Making secure TCP connections resistant to server failures

Methods are presented to increase resiliency to server failures by migrating long running, secure TCP-based connections to backup servers, thus mitigating damage from servers disabled by attacks or accidental failures. The failover mechanism described is completely transparent to the client. Using these techniques, simple, practical systems can be built that can be retrofitted into the existing infrastructure, i.e. without requiring changes either to the TCP/IP protocol, or to the client system. The end result is a drop-in method of adding significant robustness to secure network connections such as those using the secure shell protocol (SSH). As there is a large installed universe of TCP-based user agent software, it will be some time before widespread adoption takes place of other approaches designed to withstand these kind of service failures; our methods provide an immediate way to enhance reliability, and thus resistance to attack, without having to wait for clients to upgrade software at their end. The practical viability of our approach is demonstrated by providing details of a system we have built that satisfies these requirements.

[1]  Lorenzo Alvisi,et al.  Wrapping server-side TCP to mask connection failures , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[2]  Steven McCanne,et al.  An active service framework and its application to real-time multimedia transcoding , 1998, SIGCOMM '98.

[3]  Hari Balakrishnan,et al.  An end-to-end approach to host mobility , 2000, MobiCom '00.

[4]  Eric Van Hensbergen,et al.  KNITS: switch-based connection hand-off , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[5]  Christof Fetzer,et al.  Tapping TCP streams , 2001, Proceedings IEEE International Symposium on Network Computing and Applications. NCA 2001.

[6]  Jeffrey Xu Yu,et al.  Implementation of a portable-IP system for mobile TCP/IP , 1997 .

[7]  Liviu Iftode,et al.  Transport layer support for highly-available network services , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[8]  Hari Balakrishnan,et al.  Fine-Grained Failover Using Connection Migration , 2001, USITS.

[9]  Armando Fox,et al.  Scalable cluster-based network services , 1997 .

[10]  Yuval Tamir,et al.  Implementation and evaluation of transparent fault-tolerant Web service with kernel-level support , 2002, Proceedings. Eleventh International Conference on Computer Communications and Networks.

[11]  Erich M. Nahum,et al.  Locality-aware request distribution in cluster-based network servers , 1998, ASPLOS VIII.

[12]  Barton P. Miller,et al.  Reliable network connections , 2002, MobiCom '02.

[13]  John H. Hartman,et al.  Optimizing TCP forwarder performance , 2000, TNET.

[14]  R. Stephenson A and V , 1962, The British journal of ophthalmology.

[15]  David A. Maltz,et al.  MSOCKS+: an architecture for transport layer mobility , 2002, Comput. Networks.

[16]  Liviu Iftode,et al.  Migratory TCP: connection migration for service continuity in the Internet , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.