SlideShare uma empresa Scribd logo

Denial Of Service Flooding Detection In Anonymity Networks

Jens Oberender
Jens Oberender

MonAM Talk Slides

EducaçãoTecnologiaNegócios
1 de 12
MonAM 2007 LAAS-CNRS, Toulouse, Toulouse France 5. November 2007 Denial-of-Service Flooding Detection g in Anonymity Networks Jens Oberender Computer Networks & Communications Group Melanie Volkamer Institute for IT-Security and Security Law Hermann de Meer University of Passau Germany y Network of Excellence: Design and Engineering of the Future Generation Internet ( (IST-028022) ) Performance Measurement and Management for Two-Level Optimization of Networks and Peer-to-Peer Applications (GR/S69009/01)
Attacks in Anonymity Networks Chaum’s Mixer A sender remains anonymous, if an adversary catches no evidence on sender identity d t h id d id tit Application Attacks Transport p Network Data Link DoS Sender G t Gateway Detection D t ti i Receiver R jens.oberen j Anonymity Network nder@uni-p How to protect receivers from anonymous flooding attacks? 1. Enable traffic flow detection DoS attack detection passau.de 1 2. Prevent anonymity breach protect sender identity Message Tagging g gg g 07.11.2007 DoS Flooding Detection in Anonymity Networks 2
Linkability Continuum Two messages are linkable by an adversary, if evidence on their relation can be provided. 1 ∞ # Messages per Profile None Limited Lifelong Message Linkability Pseudonyms – Adversary links all messages malicious profiling U b Unobservability bilit jens.oberen j + Observer cannot link any messages together Limited Linkability ed ab y nder@uni-p Restricted number of linkable messages Enables traffic flow clustering passau.de 07.11.2007 DoS Flooding Detection in Anonymity Networks 3
Attacker Model Assumptions Privacy Adversary Anonymity Network unbroken • Aim: disclose sender anonymity y y Access Control Entity trusted • Observe incoming tags by sender & receivers • Collude with other DoS engines Access DoS Adversary Control Mitigation Access j jens.oberen Attacker Anonymity Network Adversary Receiver Control Access Control Adversary Receiver nder@uni-p Message Flooding Attacker Security Objectives 1. Limited linkabilit linkability passau.de • Aim: Denial-of-Service • Exhausts victim resources 2. Linkability resistant to malicious influence 07.11.2007 DoS Flooding Detection in Anonymity Networks 4
Message tagging Fast, local traffic flow cluster criteria Hash from characteristic strings (key derivation function) Values not comparable with fresh salt Linkability control Tag properties Sender differentiate senders j jens.oberen nder@uni-p Receiver disables cross-server profiling passau.de Time Frame disables lifelong linkability 07.11.2007 DoS Flooding Detection in Anonymity Networks 5
Internal vs. External Tags Anonymity Attack using external tags Collude to learn anonymous paths Proposed internal Message Tagging j jens.oberen h(SenderX, Receiver, ) Tags reside within encrypted channel nder@uni-passau.de p 07.11.2007 DoS Flooding Detection in Anonymity Networks 6
Clustering of Anonymous Traffic Flows Anonymous Messages Header data stripped off, application level analysis needed Regular Use Message Tag e Flooding jens.oberen j t t t Time at Access Control Entity Message tags enable flow clustering nder@uni-p h(SenderX, Receiver, ) Clusters of [ Sender, , ] at Engine g passau.de Detection frames cluster partial message flows Arrival rate 07.11.2007 DoS Flooding Detection in Anonymity Networks 7
Clustering of time-based Tags j jens.oberender@uni-passau.de n p 07.11.2007 DoS Flooding Detection in Anonymity Networks 8
Scalability Issues Clock skew in distributed systems misuse degrades linkability Access control entity Counts messages jens.oberen j nt u essage Tag ... per sender co Logarithm oga nder@uni-p Me effects on tag passau.de Traffic flow classification Arrival rate per message tag Activity profiling 07.11.2007 DoS Flooding Detection in Anonymity Networks 9
Sender Linkability Scales with message volume Depends on arrival rate towards each receiver Message tags collisions Access Control Entity 1 Entity 2 DoS Offset Detection Flooding Time Flow splitting increases linkability jens.oberen j Incentive mechanism nder@uni-p Strategic players’ goal: maximize privacy Inoffensive communication encouraged passau.de 07.11.2007 DoS Flooding Detection in Anonymity Networks 10
Multiple sender identities Equivalent to DDoS No defense against attacks from different sender identities, but… b t Example BotNets p Anonymity for attacker only Proxy functionality Yet these d ’t spy SMTP authentication Y t th don’t th ti ti j jens.oberen Anonymity networks o y y e o s nder@uni-p No need to operate a BotNet Anonymous attacks using real identity Hard-to-detect without add-ons d d passau.de Benefits the privacy of the broad public! 07.11.2007 DoS Flooding Detection in Anonymity Networks 11
Conclusions Partial traffic flows Ability to detect Anonymous DoS Flooding Attacks state-of-the-art state of the art techniques applicable Sender Anonymity maintained Sender Privacy Defense of cross-server profiling Restricted amount of message linkable Arrival Rate Linkability jens.oberen j nder@uni-passau.de p Jens Oberender <jens.oberender@uni-passau.de> j @ 07.11.2007 DoS Flooding Detection in Anonymity Networks 12

