Perimeter-based defense against high bandwidth DDoS attacks

Distributed denial of service (DDoS) is a major threat to the availability of Internet services. The anonymity allowed by IP networking, together with the distributed, large scale nature of the Internet, makes DDoS attacks stealthy and difficult to counter. To make the problem worse, attack traffic is often indistinguishable from normal traffic. As various attack tools become widely available and require minimum knowledge to operate, automated antiDDoS systems become increasingly important. Many current solutions are either excessively expensive or require universal deployment across many administrative domains. This paper proposes two perimeter-based defense mechanisms for Internet service providers (ISPs) to provide the antiDDoS service to their customers. These mechanisms rely completely on the edge routers to cooperatively identify the flooding sources and establish rate-limit filters to block the attack traffic. The system does not require any support from routers outside or inside of the ISP, which not only makes it locally deployable, but also avoids the stress on the ISP core routers. We also study a new problem of perimeter-based IP traceback and provide three solutions. We demonstrate analytically and by simulations that the proposed defense mechanisms react quickly in blocking attack traffic while achieving high survival ratio for legitimate traffic. Even when 40 percent of all customer networks attack, the survival ratio for traffic from the other customer networks is still close to 100 percent.     

Information Leakage as a Model for Quality of Anonymity Networks

Measures for anonymity in systems must be on one hand simple and concise, and on the other hand reflect the realities of real systems. Such systems are heterogeneous, as are the ways they are used, the deployed anonymity measures, and finally the possible attack methods. Implementation quality and topologies of the anonymity measures must be considered as well. We therefore propose a new measure for the anonymity degree, that takes into account these various. We model the effectiveness of single mixes or of mix networks in terms of information leakage, and we measure it in terms of covert channel capacity. The relationship between the anonymity degree and information leakage is described, and an example is shown.     

匿名通信系统中基于多Hash编码标记技术的匿名滥用控制策略

匿名通信系统采用重路由、流量填充的方式隐藏网络用户的IP地址等识别信息,为合法用户的通信提供匿名保护。然而,由于缺乏有效的控制,导致系统容易被滥用以进行DDoS攻击。论文提出在重路由匿名通信系统中引入基于多Hash编码的滥用控制策略,根据被标记的数据报文重构攻击路径,定位攻击者。对于合法用户,由于其流量小,被标记的报文数目低于重构所需的报文数,匿名性得到保持。因而,匿名系统能在提供匿名保护的同时,有效地防止匿名滥用。而且,由于采用多Hash编码,在系统规模增大时,仍能保持较低的误判率,保持定位攻击者的精确度。     

随机伪造源地址分布式拒绝服务攻击过滤

由于能够有效隐藏攻击者,随机伪造源地址分布式拒绝服务攻击被广泛采用.抵御这种攻击的难点在于无法有效区分合法流量和攻击流量.基于此类攻击发生时攻击包源地址的统计特征,提出了能够有效区分合法流量和攻击流量,并保护合法流量的方法.首先设计了一种用于统计源地址数据包数的高效数据结构Extended Counting Bloom Filter(ECBF),基于此,提出了随机伪造源地址分布式拒绝服务攻击发生时合法地址识别算法.通过优先转发来自合法地址的数据包,实现对合法流量的有效保护.采用真实互联网流量进行模拟,实验结果表明,所提方法能精确识别合法地址,有效地保护合法流量,尤其能够较好地保护有价值的交易会话.所提方法的时间复杂性为O(1),并且只需数兆字节的内存开销,可嵌入边界路由器或网络安全设备,如防火墙中,实现随机伪造源地址分布式拒绝服务攻击的在线过滤.     

网络匿名度量研究综述

保护网络空间隐私的愿望推动了匿名通信系统的研究,使得用户可以在使用互联网服务时隐藏身份和通信关系等敏感信息,不同的匿名通信系统提供不同强度的匿名保护.如何量化和比较这些系统提供的匿名程度,从开始就是重要的研究主题,如今愈发得到更多关注,成为新的研究焦点,需要开展更多的研究和应用.匿名度量可以帮助用户了解匿名通信系统提供...     

