On the resistance of overlay networks against bandwidth exhaustion attacks

In order to perform private communication over public networks, such as the Internet, several different kinds of virtual overlay networks emerged. Examples are the well known Virtual Private Networks, Darknets, and anonymizing networks like Tor. All of these networks are designed to provide data delivery that is confidential, authentic and integrity protected. Nonetheless, for a secure operation also the availability must be taken into account, especially as these structures turn into vital targets for Denial-of-Service attacks. Within this article we present metrics to rate different network topologies with regard to their resistance against botnets, whose available attack bandwidth is not a limiting factor. The presented metrics consider random, greedy, and optimally operating attackers, and are used to derive several properties that very resilient overlay topologies must have. In particular a low constant node degree and high girth are identified. The results are validated by a simulation study.

[1]  Angelos D. Keromytis,et al.  SOS: an architecture for mitigating DDoS attacks , 2004, IEEE Journal on Selected Areas in Communications.

[2]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[3]  Franco P. Preparata,et al.  The cube-connected-cycles: A versatile network for parallel computation , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[4]  Geert Deconinck,et al.  Comparing Chord, CAN, and Pastry overlay networks for resistance to DoS attacks , 2008, 2008 Third International Conference on Risks and Security of Internet and Systems.

[5]  Günter Schäfer,et al.  Towards the Design of Unexploitable Construction Mechanisms for Multiple-Tree Based P2P Streaming Systems , 2009, KiVS.

[6]  Michael E. Lesk,et al.  The New Front Line: Estonia under Cyberassault , 2007, IEEE Security & Privacy.

[7]  B. Mohar THE LAPLACIAN SPECTRUM OF GRAPHS y , 1991 .

[8]  Jonathan F. Bard,et al.  Practical Bilevel Optimization: Algorithms and Applications , 1998 .

[9]  Günter Schäfer,et al.  Towards a Denial-of-Service Resilient Design of Complex IPsec Overlays , 2009, 2009 IEEE International Conference on Communications.

[10]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[11]  Sira Akavipat,et al.  Risk based resilient network design , 2013, Telecommun. Syst..

[12]  Xiaoming Fu,et al.  GONE: an infrastructure overlay for resilient, DoS-limiting networking , 2006, NOSSDAV '06.

[13]  Christoph P. Mayer,et al.  Large-scale evaluation of distributed attack detection , 2009, SimuTools.

[14]  Thomas H. Dunigan,et al.  Performance of the Intel iPSC/860 and Ncube 6400 hypercubes , 1991, Parallel Comput..

[15]  Sheldon M. Ross,et al.  Probability Models for Computer Science , 2001 .

[16]  Sergi Elizalde,et al.  Cyclic permutations realized by signed shifts , 2013, 1304.7790.

[17]  Andrew A. Chien,et al.  Tolerating denial-of-service attacks using overlay networks: impact of topology , 2003, SSRS '03.

[18]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM '01.

[19]  Tibor Cinkler,et al.  Some more aspects of resilience , 2013, Telecommun. Syst..

[20]  Norman Biggs,et al.  Constructions for Cubic Graphs with Large Girth , 1998, Electron. J. Comb..

[21]  Jinyang Li,et al.  F2F: Reliable Storage in Open Networks , 2006, IPTPS.

[22]  Markus Meringer,et al.  Fast generation of regular graphs and construction of cages , 1999, J. Graph Theory.

[23]  Günter Schäfer,et al.  A survey on automatic configuration of virtual private networks , 2011, Comput. Networks.

[24]  Günter Schäfer,et al.  Optimally DoS Resistant P2P Topologies for Live Multimedia Streaming , 2009, IEEE Transactions on Parallel and Distributed Systems.

[25]  K. K. Ramakrishnan,et al.  Measurement based characterization and provisioning of IP VPNs , 2004, IMC '04.

[26]  M. A. Muñoz,et al.  Entangled networks, synchronization, and optimal network topology. , 2005, Physical review letters.

[27]  Pak-Ken Wong,et al.  Cages - a survey , 1982, J. Graph Theory.

[28]  H. Coxeter Self-dual configurations and regular graphs , 1950 .

[29]  Jozef Gruska Foundations of Computing , 1997 .

[30]  Shi Qian,et al.  Evaluation of network resilience, survivability, and disruption tolerance: analysis, topology generation, simulation, and experimentation , 2013, Telecommun. Syst..

[31]  N. Wormald,et al.  Models of the , 2010 .

[32]  Stephan Dempe,et al.  Foundations of Bilevel Programming , 2002 .

[33]  Jacek Rak,et al.  Reliable anycast and unicast routing: protection against attacks , 2013, Telecommun. Syst..

[34]  Joshua E. Kastenberg,et al.  Georgia’s Cyber Left Hook , 2008, The US Army War College Quarterly: Parameters.