Epiphany: A location hiding architecture for protecting critical services from DDoS attacks

Critical services operating over the Internet are increasingly threatened by Distributed Denial of Service (DDoS) attacks. To protect them we propose Epiphany, an architecture that hides the service IP addresses so that attackers cannot locate and target them. Epiphany provides service access through numerous lightweight proxies, presenting a wide target to the attacker. Epiphany has strong location hiding properties; no proxy knows the service address. Instead, proxies communicate over ephemeral paths controlled by the service. If a specific proxy misbehaves or is attacked it can be promptly removed. Epiphany separates proxies into setup and data, and only makes setup proxies public, but these use anycast to create distinct network regions. Clients in clean networks are not affected by attackers in other networks. Data proxies are assigned to clients based on their trust. We evaluate the defense properties of Epiphany using simulations and implementations on PlanetLab and a router testbed.

[1]  Dawn Xiaodong Song,et al.  SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[2]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[3]  Ion Stoica,et al.  Taming IP packet flooding attacks , 2004, Comput. Commun. Rev..

[4]  Joe Abley,et al.  Operation of Anycast Services , 2006, RFC.

[5]  Elaine Shi,et al.  Portcullis: protecting connection setup from denial-of-capability attacks , 2007, SIGCOMM '07.

[6]  Dawn Xiaodong Song,et al.  Pi: a path identification mechanism to defend against DDoS attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[7]  David R. Cheriton,et al.  Active Internet Traffic Filtering: Real-time Response to Denial of Service Attacks , 2003, ArXiv.

[8]  Brad Cain,et al.  Source-Specific Multicast for IP , 2006, RFC.

[9]  Adrian Perrig,et al.  SNAPP: stateless network-authenticated path pinning , 2008, ASIACCS '08.

[10]  Paul F. Syverson,et al.  Valet Services: Improving Hidden Servers with a Personal Touch , 2006, Privacy Enhancing Technologies.

[11]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[12]  Ju Wang,et al.  Understanding when location-hiding using overlay networks is feasible , 2006, Comput. Networks.

[13]  Thomas E. Anderson,et al.  Phalanx: Withstanding Multimillion-Node Botnets , 2008, NSDI.

[14]  Scott Shenker,et al.  Internet indirection infrastructure , 2004, IEEE/ACM Transactions on Networking.

[15]  Argyraki,et al.  Network Capabilities : The Good , the Bad and the Ugly Katerina , 2022 .

[16]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[17]  Angelos D. Keromytis,et al.  SOS: secure overlay services , 2002, SIGCOMM '02.

[18]  Joseph B. Kadane,et al.  Using uncleanliness to predict future botnet addresses , 2007, IMC '07.

[19]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[20]  Michael Walfish,et al.  DDoS defense by offense , 2006, TOCS.

[21]  Michael K. Reiter,et al.  Defending against denial-of-service attacks with puzzle auctions , 2003, 2003 Symposium on Security and Privacy, 2003..

[22]  Paul Francis,et al.  Towards a global IP anycast service , 2005, SIGCOMM '05.

[23]  David G. Andersen,et al.  Proceedings of Usits '03: 4th Usenix Symposium on Internet Technologies and Systems Mayday: Distributed Filtering for Internet Services , 2022 .

[24]  Xiaowei Yang,et al.  A DoS-limiting network architecture , 2005, SIGCOMM '05.

[25]  Xin Liu,et al.  To filter or to authorize: network-layer DoS defense against multimillion-node botnets , 2008, SIGCOMM '08.