The overlay scan attack: inferring topologies of distributed pub/sub systems through broker saturation

While pub/sub communication middleware has become main-stream in many application domains, little has been done to assess its weaknesses from a security standpoint. Complex attacks are usually planned by attackers by carefully analyzing the victim to identify those systems that, if successfully targeted, could provide the most effective result. In this paper we show that some pub/sub middleware are inherently vulnerable to a specific kind of preparatory attack, namely the Overlay Scan Attack, that a malicious user could exploit to infer the internal topology of a system, a sensible information that could be used to plan future attacks. The topology inference is performed by only using the standard primitives provided by the pub/sub middleware and assuming minimal knowledge on the target system. The practicality of this attack has been shown both in a simulated environment and through a test performed on a SIENA pub/sub deployment.

[1]  Hans-Arno Jacobsen,et al.  A taxonomy for denial of service attacks in content-based publish/subscribe systems , 2007, DEBS '07.

[2]  Virgil D. Gligor,et al.  The Crossfire Attack , 2013, 2013 IEEE Symposium on Security and Privacy.

[3]  M. Frans Kaashoek,et al.  Vivaldi: a decentralized network coordinate system , 2004, SIGCOMM 2004.

[4]  A. Dress Trees, tight extensions of metric spaces, and the cohomological dimension of certain groups: A note on combinatorial properties of metric spaces , 1984 .

[5]  Florian Schintke,et al.  Gossip-based topology inference for efficient overlay mapping on data centers , 2009, 2009 IEEE Ninth International Conference on Peer-to-Peer Computing.

[6]  Adrian Perrig,et al.  The Coremelt Attack , 2009, ESORICS.

[7]  Christina Fragouli,et al.  Topology inference using network coding , 2012 .

[8]  Carrie Gates,et al.  Coordinated Scan Detection , 2009, NDSS.

[9]  Sasu Tarkoma,et al.  Distributed event routing in publish/subscribe communication systems , 2009 .

[10]  S. S. Yau,et al.  Distance matrix of a graph and its realizability , 1965 .

[11]  Piotr Rudnicki,et al.  A Fast Algorithm for Constructing Trees from Distance Matrices , 1989, Inf. Process. Lett..

[12]  Yajun Wang,et al.  Network Topology Inference Based on End-to-End Measurements , 2006, IEEE Journal on Selected Areas in Communications.

[13]  H. Edelsbrunner,et al.  Efficient algorithms for agglomerative hierarchical clustering methods , 1984 .

[14]  Jian Ni,et al.  Efficient and Dynamic Routing Topology Inference From End-to-End Measurements , 2010, IEEE/ACM Transactions on Networking.

[15]  Ingo Althöfer,et al.  On optimal realizations of finite metric spaces by graphs , 1988, Discret. Comput. Geom..

[16]  Yannis Manolopoulos,et al.  Structure-based similarity search with graph histograms , 1999, Proceedings. Tenth International Workshop on Database and Expert Systems Applications. DEXA 99.

[17]  David Shallcross,et al.  Distance Realization Problems with Applications to Internet Tomography , 2001, J. Comput. Syst. Sci..

[18]  Robert Tappan Morris,et al.  Vivaldi: a decentralized network coordinate system , 2004, SIGCOMM '04.

[19]  Thomas P. Minka,et al.  Gates , 2008, NIPS.

[20]  Daniel Stutzbach,et al.  Capturing Accurate Snapshots of the Gnutella Network , 2005, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[21]  Alexander L. Wolf,et al.  A routing scheme for content-based networking , 2004, IEEE INFOCOM 2004.

[22]  Yigal Bejerano Taking the Skeletons Out of the Closets: A Simple and Efficient Topology Discovery Scheme for Large Ethernet LANs , 2009, IEEE/ACM Transactions on Networking.