Recomendados

Panda lacotion
Panda lacotionPanda lacotion
Panda lacotion
geleya
 
To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...
To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...
To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...
Vamsi IV
 
Meterpreter in Metasploit User Guide
Meterpreter in Metasploit User GuideMeterpreter in Metasploit User Guide
Meterpreter in Metasploit User Guide
Khairi Aiman
 
Ips and-ids
Ips and-idsIps and-ids
Ips and-ids
Adam Viet
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON
 
44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves
44CON
 
Messing around avs
Messing around avsMessing around avs
Messing around avs
Shubham Mittal
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy
44CON
 

Recomendados

Panda lacotion
Panda lacotionPanda lacotion
Panda lacotion
geleya
 
To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...
To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...
To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...
Vamsi IV
 
Meterpreter in Metasploit User Guide
Meterpreter in Metasploit User GuideMeterpreter in Metasploit User Guide
Meterpreter in Metasploit User Guide
Khairi Aiman
 
Ips and-ids
Ips and-idsIps and-ids
Ips and-ids
Adam Viet
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON
 
44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves
44CON
 
Messing around avs
Messing around avsMessing around avs
Messing around avs
Shubham Mittal
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy
44CON
 
Konsumterror #BCBN20 Barcamp Sessopn
Konsumterror #BCBN20 Barcamp SessopnKonsumterror #BCBN20 Barcamp Sessopn
Konsumterror #BCBN20 Barcamp Sessopn
Jens Oberender
 
Erfahrungsbericht als Area Governor bei Toastmasters International
Erfahrungsbericht als Area Governor bei Toastmasters InternationalErfahrungsbericht als Area Governor bei Toastmasters International
Erfahrungsbericht als Area Governor bei Toastmasters International
Jens Oberender
 
Smartphone Applications - Common Criteria is going Mobile
Smartphone Applications - Common Criteria is going MobileSmartphone Applications - Common Criteria is going Mobile
Smartphone Applications - Common Criteria is going Mobile
Jens Oberender
 
Pitch Your Project and Vision – Zielgerichtete Kommunikation
Pitch Your Project and Vision – Zielgerichtete KommunikationPitch Your Project and Vision – Zielgerichtete Kommunikation
Pitch Your Project and Vision – Zielgerichtete Kommunikation
Jens Oberender
 
Konzeptbotschafter: The Elevator Pitch
Konzeptbotschafter: The Elevator PitchKonzeptbotschafter: The Elevator Pitch
Konzeptbotschafter: The Elevator Pitch
Jens Oberender
 
Schlipsträger werden - Sinnsuche zum Berufseinstieg
Schlipsträger werden - Sinnsuche zum BerufseinstiegSchlipsträger werden - Sinnsuche zum Berufseinstieg
Schlipsträger werden - Sinnsuche zum Berufseinstieg
Jens Oberender
 
Überblick Common Criteria
Überblick Common CriteriaÜberblick Common Criteria
Überblick Common Criteria
Jens Oberender
 
