SlideShare une entreprise Scribd logo

Detecting DoS Flooding in Anonymity Networks

Jens Oberender
Jens Oberender

MonAM Talk Slides

FormationTechnologieBusiness
1  sur  12
MonAM 2007 LAAS-CNRS, Toulouse, Toulouse France 5. November 2007 Denial-of-Service Flooding Detection g in Anonymity Networks Jens Oberender Computer Networks & Communications Group Melanie Volkamer Institute for IT-Security and Security Law Hermann de Meer University of Passau Germany y Network of Excellence: Design and Engineering of the Future Generation Internet ( (IST-028022) ) Performance Measurement and Management for Two-Level Optimization of Networks and Peer-to-Peer Applications (GR/S69009/01)
Attacks in Anonymity Networks Chaum’s Mixer A sender remains anonymous, if an adversary catches no evidence on sender identity d t h id d id tit Application Attacks Transport p Network Data Link DoS Sender G t Gateway Detection D t ti i Receiver R jens.oberen j Anonymity Network nder@uni-p How to protect receivers from anonymous flooding attacks? 1. Enable traffic flow detection DoS attack detection passau.de 1 2. Prevent anonymity breach protect sender identity Message Tagging g gg g 07.11.2007 DoS Flooding Detection in Anonymity Networks 2
Linkability Continuum Two messages are linkable by an adversary, if evidence on their relation can be provided. 1 ∞ # Messages per Profile None Limited Lifelong Message Linkability Pseudonyms – Adversary links all messages malicious profiling U b Unobservability bilit jens.oberen j + Observer cannot link any messages together Limited Linkability ed ab y nder@uni-p Restricted number of linkable messages Enables traffic flow clustering passau.de 07.11.2007 DoS Flooding Detection in Anonymity Networks 3
Attacker Model Assumptions Privacy Adversary Anonymity Network unbroken • Aim: disclose sender anonymity y y Access Control Entity trusted • Observe incoming tags by sender & receivers • Collude with other DoS engines Access DoS Adversary Control Mitigation Access j jens.oberen Attacker Anonymity Network Adversary Receiver Control Access Control Adversary Receiver nder@uni-p Message Flooding Attacker Security Objectives 1. Limited linkabilit linkability passau.de • Aim: Denial-of-Service • Exhausts victim resources 2. Linkability resistant to malicious influence 07.11.2007 DoS Flooding Detection in Anonymity Networks 4
Message tagging Fast, local traffic flow cluster criteria Hash from characteristic strings (key derivation function) Values not comparable with fresh salt Linkability control Tag properties Sender differentiate senders j jens.oberen nder@uni-p Receiver disables cross-server profiling passau.de Time Frame disables lifelong linkability 07.11.2007 DoS Flooding Detection in Anonymity Networks 5
Internal vs. External Tags Anonymity Attack using external tags Collude to learn anonymous paths Proposed internal Message Tagging j jens.oberen h(SenderX, Receiver, ) Tags reside within encrypted channel nder@uni-passau.de p 07.11.2007 DoS Flooding Detection in Anonymity Networks 6
Clustering of Anonymous Traffic Flows Anonymous Messages Header data stripped off, application level analysis needed Regular Use Message Tag e Flooding jens.oberen j t t t Time at Access Control Entity Message tags enable flow clustering nder@uni-p h(SenderX, Receiver, ) Clusters of [ Sender, , ] at Engine g passau.de Detection frames cluster partial message flows Arrival rate 07.11.2007 DoS Flooding Detection in Anonymity Networks 7
Clustering of time-based Tags j jens.oberender@uni-passau.de n p 07.11.2007 DoS Flooding Detection in Anonymity Networks 8
Scalability Issues Clock skew in distributed systems misuse degrades linkability Access control entity Counts messages jens.oberen j nt u essage Tag ... per sender co Logarithm oga nder@uni-p Me effects on tag passau.de Traffic flow classification Arrival rate per message tag Activity profiling 07.11.2007 DoS Flooding Detection in Anonymity Networks 9
Sender Linkability Scales with message volume Depends on arrival rate towards each receiver Message tags collisions Access Control Entity 1 Entity 2 DoS Offset Detection Flooding Time Flow splitting increases linkability jens.oberen j Incentive mechanism nder@uni-p Strategic players’ goal: maximize privacy Inoffensive communication encouraged passau.de 07.11.2007 DoS Flooding Detection in Anonymity Networks 10
Multiple sender identities Equivalent to DDoS No defense against attacks from different sender identities, but… b t Example BotNets p Anonymity for attacker only Proxy functionality Yet these d ’t spy SMTP authentication Y t th don’t th ti ti j jens.oberen Anonymity networks o y y e o s nder@uni-p No need to operate a BotNet Anonymous attacks using real identity Hard-to-detect without add-ons d d passau.de Benefits the privacy of the broad public! 07.11.2007 DoS Flooding Detection in Anonymity Networks 11
Conclusions Partial traffic flows Ability to detect Anonymous DoS Flooding Attacks state-of-the-art state of the art techniques applicable Sender Anonymity maintained Sender Privacy Defense of cross-server profiling Restricted amount of message linkable Arrival Rate Linkability jens.oberen j nder@uni-passau.de p Jens Oberender <jens.oberender@uni-passau.de> j @ 07.11.2007 DoS Flooding Detection in Anonymity Networks 12