MimiBS: Mimicking Base-Station to Provide Location Privacy Protection in Wireless Sensor Networks

In a wireless sensor network (WSN), sink node/base station (BS) gathers data from surrounding nodes and sends them to a remote server via a gateway. BS holds important data. Therefore, it is necessary to hide its location from an inside/outside attacker. Providing BS location anonymity against a local and global adversary, we propose a novel technique called MimiBS “Mimicking Base-Station”. The key idea is the integration of aggregator nodes (ANs) with sensor nodes (SNs), while fine tuning TTL (time to live) value for fake packets, and setting some threshold value for real packet counter rpctr. MimiBS creates multiple traffic-hotspots (zones), which shifts the focus from BS to the newly created ANs hotspots. Multiple traffic-hotspots confuse the adversary while determining the real BS location information. We defend the BS location information anonymity against traffic analysis attack, and traffic tracing attack. MimiBS gives an illusion of having multiple BSs, and thus, if the attacker knows any about AN, he/she will be deceived between the real BS and ANs. MimiBS outperforms BLAST (base-station location anonymity and security technique), RW (random walk), and SP (shortest path), while conducting routing without fake packets, with fake packets, without energy consideration, and with energy consideration respectively.     

An enhanced lightweight anonymous biometric based authentication scheme for TMIS

In recent past, Mir and Nikooghadam presented an enhanced biometrics based authentication scheme using lightweight symmetric key primitives for telemedicine networks. This scheme was introduced in an anticipation to the former biometrics based authentication system proposed by Yan et al. Mir and Nikooghadam declared that their scheme is invincible against potential attacks while providing user anonymity. Our study and in-depth analysis unveil that Mir and Nikooghadam’s authentication scheme is susceptible to smart card stolen attack, moreover anonymity violation is still possible despite the claim of Mir and Nikooghadam. We have utilized the random oracle model in order to perform security analysis. The analysis endorses that the proposed scheme is robust enough to provide protection against all potential attacks specially smart card stolen attack and user anonymity violation attack. Analysis is further substantiated through an automated software application ProVerif. The analysis also shows that proposed scheme is computationally efficient than Mir and Nikooghadam’s scheme.     

Pool-based anonymous communication framework for high-performance computing

We propose and analyze in details the revised model of XPROB, an infinite family of pool-based anonymous communication systems that can be used in various applications including high performance computing environments. XPROB overcomes the limitations of APROB Channel that only resists a global delaying adversary (GDA). Each instance of XPROB uses a pool mix as its core component to provide resistance against a global active adversary (GAA), a stronger yet more practical opponent than a GDA. For XPROB, a GAA can drop messages from users but cannot break the anonymity of the senders of messages. Analysis and experimental evaluations show that each instance of XPROB provides greater anonymity than APROB Channel for the same traffic load and user behaviors (rate and number of messages sent). In XPROB, any message can be delivered with high probability within a few rounds after its arrival into the system; thus, an opponent cannot be certain when a message will be delivered. Furthermore, users can choose their own preference balance between anonymity and delay. Through the evaluation, we prove that XPROB can provide anonymity for users in high-performance computing environments.     

An analysis of the statistical disclosure attack and receiver-bound cover

Anonymous communications provides an important privacy service by keeping passive eavesdroppers from linking communicating parties. However, an attacker can use long-term statistical analysis of traffic sent to and from such a system to link senders with their receivers. Cover traffic is an effective, but somewhat limited, counter strategy against this attack. Earlier work in this area proposes that privacy-sensitive users generate and send cover traffic to the system. However, users are not online all the time and cannot be expected to send consistent levels of cover traffic; use of inconsistent cover traffic drastically reduces its impact. We propose that the anonymity system generate cover traffic that mimics the sending patterns of users in the system. This receiver-bound cover (RBC) helps to make up for users that aren’t there, confusing the attacker. To study the statistical disclosure attack and different cover traffic methods, we introduce an analytical method to bound the time for an attacker to identify a contact of Alice with high probability. We use these bounds to show that cover traffic sent by Alice greatly increases the time for attacker success, especially as the amount of traffic from other users increases. Further, we show that RBC greatly enhances the defense, forcing the attacker to take additional time proportional to the amount of cover used. We also examine the effectiveness of the attack and cover traffic when the attacker can only observe part of the traffic in the system. We validate our analysis through simulations that extend to realistic social networks. When RBC is used in combination with user generated cover traffic, the attack takes a very long time to succeed.     

