1 / 12

Denial-of-Service Flooding Detection in Anonymity Networks

MonAM 2007 LAAS-CNRS, Toulouse, France 5. November 2007. Denial-of-Service Flooding Detection in Anonymity Networks. Computer Networks & Communications Group Institute for IT-Security and Security Law University of Passau Germany. Jens Oberender Melanie Volkamer Hermann de Meer.

raina
Télécharger la présentation

Denial-of-Service Flooding Detection in Anonymity Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MonAM 2007 LAAS-CNRS, Toulouse, France 5. November 2007 Denial-of-Service Flooding Detectionin Anonymity Networks Computer Networks & Communications Group Institute for IT-Security and Security Law University of Passau Germany Jens Oberender Melanie VolkamerHermann de Meer Network of Excellence: Design and Engineering of the Future Generation Internet(IST-028022) Performance Measurement and Management for Two-Level Optimization of Networks and Peer-to-Peer Applications (GR/S69009/01)

  2. Attacks in Anonymity Networks • Chaum’s Mixer • A sender remains anonymous,if an adversary catches no evidence on sender identity • How to protect receivers from anonymous flooding attacks? • Enable traffic flow detection  DoS attack detection • Prevent anonymity breach  protect sender identity  Message Tagging DoS Flooding Detection in Anonymity Networks

  3. Linkability Continuum • Two messages are linkable by an adversary,if evidence on their relation can be provided. • Pseudonyms – Adversary links all messages  malicious profiling • Unobservability + Observer cannot link any messages together • Limited Linkability • Restricted number of linkable messages • Enables traffic flow clustering 1 # Messages per Profile  Limited None Lifelong Message Linkability DoS Flooding Detection in Anonymity Networks

  4. DoS Access Adversary Mitigation Control Access Anonymity Network Attacker Adversary Receiver Control Access Receiver Adversary Control Attacker Model Security Objectives • Limited linkability • Linkability resistant to malicious influence Assumptions • Anonymity Network unbroken • Access Control Entity trustedby sender & receivers • Privacy Adversary • Aim: disclose sender anonymity • Observe incoming tags • Collude with other DoS engines • Message Flooding Attacker • Aim: Denial-of-Service • Exhausts victim resources DoS Flooding Detection in Anonymity Networks

  5. Message tagging • Fast, local traffic flow cluster criteria • Hash from characteristic strings (key derivation function) • Values not comparable with fresh salt • Linkability control Tagproperties • Sender differentiate senders • Receiver disables cross-server profiling • Time Frame disables lifelong linkability DoS Flooding Detection in Anonymity Networks

  6. Internal vs. External Tags Anonymity Attack using external tags • Collude to learn anonymous paths Proposed internalMessage Tagging • Tags reside within encrypted channel DoS Flooding Detection in Anonymity Networks

  7. Clustering of Anonymous Traffic Flows • Anonymous Messages • Header data stripped off, application level analysis needed • Message tags enable flow clustering • Clusters of [ Sender,  ] at Engine • Detection frames cluster partial message flows • Arrival rate DoS Flooding Detection in Anonymity Networks

  8. Clustering of time-based Tags DoS Flooding Detection in Anonymity Networks

  9. Scalability Issues • Clock skew in distributed systems  misuse degrades linkability Access control entity • Counts messages per sender • Logarithm effects on tag • Traffic flow classification • Arrival rate per message tag •  Activity profiling DoS Flooding Detection in Anonymity Networks

  10. Sender Linkability • Scales with message volume • Depends on arrival rate towards each receiver • Message tags collisions  Flow splitting increases linkability • Incentive mechanism • Strategic players’ goal: maximize privacy • Inoffensive communication encouraged DoS Flooding Detection in Anonymity Networks

  11. Multiple sender identities • Equivalent to DDoS • No defense against attacks from different sender identities,but… • Example BotNets • Anonymity for attacker only • Proxy functionality • Yet these don’t spy SMTP authentication • Anonymity networks • No need to operate a BotNet • Anonymous attacks using real identity • Hard-to-detect without add-ons  Benefits the privacy of the broad public! DoS Flooding Detection in Anonymity Networks

  12. Conclusions • Partial traffic flows • Ability to detect Anonymous DoS Flooding Attacksstate-of-the-art techniques applicable • Sender Anonymity maintained • Sender Privacy • Defense of cross-server profiling • Restricted amount of message linkable • Arrival Rate  Linkability Jens Oberender <jens.oberender@uni-passau.de> DoS Flooding Detection in Anonymity Networks

More Related