Recommandé

Panda lacotion
Panda lacotionPanda lacotion
Panda lacotiongeleya
 
To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...
To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...
To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...Vamsi IV
 
Meterpreter in Metasploit User Guide
Meterpreter in Metasploit User GuideMeterpreter in Metasploit User Guide
Meterpreter in Metasploit User GuideKhairi Aiman
 
Ips and-ids
Ips and-idsIps and-ids
Ips and-idsAdam Viet
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON
 
44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves44CON
 
Messing around avs
Messing around avsMessing around avs
Messing around avsShubham Mittal
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON
 

Recommandé

Panda lacotion
Panda lacotionPanda lacotion
Panda lacotiongeleya
 
To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...
To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...
To Lie or To Comply: Defending against Flood Attacks in Disruption Tolerant N...Vamsi IV
 
Meterpreter in Metasploit User Guide
Meterpreter in Metasploit User GuideMeterpreter in Metasploit User Guide
Meterpreter in Metasploit User GuideKhairi Aiman
 
Ips and-ids
Ips and-idsIps and-ids
Ips and-idsAdam Viet
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON
 
44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves44CON
 
Messing around avs
Messing around avsMessing around avs
Messing around avsShubham Mittal
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON
 
Konsumterror #BCBN20 Barcamp Sessopn
Konsumterror #BCBN20 Barcamp SessopnKonsumterror #BCBN20 Barcamp Sessopn
Konsumterror #BCBN20 Barcamp SessopnJens Oberender
 
Erfahrungsbericht als Area Governor bei Toastmasters International
Erfahrungsbericht als Area Governor bei Toastmasters InternationalErfahrungsbericht als Area Governor bei Toastmasters International
Erfahrungsbericht als Area Governor bei Toastmasters InternationalJens Oberender
 
Smartphone Applications - Common Criteria is going Mobile
Smartphone Applications - Common Criteria is going MobileSmartphone Applications - Common Criteria is going Mobile
Smartphone Applications - Common Criteria is going MobileJens Oberender
 
Pitch Your Project and Vision – Zielgerichtete Kommunikation
Pitch Your Project and Vision – Zielgerichtete KommunikationPitch Your Project and Vision – Zielgerichtete Kommunikation
Pitch Your Project and Vision – Zielgerichtete KommunikationJens Oberender
 
