An experimental study on the applicability of SYN cookies to networked constrained devices

The Internet protocol suite is increasingly used on devices with constrained resources that operate as both clients and servers within the Internet of Things paradigm. However, these devices usually apply few—if any—security measures. Therefore, they are vulnerable to network attacks, particularly to denial of service attacks. The well‐known SYN flood attack works by filling up the connection queue with fake SYN requests. When the queue is full, new connections cannot be opened until some entries are removed after a time‐out. Class 2 constrained devices—according to the RFC 7228—are highly vulnerable to this attack because of their limited available memory, even in low‐rate attacks. This paper analyses and compares in a class 2 constrained device the performance of 2 commonly used defence mechanisms (ie, recycle half‐open connections and SYN cookies) during a low‐rate SYN flood. We first review 2 SYN cookies implementations (ie, Linux and FreeBSD) and compare them with a hybrid approach in a class 2 device. Finally, experimental results prove that the proposed SYN cookies implementation is more effective than recycling the oldest half‐open connections.

[1]  K. Geetha,et al.  SYN flooding attack — Identification and analysis , 2014, International Conference on Information Communication and Embedded Systems (ICICES2014).

[2]  Chuck Darst,et al.  Measurement and management of Internet services , 1999, Integrated Network Management VI. Distributed Management for the Networked Millennium. Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management. (Cat. No.99EX302).

[3]  Muthucumaru Maheswaran,et al.  Securing the Internet of Things , 2017 .

[4]  Jonathan Lemon,et al.  Resisting SYN Flood DoS Attacks with a SYN Cache , 2002, BSDCon.

[5]  Alanson P. Sample,et al.  Design of an RFID-Based Battery-Free Programmable Sensing Platform , 2008, IEEE Transactions on Instrumentation and Measurement.

[6]  Gregory W. Corder,et al.  Nonparametric Statistics for Non-Statisticians: A Step-by-Step Approach , 2009 .

[7]  Wesley M. Eddy,et al.  TCP SYN Flooding Attacks and Common Mitigations , 2007, RFC.

[8]  C. Chellappan,et al.  T-RAP: (TCP Reply Acknowledgement Packet) a Resilient Filtering Model for DDoS Attack with Spoofed IP Address , 2011 .

[9]  Aditya Ashok,et al.  Cyber-Physical Security Testbeds: Architecture, Application, and Evaluation for Smart Grid , 2013, IEEE Transactions on Smart Grid.

[10]  An Liu,et al.  Wireless Sensor Network Security , 2013, Int. J. Distributed Sens. Networks.

[11]  Jianying Zhou,et al.  Wireless Sensor Networks Security , 2008 .

[12]  Andrzej Duda,et al.  An Accurate Sampling Scheme for Detecting SYN Flooding Attacks and Portscans , 2011, 2011 IEEE International Conference on Communications (ICC).

[13]  Sema F. Oktug,et al.  Internet-of-Things security: Denial of service attacks , 2015, 2015 23nd Signal Processing and Communications Applications Conference (SIU).

[14]  Ruimin Hu,et al.  A novel SYN Cookie method for TCP layer DDoS attack , 2009, 2009 International Conference on Future BioMedical Information Engineering (FBIE).

[15]  Yuchung Cheng,et al.  TCP fast open , 2011, CoNEXT '11.

[16]  Geert Deconinck,et al.  Analyzing well-known countermeasures against distributed denial of service attacks , 2012, Comput. Commun..

[17]  Carsten Bormann,et al.  Terminology for Constrained-Node Networks , 2014, RFC.

[18]  Edward W. Knightly,et al.  Impact of Denial of Service Attacks on Ad Hoc Networks , 2008, IEEE/ACM Transactions on Networking.

[19]  M. Engin Tozal,et al.  Defending Cyber-Physical Systems against DoS Attacks , 2016, 2016 IEEE International Conference on Smart Computing (SMARTCOMP).

[20]  Vitaly Shmatikov,et al.  dFence: Transparent Network-based Denial of Service Mitigation , 2007, NSDI.

[21]  George Neville-Neil,et al.  The Design and Implementation of the FreeBSD Operating System , 2014 .

[22]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[23]  Deepa Kundur,et al.  Implementing attacks for modbus/TCP protocol in a real-time cyber physical system test bed , 2015, 2015 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR).

[24]  C. Smith,et al.  Comparison of operating system implementations of SYN flood defenses (Cookies) , 2008, 2008 24th Biennial Symposium on Communications.

[25]  Jean-Philippe Aumasson,et al.  SipHash: A Fast Short-Input PRF , 2012, INDOCRYPT.

[26]  Anirban Mahanti,et al.  Observations on Round-Trip Times of TCP Connections , 2006 .

[27]  André Zúquete,et al.  Improving the functionality of syn cookies , 2002, Communications and Multimedia Security.

[28]  Mohammad Masdari,et al.  A survey and taxonomy of DoS attacks in cloud computing , 2016, Secur. Commun. Networks.

[29]  Tsutomu Matsumoto,et al.  IoTPOT: Analysing the Rise of IoT Compromises , 2015, WOOT.