Mutual anonymous overlay multicast

Multicast services are demanded by a variety of applications. Many applications require anonymity during their communication. However, there has been very little work on anonymous multicasting and such services are not available yet. Due to the fundamental differences between multicast and unicast, the solutions proposed for anonymity in unicast communications cannot be directly applied to multicast applications. In this paper we define the anonymous multicast system, and propose a mutual anonymous multicast (MAM) protocol including the design of a unicast mutual anonymity protocol and construction and optimization of an anonymous multicast tree. MAM is self-organizing and completely distributed. We define the attack model in an anonymous multicast system and analyze the anonymity degree. We also evaluate the performance of MAM by comprehensive simulations.     

P2P匿名通信系统的匿名度量

分析了P2P匿名通信系统模型及攻击模型,基于信息熵,针对共谋攻击,度量了几种典型的P2P匿名系统的接收者匿名度,分析了系统匿名性与系统规模N、恶意节点比例、路径长度及转发概率的关系。计算数据表明,嵌套加密使系统获得强匿名,接收者的匿名度随系统规模等的增大而增大,随恶意节点比例的增大而减小,受恶意节点比例及系统规模影响较大,受路径长度影响较小。     

基于数据分析的无线匿名路由协议攻击及防御

分析一种基于数据分析的攻击方法,根据被动监听网络所获得的信息,推断无线网络节点之间的通信关系。仿真实验结果表明,该方法在不同场景下能够达到85%~90%的准确率,在大量掩护消息存在的情况下,性能良好。提出一种更为完善的掩护消息方法,强化了现有无线匿名路由协议的功能。     

Pseudo Trust: Zero-Knowledge Authentication in Anonymous P2Ps

Most of the current trust models in peer-to-peer (P2P) systems are identity based, which means that in order for one peer to trust another, it needs to know the other peer's identity. Hence, there exists an inherent tradeoff between trust and anonymity. To the best of our knowledge, there is currently no P2P protocol that provides complete mutual anonymity as well as authentication and trust management. We propose a zero-knowledge authentication scheme called Pseudo Trust (PT), where each peer, instead of using its real identity, generates an unforgeable and verifiable pseudonym using a one-way hash function. A novel authentication scheme based on Zero-Knowledge Proof is designed so that peers can be authenticated without leaking any sensitive information. With the help of PT, most existing identity-based trust management schemes become applicable in mutual anonymous P2P systems. We analyze the security and the anonymity in PT, and evaluate its performance using trace-driven simulations and a prototype PT-enabled P2P network. The strengths of our design include 1) no need for a centralized trusted party or CA, 2) high scalability and security, 3) low traffic and cryptography processing overheads, and 4) man-in-middle attack resistance.     

一种IPv6环境下实时DDoS防御方法

现有的DDoS防御方法大多是针对传统IPv4网络提出的,而且它们的防御实时性还有待进一步提高。针对这种情况,提出了一种IPv6环境下实时防御DDoS的新方法,其核心思想是首先在受害者自治系统内建立决策判据树,然后依据决策判据1和2对该树进行实时监控,如果发现攻击,就发送过滤消息通知有关实体在受害端和源端一起对攻击包进行过滤,从而保护受害者。实验证明,该方法能够在秒钟数量级检测到攻击并且对攻击包进行过滤,能有效地防范多个DDoS攻击源。另外,该方法还能准确地区分攻击流和高业务流,可以在不恢复攻击路径的情况下直接追踪到攻击源所在的自治系统（甚至是子网）。     

An energy-efficient source-anonymity protocol in surveillance systems

Source-location privacy is a critical security property in event-surveillance systems. However, due to the characteristics of surveillance systems, e.g., resource constraints, diverse privacy requirements and large-scale network, the existing anonymity mechanisms cannot effectively deal with the problem of source-location privacy protection. There is an imbalance on network load and transmission latency for most of the existing anonymity schemes, which causes “funnel effect” and conflicts with anonymity. This paper proposes the dynamic optimal mix-ring-based source-location anonymity protocol, DORing. In this scheme, we first set the dynamic optimal mix-ring to collect and mix the network traffic, which can satisfy the diverse QoS requirements for all the packets. Secondly, we propose the sector-based anonymity assess to control the process of mixing in order to filter out the dummy packets and deliver the authentic packets to sink. Finally, the location of mix-ring is adjusted to balance network energy consumption, prolong the lifetime of the network and resist global attack. The simulation results demonstrate that DORing is very efficient in balancing energy consumption and transmission latency and can significantly prolong survival period of the network and ensure security as well as latency to satisfy the packets’ requirements.     