Konzeptbotschafter: The Elevator Pitch
Konzeptbotschafter: The Elevator PitchKonzeptbotschafter: The Elevator Pitch
Konzeptbotschafter: The Elevator PitchJens Oberender
 
Schlipsträger werden - Sinnsuche zum Berufseinstieg
Schlipsträger werden - Sinnsuche zum BerufseinstiegSchlipsträger werden - Sinnsuche zum Berufseinstieg
Schlipsträger werden - Sinnsuche zum BerufseinstiegJens Oberender
 
Überblick Common Criteria
Überblick Common CriteriaÜberblick Common Criteria
Überblick Common CriteriaJens Oberender
 
Grundlagen kooperativer Anonymisierungsnetze
Grundlagen kooperativer AnonymisierungsnetzeGrundlagen kooperativer Anonymisierungsnetze
Grundlagen kooperativer AnonymisierungsnetzeJens Oberender
 
Widerstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von AnonymisierungsnetzenWiderstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von AnonymisierungsnetzenJens Oberender
 
Algorithm for Multi-Path Hop-By-Hop Routing
Algorithm for Multi-Path Hop-By-Hop RoutingAlgorithm for Multi-Path Hop-By-Hop Routing
Algorithm for Multi-Path Hop-By-Hop RoutingJens Oberender
 
Getting Things Done (GfA Präsentation)
Getting Things Done (GfA Präsentation)Getting Things Done (GfA Präsentation)
Getting Things Done (GfA Präsentation)Jens Oberender
 
Riding the Flow - Wissenarbeit nach der Getting Things Done Methode
Riding the Flow - Wissenarbeit nach der Getting Things Done MethodeRiding the Flow - Wissenarbeit nach der Getting Things Done Methode
Riding the Flow - Wissenarbeit nach der Getting Things Done MethodeJens Oberender
 
Grundlagen Kooperativer Anonymität
Grundlagen Kooperativer AnonymitätGrundlagen Kooperativer Anonymität
Grundlagen Kooperativer AnonymitätJens Oberender
 
Widerstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von AnonymisierungsnetzenWiderstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von AnonymisierungsnetzenJens Oberender
 
Verlustbehaftete Komprimierung
Verlustbehaftete KomprimierungVerlustbehaftete Komprimierung
Verlustbehaftete KomprimierungJens Oberender
 
Peer-to-Peer Security
Peer-to-Peer SecurityPeer-to-Peer Security
Peer-to-Peer SecurityJens Oberender
 
On the Design Dilemma in Dining Cryptographer Networks
On the Design Dilemma in Dining Cryptographer NetworksOn the Design Dilemma in Dining Cryptographer Networks
On the Design Dilemma in Dining Cryptographer NetworksJens Oberender
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Maestría en Comunicación Digital Interactiva - UNR
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 

Contenu connexe

Plus de Jens Oberender

Konsumterror #BCBN20 Barcamp Sessopn
Konsumterror #BCBN20 Barcamp SessopnKonsumterror #BCBN20 Barcamp Sessopn
Konsumterror #BCBN20 Barcamp SessopnJens Oberender
 
Erfahrungsbericht als Area Governor bei Toastmasters International
Erfahrungsbericht als Area Governor bei Toastmasters InternationalErfahrungsbericht als Area Governor bei Toastmasters International
Erfahrungsbericht als Area Governor bei Toastmasters InternationalJens Oberender
 
Smartphone Applications - Common Criteria is going Mobile
Smartphone Applications - Common Criteria is going MobileSmartphone Applications - Common Criteria is going Mobile
Smartphone Applications - Common Criteria is going MobileJens Oberender
 
Pitch Your Project and Vision – Zielgerichtete Kommunikation
Pitch Your Project and Vision – Zielgerichtete KommunikationPitch Your Project and Vision – Zielgerichtete Kommunikation
Pitch Your Project and Vision – Zielgerichtete KommunikationJens Oberender
 
