards each receiver Message tags collisions Access Control Entity 1 Entity 2 DoS Offset Detection Flooding Time Flow splitting increases linkability jens.oberen j Incentive mechanism nder@uni-p Strategic players’ goal: maximize privacy Inoffensive communication encouraged passau.de 07.11.2007 DoS Flooding Detection in Anonymity Networks 10
- 11. Multiple sender identities Equivalent to DDoS No defense against attacks from different sender identities, but… b t Example BotNets p Anonymity for attacker only Proxy functionality Yet these d ’t spy SMTP authentication Y t th don’t th ti ti j jens.oberen Anonymity networks o y y e o s nder@uni-p No need to operate a BotNet Anonymous attacks using real identity Hard-to-detect without add-ons d d passau.de Benefits the privacy of the broad public! 07.11.2007 DoS Flooding Detection in Anonymity Networks 11
- 12. Conclusions Partial traffic flows Ability to detect Anonymous DoS Flooding Attacks state-of-the-art state of the art techniques applicable Sender Anonymity maintained Sender Privacy Defense of cross-server profiling Restricted amount of message linkable Arrival Rate Linkability jens.oberen j nder@uni-passau.de p Jens Oberender <jens.oberender@uni-passau.de> j @ 07.11.2007 DoS Flooding Detection in Anonymity Networks 12