Characterization of community based-P2P systems and implications for traffic localization

In this paper, we present one of the first and most extensive characterizations of closed community-based P2P systems. Such systems are organic groups of peer-to-peer (P2P) clients, which can be joined only by users belonging to a certain network (e.g., connected to a given Internet Service Provider (ISP)). A number of factors motivate the growth of these communities, such as quality of content, anonymity of transfers, and the potential for better performance that enhances user experience. Our study is conducted in two contrasting environments—a campus network and a national ISP—located in different continents. In both cases, large-scale closed communities have been found to be the predominant P2P systems in use. We shed light both on the factors motivating the growth of such communities, and present results characterizing the extensiveness of their usage, the performance achievable by the systems, and the implications of such communities for network providers. While our findings are interesting in their own right, they also offer important lessons for ongoing research that seeks to localize traffic within ISP boundaries. In particular, our results suggest that (i) in ISPs with heterogeneous access technologies, the performance benefits to users on localizing P2P traffic is largely dependent on the degree of seed-like behavior of peers behind high-bandwidth access technologies; and (ii) while localization can reduce the traffic on Internet peering links, it has the potential to cause a significant increase in traffic on internal links of providers, potentially requiring upgrades of network links.     

门罗币匿名及追踪技术综述

虚拟数字货币为恐怖分子融资、洗钱、毒品交易等犯罪活动提供了温床,而门罗币作为新兴数字货币的代表,具有公认的高匿名性.针对利用门罗币匿名性犯罪的问题,从技术角度探索门罗币匿名技术及其追踪技术,综述近年来的研究进展,从而为有效应对基于区块链技术的犯罪提供技术支持.具体来说,总结了门罗币匿名技术的演进,并梳理了学术界关于门罗...     

一种移动网中的匿名组播通信协议*

基于典型的组播路由协议ODMRP,提出了一种移动自组网中的匿名组播路由协议——AODMRP。在AODMRP中,通过采用假名机制和加/解密机制,可以防范数据包窃听、泄密节点攻击和反向路径跟踪等匿名攻击,能够有效地提供组播发送者、接收者以及传输路径相邻节点间通信的匿名性。     

Scalable connectionless RDMA over unreliable datagrams

The overhead imposed by connection-based protocols for high-performance computing (HPC) systems can be detrimental to system resource usage and performance. This paper demonstrates for the first time a unified send/recv and Remote Direct Memory Access (RDMA) Write over datagrams design for RDMA-capable network adapters. We previously designed the first and only unreliable datagram RDMA model, RDMA Write-Record, and demonstrated its superior performance over connection-based RDMA. RDMA Write-Record can be applied to several RDMA capable networks, such as iWARP and InfiniBand (which does not support unreliable RDMA Writes). iWARP is a state-of-the-art, high-speed, connection-based RDMA networking technology for both local and wide-area Ethernet networks. iWARP is used as the platform to demonstrate our unreliable RDMA operation design for both channel and memory semantics. We previously outlined the requirements for extending iWARP to operate over datagrams. Here we extend our work on commercial datacenter applications by providing broadcast support for send/recv. In order to study the scalability of datagram-iWARP, we added Message Passing Interface support for RDMA Write-Record to investigate the scalability of HPC-based scientific applications for both send/recv and RDMA Write-Record. The results show that both models outperform their connection-based alternatives, providing superior performance and scalability in a software prototype.     

You can run, but you can't hide: an effective statistical methodology to trace back DDoS attackers

There is currently an urgent need for effective solutions against distributed denial-of-service (DDoS) attacks directed at many well-known Web sites. Because of increased sophistication and severity of these attacks, the system administrator of a victim site needs to quickly and accurately identify the probable attackers and eliminate the attack traffic. Our work is based on a probabilistic marking algorithm in which an attack graph can be constructed by a victim site. We extend the basic concept such that one can quickly and efficiently deduce the intensity of the "local traffic" generated at each router in the attack graph based on the volume of received marked packets at the victim site. Given the intensities of these local traffic rates, we can rank the local traffic and identify the network domains generating most of the attack traffic. We present our trace back and attacker identification algorithms. We also provide a theoretical framework to determine the minimum stable time t/sub min/, which is the minimum time needed to accurately determine the locations of attackers and local traffic rates of participating routers in the attack graph. Extensive experiments are carried out to illustrate that one can accurately determine the minimum stable time t/sub min/ and, at the same time, determine the location of attackers under various threshold parameters, network diameters, attack traffic distributions, on/off patterns, and network traffic conditions.