Grundlagen kooperativer Anonymisierungsnetze
Grundlagen kooperativer AnonymisierungsnetzeGrundlagen kooperativer Anonymisierungsnetze
Grundlagen kooperativer Anonymisierungsnetze
Jens Oberender
 
Widerstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von AnonymisierungsnetzenWiderstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von Anonymisierungsnetzen
Jens Oberender
 
Algorithm for Multi-Path Hop-By-Hop Routing
Algorithm for Multi-Path Hop-By-Hop RoutingAlgorithm for Multi-Path Hop-By-Hop Routing
Algorithm for Multi-Path Hop-By-Hop Routing
Jens Oberender
 
Getting Things Done (GfA Präsentation)
Getting Things Done (GfA Präsentation)Getting Things Done (GfA Präsentation)
Getting Things Done (GfA Präsentation)
Jens Oberender
 
Riding the Flow - Wissenarbeit nach der Getting Things Done Methode
Riding the Flow - Wissenarbeit nach der Getting Things Done MethodeRiding the Flow - Wissenarbeit nach der Getting Things Done Methode
Riding the Flow - Wissenarbeit nach der Getting Things Done Methode
Jens Oberender
 
Grundlagen Kooperativer Anonymität
Grundlagen Kooperativer AnonymitätGrundlagen Kooperativer Anonymität
Grundlagen Kooperativer Anonymität
Jens Oberender
 
Widerstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von AnonymisierungsnetzenWiderstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von Anonymisierungsnetzen
Jens Oberender
 
Verlustbehaftete Komprimierung
Verlustbehaftete KomprimierungVerlustbehaftete Komprimierung
Verlustbehaftete Komprimierung
Jens Oberender
 
Peer-to-Peer Security
Peer-to-Peer SecurityPeer-to-Peer Security
Peer-to-Peer Security
Jens Oberender
 
On the Design Dilemma in Dining Cryptographer Networks
On the Design Dilemma in Dining Cryptographer NetworksOn the Design Dilemma in Dining Cryptographer Networks
On the Design Dilemma in Dining Cryptographer Networks
Jens Oberender
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
christianmathematics
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
MJDuyan
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
TechSoup
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
Nguyen Thanh Tu Collection
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 

Mais conteúdo relacionado

Mais de Jens Oberender

Grundlagen kooperativer Anonymisierungsnetze
Grundlagen kooperativer AnonymisierungsnetzeGrundlagen kooperativer Anonymisierungsnetze
Grundlagen kooperativer Anonymisierungsnetze
Jens Oberender
 
Widerstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von AnonymisierungsnetzenWiderstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von Anonymisierungsnetzen
Jens Oberender
 
Algorithm for Multi-Path Hop-By-Hop Routing
Algorithm for Multi-Path Hop-By-Hop RoutingAlgorithm for Multi-Path Hop-By-Hop Routing
Algorithm for Multi-Path Hop-By-Hop Routing
Jens Oberender
 
Grundlagen Kooperativer Anonymität
Grundlagen Kooperativer AnonymitätGrundlagen Kooperativer Anonymität
Grundlagen Kooperativer Anonymität
Jens Oberender
 
Widerstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von AnonymisierungsnetzenWiderstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von Anonymisierungsnetzen
Jens Oberender
 
Verlustbehaftete Komprimierung
Verlustbehaftete KomprimierungVerlustbehaftete Komprimierung
Verlustbehaftete Komprimierung
Jens Oberender
 
On the Design Dilemma in Dining Cryptographer Networks
On the Design Dilemma in Dining Cryptographer NetworksOn the Design Dilemma in Dining Cryptographer Networks
On the Design Dilemma in Dining Cryptographer Networks
Jens Oberender
 

Mais de Jens Oberender (17)

Konsumterror #BCBN20 Barcamp Sessopn
Konsumterror #BCBN20 Barcamp SessopnKonsumterror #BCBN20 Barcamp Sessopn
Konsumterror #BCBN20 Barcamp Sessopn
 
Erfahrungsbericht als Area Governor bei Toastmasters International
Erfahrungsbericht als Area Governor bei Toastmasters InternationalErfahrungsbericht als Area Governor bei Toastmasters International
Erfahrungsbericht als Area Governor bei Toastmasters International
 