Konzeptbotschafter: The Elevator Pitch
Konzeptbotschafter: The Elevator PitchKonzeptbotschafter: The Elevator Pitch
Konzeptbotschafter: The Elevator PitchJens Oberender
 
Schlipsträger werden - Sinnsuche zum Berufseinstieg
Schlipsträger werden - Sinnsuche zum BerufseinstiegSchlipsträger werden - Sinnsuche zum Berufseinstieg
Schlipsträger werden - Sinnsuche zum BerufseinstiegJens Oberender
 
Überblick Common Criteria
Überblick Common CriteriaÜberblick Common Criteria
Überblick Common CriteriaJens Oberender
 
Grundlagen kooperativer Anonymisierungsnetze
Grundlagen kooperativer AnonymisierungsnetzeGrundlagen kooperativer Anonymisierungsnetze
Grundlagen kooperativer AnonymisierungsnetzeJens Oberender
 
Widerstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von AnonymisierungsnetzenWiderstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von AnonymisierungsnetzenJens Oberender
 
Algorithm for Multi-Path Hop-By-Hop Routing
Algorithm for Multi-Path Hop-By-Hop RoutingAlgorithm for Multi-Path Hop-By-Hop Routing
Algorithm for Multi-Path Hop-By-Hop RoutingJens Oberender
 
Getting Things Done (GfA Präsentation)
Getting Things Done (GfA Präsentation)Getting Things Done (GfA Präsentation)
Getting Things Done (GfA Präsentation)Jens Oberender
 
Riding the Flow - Wissenarbeit nach der Getting Things Done Methode
Riding the Flow - Wissenarbeit nach der Getting Things Done MethodeRiding the Flow - Wissenarbeit nach der Getting Things Done Methode
Riding the Flow - Wissenarbeit nach der Getting Things Done MethodeJens Oberender
 
Grundlagen Kooperativer Anonymität
Grundlagen Kooperativer AnonymitätGrundlagen Kooperativer Anonymität
Grundlagen Kooperativer AnonymitätJens Oberender
 
Widerstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von AnonymisierungsnetzenWiderstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von AnonymisierungsnetzenJens Oberender
 
Verlustbehaftete Komprimierung
Verlustbehaftete KomprimierungVerlustbehaftete Komprimierung
Verlustbehaftete KomprimierungJens Oberender
 
On the Design Dilemma in Dining Cryptographer Networks
On the Design Dilemma in Dining Cryptographer NetworksOn the Design Dilemma in Dining Cryptographer Networks
On the Design Dilemma in Dining Cryptographer NetworksJens Oberender
 

Plus de Jens Oberender (17)

Konsumterror #BCBN20 Barcamp Sessopn
Konsumterror #BCBN20 Barcamp SessopnKonsumterror #BCBN20 Barcamp Sessopn
Konsumterror #BCBN20 Barcamp Sessopn
 
Erfahrungsbericht als Area Governor bei Toastmasters International
Erfahrungsbericht als Area Governor bei Toastmasters InternationalErfahrungsbericht als Area Governor bei Toastmasters International
Erfahrungsbericht als Area Governor bei Toastmasters International
 
Smartphone Applications - Common Criteria is going Mobile
Smartphone Applications - Common Criteria is going MobileSmartphone Applications - Common Criteria is going Mobile
Smartphone Applications - Common Criteria is going Mobile
 
Pitch Your Project and Vision – Zielgerichtete Kommunikation
Pitch Your Project and Vision – Zielgerichtete KommunikationPitch Your Project and Vision – Zielgerichtete Kommunikation
Pitch Your Project and Vision – Zielgerichtete Kommunikation
 
Konzeptbotschafter: The Elevator Pitch
Konzeptbotschafter: The Elevator PitchKonzeptbotschafter: The Elevator Pitch
Konzeptbotschafter: The Elevator Pitch
 
