Protecting critical services from DDoS attacks
Date
2012
Authors
Kambhampati, Vamsi K., author
Massey, Daniel, advisor
Papadopoulos, Christos, advisor
Strout, Michelle M., committee member
Chong, Edwin K. P., committee member
Journal Title
Journal ISSN
Volume Title
Abstract
Critical services such as emergency response, industrial control systems, government and banking systems are increasing coming under threat from Distributed Denial of Service (DDoS) attacks. To protect such services, in this dissertation we propose Epiphany, an architecture that hides the service IP address making it hard for an attacker to find, attack and disable the service. Like other location hiding based approaches, Epiphany provides access to the service through numerous lightweight proxies, which present a very wide target for the attacker. However, unlike these solutions Epiphany uses a novel approach to hide the service from both clients and proxies, thus eliminating the need to trust proxies or apply a filtering perimeter around the service destination. The approach uses dynamically generated hidden paths that are fully controlled by the service, so if a specific proxy misbehaves or is attacked, it can be promptly removed. Since the service cannot be targeted directly, the attacker may target the proxy infrastructure. To combat such threats, Epiphany separates the proxies into setup and data proxies. Setup proxies are only responsible for letting a client make initial contact with the service, while data proxies provide further access to the service. However, the setup proxies employ IP anycast to isolate the network into distinct regions. Connection requests generated in a region bounded by an anycast setup proxy are automatically directed to that proxy. This way, the attacker botnet becomes dispersed, i.e., the attacker cannot combine bots from different regions to target setup proxies in specific networks. By adding more anycast setup proxies, networks that only have legitimate clients can be freed from the perils of unclean networks (i.e., networks with attackers). Moreover, the attacker activity becomes more exposed in these unclean networks, upon which the operators may take further action such as remove them or block them until the problem is resolved. Epiphany data proxies are kept private; the service can assign different data proxies to distinct clients depending on how they are trusted. The attacker cannot disrupt on-going communication of a client who's data proxy it does not know. We evaluate the effectiveness of Epiphany defenses using simulations on an Internet scale topology, and two different implementations involving real Internet routers and an overlay on PlanetLab.
Description
Rights Access
Subject
distributed denial of service
proxies
location hiding
hidden paths