Smartphone Applications - Common Criteria is going Mobile
Smartphone Applications - Common Criteria is going MobileSmartphone Applications - Common Criteria is going Mobile
Smartphone Applications - Common Criteria is going Mobile
 
Pitch Your Project and Vision – Zielgerichtete Kommunikation
Pitch Your Project and Vision – Zielgerichtete KommunikationPitch Your Project and Vision – Zielgerichtete Kommunikation
Pitch Your Project and Vision – Zielgerichtete Kommunikation
 
Konzeptbotschafter: The Elevator Pitch
Konzeptbotschafter: The Elevator PitchKonzeptbotschafter: The Elevator Pitch
Konzeptbotschafter: The Elevator Pitch
 
Schlipsträger werden - Sinnsuche zum Berufseinstieg
Schlipsträger werden - Sinnsuche zum BerufseinstiegSchlipsträger werden - Sinnsuche zum Berufseinstieg
Schlipsträger werden - Sinnsuche zum Berufseinstieg
 
Überblick Common Criteria
Überblick Common CriteriaÜberblick Common Criteria
Überblick Common Criteria
 
Grundlagen kooperativer Anonymisierungsnetze
Grundlagen kooperativer AnonymisierungsnetzeGrundlagen kooperativer Anonymisierungsnetze
Grundlagen kooperativer Anonymisierungsnetze
 
Widerstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von AnonymisierungsnetzenWiderstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von Anonymisierungsnetzen
 
Algorithm for Multi-Path Hop-By-Hop Routing
Algorithm for Multi-Path Hop-By-Hop RoutingAlgorithm for Multi-Path Hop-By-Hop Routing
Algorithm for Multi-Path Hop-By-Hop Routing
 
Getting Things Done (GfA Präsentation)
Getting Things Done (GfA Präsentation)Getting Things Done (GfA Präsentation)
Getting Things Done (GfA Präsentation)
 
Riding the Flow - Wissenarbeit nach der Getting Things Done Methode
Riding the Flow - Wissenarbeit nach der Getting Things Done MethodeRiding the Flow - Wissenarbeit nach der Getting Things Done Methode
Riding the Flow - Wissenarbeit nach der Getting Things Done Methode
 
Grundlagen Kooperativer Anonymität
Grundlagen Kooperativer AnonymitätGrundlagen Kooperativer Anonymität
Grundlagen Kooperativer Anonymität
 
Widerstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von AnonymisierungsnetzenWiderstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von Anonymisierungsnetzen
 
Verlustbehaftete Komprimierung
Verlustbehaftete KomprimierungVerlustbehaftete Komprimierung
Verlustbehaftete Komprimierung
 
Peer-to-Peer Security
Peer-to-Peer SecurityPeer-to-Peer Security
Peer-to-Peer Security
 
On the Design Dilemma in Dining Cryptographer Networks
On the Design Dilemma in Dining Cryptographer NetworksOn the Design Dilemma in Dining Cryptographer Networks
On the Design Dilemma in Dining Cryptographer Networks
 

Último

1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 

Último (20)