Schlipsträger werden - Sinnsuche zum Berufseinstieg
Schlipsträger werden - Sinnsuche zum BerufseinstiegSchlipsträger werden - Sinnsuche zum Berufseinstieg
Schlipsträger werden - Sinnsuche zum Berufseinstieg
 
Überblick Common Criteria
Überblick Common CriteriaÜberblick Common Criteria
Überblick Common Criteria
 
Grundlagen kooperativer Anonymisierungsnetze
Grundlagen kooperativer AnonymisierungsnetzeGrundlagen kooperativer Anonymisierungsnetze
Grundlagen kooperativer Anonymisierungsnetze
 
Widerstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von AnonymisierungsnetzenWiderstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von Anonymisierungsnetzen
 
Algorithm for Multi-Path Hop-By-Hop Routing
Algorithm for Multi-Path Hop-By-Hop RoutingAlgorithm for Multi-Path Hop-By-Hop Routing
Algorithm for Multi-Path Hop-By-Hop Routing
 
Getting Things Done (GfA Präsentation)
Getting Things Done (GfA Präsentation)Getting Things Done (GfA Präsentation)
Getting Things Done (GfA Präsentation)
 
Riding the Flow - Wissenarbeit nach der Getting Things Done Methode
Riding the Flow - Wissenarbeit nach der Getting Things Done MethodeRiding the Flow - Wissenarbeit nach der Getting Things Done Methode
Riding the Flow - Wissenarbeit nach der Getting Things Done Methode
 
Grundlagen Kooperativer Anonymität
Grundlagen Kooperativer AnonymitätGrundlagen Kooperativer Anonymität
Grundlagen Kooperativer Anonymität
 
Widerstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von AnonymisierungsnetzenWiderstandsfähigkeit von Anonymisierungsnetzen
Widerstandsfähigkeit von Anonymisierungsnetzen
 
Verlustbehaftete Komprimierung
Verlustbehaftete KomprimierungVerlustbehaftete Komprimierung
Verlustbehaftete Komprimierung
 
Peer-to-Peer Security
Peer-to-Peer SecurityPeer-to-Peer Security
Peer-to-Peer Security
 
On the Design Dilemma in Dining Cryptographer Networks
On the Design Dilemma in Dining Cryptographer NetworksOn the Design Dilemma in Dining Cryptographer Networks
On the Design Dilemma in Dining Cryptographer Networks
 

Dernier

BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 

Dernier (20)

Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 

Detecting DoS Flooding in Anonymity Networks

  • 1. MonAM 2007 LAAS-CNRS, Toulouse, Toulouse France 5. November 2007 Denial-of-Service Flooding Detection g in Anonymity Networks Jens Oberender Computer Networks & Communications Group Melanie Volkamer Institute for IT-Security and Security Law Hermann de Meer University of Passau Germany y Network of Excellence: Design and Engineering of the Future Generation Internet ( (IST-028022) ) Performance Measurement and Management for Two-Level Optimization of Networks and Peer-to-Peer Applications (GR/S69009/01)
  • 2. Attacks in Anonymity Networks Chaum’s Mixer A sender remains anonymous, if an adversary catches no evidence on sender identity d t h id d id tit Application Attacks Transport p Network Data Link DoS Sender G t Gateway Detection D t ti i Receiver R jens.oberen j Anonymity Network nder@uni-p How to protect receivers from anonymous flooding attacks? 1. Enable traffic flow detection DoS attack detection passau.de 1 2. Prevent anonymity breach protect sender identity Message Tagging g gg g 07.11.2007 DoS Flooding Detection in Anonymity Networks 2
  • 3. Linkability Continuum Two messages are linkable by an adversary, if evidence on their relation can be provided. 1 ∞ # Messages per Profile None Limited Lifelong Message Linkability Pseudonyms – Adversary links all messages malicious profiling U b Unobservability bilit jens.oberen j + Observer cannot link any messages together Limited Linkability ed ab y nder@uni-p Restricted number of linkable messages Enables traffic flow clustering passau.de 07.11.2007 DoS Flooding Detection in Anonymity Networks 3
  • 4. Attacker Model Assumptions Privacy Adversary Anonymity Network unbroken • Aim: disclose sender anonymity y y Access Control Entity trusted • Observe incoming tags by sender & receivers • Collude with other DoS engines Access DoS Adversary Control Mitigation Access j jens.oberen Attacker Anonymity Network Adversary Receiver Control Access Control Adversary Receiver nder@uni-p Message Flooding Attacker Security Objectives 1. Limited linkabilit linkability passau.de • Aim: Denial-of-Service • Exhausts victim resources 2. Linkability resistant to malicious influence 07.11.2007 DoS Flooding Detection in Anonymity Networks 4
  • 5. Message tagging Fast, local traffic flow cluster criteria Hash from characteristic strings (key derivation function) Values not comparable with fresh salt Linkability control Tag properties Sender differentiate senders j jens.oberen nder@uni-p Receiver disables cross-server profiling passau.de Time Frame disables lifelong linkability 07.11.2007 DoS Flooding Detection in Anonymity Networks 5
  • 6. Internal vs. External Tags Anonymity Attack using external tags Collude to learn anonymous paths Proposed internal Message Tagging j jens.oberen h(SenderX, Receiver, ) Tags reside within encrypted channel nder@uni-passau.de p 07.11.2007 DoS Flooding Detection in Anonymity Networks 6
  • 7. Clustering of Anonymous Traffic Flows Anonymous Messages Header data stripped off, application level analysis needed Regular Use Message Tag e Flooding jens.oberen j t t t Time at Access Control Entity Message tags enable flow clustering nder@uni-p h(SenderX, Receiver, ) Clusters of [ Sender, , ] at Engine g passau.de Detection frames cluster partial message flows Arrival rate 07.11.2007 DoS Flooding Detection in Anonymity Networks 7
  • 8. Clustering of time-based Tags j jens.oberender@uni-passau.de n p 07.11.2007 DoS Flooding Detection in Anonymity Networks 8
  • 9. Scalability Issues Clock skew in distributed systems misuse degrades linkability Access control entity Counts messages jens.oberen j nt u essage Tag ... per sender co Logarithm oga nder@uni-p Me effects on tag passau.de Traffic flow classification Arrival rate per message tag Activity profiling 07.11.2007 DoS Flooding Detection in Anonymity Networks 9
  • 10. Sender Linkability Scales with message volume Depends on arrival rate towards each receiver Message tags collisions Access Control Entity 1 Entity 2 DoS Offset Detection Flooding Time Flow splitting increases linkability jens.oberen j Incentive mechanism nder@uni-p Strategic players’ goal: maximize privacy Inoffensive communication encouraged passau.de 07.11.2007 DoS Flooding Detection in Anonymity Networks 10
  • 11. Multiple sender identities Equivalent to DDoS No defense against attacks from different sender identities, but… b t Example BotNets p Anonymity for attacker only Proxy functionality Yet these d ’t spy SMTP authentication Y t th don’t th ti ti j jens.oberen Anonymity networks o y y e o s nder@uni-p No need to operate a BotNet Anonymous attacks using real identity Hard-to-detect without add-ons d d passau.de Benefits the privacy of the broad public! 07.11.2007 DoS Flooding Detection in Anonymity Networks 11
  • 12. Conclusions Partial traffic flows Ability to detect Anonymous DoS Flooding Attacks state-of-the-art state of the art techniques applicable Sender Anonymity maintained Sender Privacy Defense of cross-server profiling Restricted amount of message linkable Arrival Rate Linkability jens.oberen j nder@uni-passau.de p Jens Oberender <jens.oberender@uni-passau.de> j @ 07.11.2007 DoS Flooding Detection in Anonymity Networks 12