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 

Denial Of Service Flooding Detection In Anonymity Networks

  • 1. MonAM 2007 LAAS-CNRS, Toulouse, Toulouse France 5. November 2007 Denial-of-Service Flooding Detection g in Anonymity Networks Jens Oberender Computer Networks & Communications Group Melanie Volkamer Institute for IT-Security and Security Law Hermann de Meer University of Passau Germany y Network of Excellence: Design and Engineering of the Future Generation Internet ( (IST-028022) ) Performance Measurement and Management for Two-Level Optimization of Networks and Peer-to-Peer Applications (GR/S69009/01)
  • 2. Attacks in Anonymity Networks Chaum’s Mixer A sender remains anonymous, if an adversary catches no evidence on sender identity d t h id d id tit Application Attacks Transport p Network Data Link DoS Sender G t Gateway Detection D t ti i Receiver R jens.oberen j Anonymity Network nder@uni-p How to protect receivers from anonymous flooding attacks? 1. Enable traffic flow detection DoS attack detection passau.de 1 2. Prevent anonymity breach protect sender identity Message Tagging g gg g 07.11.2007 DoS Flooding Detection in Anonymity Networks 2
  • 3. Linkability Continuum Two messages are linkable by an adversary, if evidence on their relation can be provided. 1 ∞ # Messages per Profile None Limited Lifelong Message Linkability Pseudonyms – Adversary links all messages malicious profiling U b Unobservability bilit jens.oberen j + Observer cannot link any messages together Limited Linkability ed ab y nder@uni-p Restricted number of linkable messages Enables traffic flow clustering passau.de 07.11.2007 DoS Flooding Detection in Anonymity Networks 3
  • 4. Attacker Model Assumptions Privacy Adversary Anonymity Network unbroken • Aim: disclose sender anonymity y y Access Control Entity trusted • Observe incoming tags by sender & receivers • Collude with other DoS engines Access DoS Adversary Control Mitigation Access j jens.oberen Attacker Anonymity Network Adversary Receiver Control Access Control Adversary Receiver nder@uni-p Message Flooding Attacker Security Objectives 1. Limited linkabilit linkability passau.de • Aim: Denial-of-Service • Exhausts victim resources 2. Linkability resistant to malicious influence 07.11.2007 DoS Flooding Detection in Anonymity Networks 4
  • 5. Message tagging Fast, local traffic flow cluster criteria Hash from characteristic strings (key derivation function) Values not comparable with fresh salt Linkability control Tag properties Sender differentiate senders j jens.oberen nder@uni-p Receiver disables cross-server profiling passau.de Time Frame disables lifelong linkability 07.11.2007 DoS Flooding Detection in Anonymity Networks 5
  • 6. Internal vs. External Tags Anonymity Attack using external tags Collude to learn anonymous paths Proposed internal Message Tagging j jens.oberen h(SenderX, Receiver, ) Tags reside within encrypted channel nder@uni-passau.de p 07.11.2007 DoS Flooding Detection in Anonymity Networks 6
  • 7. Clustering of Anonymous Traffic Flows Anonymous Messages Header data stripped off, application level analysis needed Regular Use Message Tag e Flooding jens.oberen j t t t Time at Access Control Entity Message tags enable flow clustering nder@uni-p h(SenderX, Receiver, ) Clusters of [ Sender, , ] at Engine g passau.de Detection frames cluster partial message flows Arrival rate 07.11.2007 DoS Flooding Detection in Anonymity Networks 7
  • 8. Clustering of time-based Tags j jens.oberender@uni-passau.de n p 07.11.2007 DoS Flooding Detection in Anonymity Networks 8
  • 9. Scalability Issues Clock skew in distributed systems misuse degrades linkability Access control entity Counts messages jens.oberen j nt u essage Tag ... per sender co Logarithm oga nder@uni-p Me effects on tag passau.de Traffic flow classification Arrival rate per message tag Activity profiling 07.11.2007 DoS Flooding Detection in Anonymity Networks 9
  • 10. Sender Linkability Scales with message volume Depends on arrival rate towards each receiver Message tags collisions Access Control Entity 1 Entity 2 DoS Offset Detection Flooding Time Flow splitting increases linkability jens.oberen j Incentive mechanism nder@uni-p Strategic players’ goal: maximize privacy Inoffensive communication encouraged passau.de 07.11.2007 DoS Flooding Detection in Anonymity Networks 10
  • 11. Multiple sender identities Equivalent to DDoS No defense against attacks from different sender identities, but… b t Example BotNets p Anonymity for attacker only Proxy functionality Yet these d ’t spy SMTP authentication Y t th don’t th ti ti j jens.oberen Anonymity networks o y y e o s nder@uni-p No need to operate a BotNet Anonymous attacks using real identity Hard-to-detect without add-ons d d passau.de Benefits the privacy of the broad public! 07.11.2007 DoS Flooding Detection in Anonymity Networks 11
  • 12. Conclusions Partial traffic flows Ability to detect Anonymous DoS Flooding Attacks state-of-the-art state of the art techniques applicable Sender Anonymity maintained Sender Privacy Defense of cross-server profiling Restricted amount of message linkable Arrival Rate Linkability jens.oberen j nder@uni-passau.de p Jens Oberender <jens.oberender@uni-passau.de> j @ 07.11.2007 DoS Flooding Detection in Anonymity Networks 12