A PLANETLAB-based performance analysis of RSerPool security mechanisms

Reliable Server Pooling (RSerPool) denotes the new IETF standard for a lightweight server redundancy and session failover framework for availability-critical applications. A number of research papers have already addressed the service and pool management performance of RSerPool in general. However, the important topic of security, including the system robustness against intentional attacks, has not yet been intensively addressed. In particular, none of the proposed Denial of Service (DoS) attack countermeasure mechanisms has been evaluated in a real-world Internet setup. For that reason, this paper provides an analysis of the robustness of RSerPool systems against DoS attacks. We will outline the DoS attack bandwidth which is necessary for a significant service degradation. Furthermore, we will present simple but effective DoS attack countermeasure mechanisms to significantly reduce the impact of attacks. Our analysis is based on a real-world Internet setup using the PLANETLAB. We will furthermore compare the performance measurements against simulation results.

[1]  Michael Tüxen,et al.  Aggregate Server Access Protocol (ASAP) and Endpoint Handlespace Redundancy Protocol (ENRP) Parameters , 2008, RFC.

[2]  Larry L. Peterson,et al.  The design principles of PlanetLab , 2006, OPSR.

[3]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[4]  Xing Zhou,et al.  SimProcTC: the design and realization of a powerful tool-chain for OMNeT++ simulations , 2009, SimuTools.

[5]  Thomas Dreibholz,et al.  On Improving the Performance of Reliable Server Pooling Systems for Distance-Sensitive Distributed Applications , 2007, KiVS.

[6]  Thomas Dreibholz,et al.  Reliable Server Pooling Policies , 2008, RFC.

[7]  G.N. Rathna,et al.  Fault-tolerant Video on Demand in RSerPool Architecture , 2006, 2006 International Conference on Advanced Computing and Communications.

[8]  Thomas Dreibholz,et al.  A powerful tool-chain for setup, distributed processing, analysis and debugging of OMNeT++ simulations , 2008, SimuTools.

[9]  Thomas Dreibholz,et al.  Reliable Server Pooling – A Novel IETF Architecture for Availability-Sensitive Services , 2008, Second International Conference on the Digital Society.

[10]  Thomas Dreibholz,et al.  An Overview of Reliable Server Pooling Protocols , 2008, RFC.

[11]  Michael Tüxen,et al.  UDP Encapsulation of SCTP Packets , 2011 .

[12]  Thomas Dreibholz,et al.  An Evalulation of the Pool Maintenance Overhead in Reliable Server Pooling Systems , 2007, Future Generation Communication and Networking (FGCN 2007).

[13]  Xing Zhou,et al.  Evaluation of Attack Countermeasures to Improve the DoS Robustness of RSerPool Systems by Simulations and Measurements , 2009, KiVS.

[14]  Esbold Unurkhaan Secure end-to-end transport over SCTP: a new security extension for SCTP , 1988 .

[15]  Xing Zhou,et al.  A New Server Selection Strategy for Reliable Server Pooling in Widely Distributed Environments , 2008, Second International Conference on the Digital Society.

[16]  이남희,et al.  CCITT NO. 7 신호방식 소개 ( Introduction to CCITT Signalling System No.7 ) , 1986 .

[17]  Maureen Stillman Threats Introduced by Rserpool and Requirements for Security in response to Threats , 2002 .

[18]  Lixia Zhang,et al.  Stream Control Transmission Protocol , 2000, RFC.

[19]  Michael Tüxen,et al.  Endpoint Handlespace Redundancy Protocol (ENRP) , 2008, RFC.

[20]  Dan S. Wallach,et al.  Denial of Service via Algorithmic Complexity Attacks , 2003, USENIX Security Symposium.

[21]  Thomas Dreibholz,et al.  On the application of anomaly detection in Reliable Server Pooling systems for improved robustness against denial of service attacks , 2008, 2008 33rd IEEE Conference on Local Computer Networks (LCN).

[22]  Thomas Dreibholz,et al.  On the performance of reliable server pooling systems , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.

[23]  Sunil Samtani,et al.  Evaluation of architectures for reliable server pooling in wired and wireless environments , 2004, IEEE Journal on Selected Areas in Communications.

[24]  Angelos D. Keromytis,et al.  On the Use of Stream Control Transmission Protocol (SCTP) with IPsec , 2003, RFC.

[25]  T. Dreibholz,et al.  Implementing the reliable server pooling framework , 2005, Proceedings of the 8th International Conference on Telecommunications, 2005. ConTEL 2005..

[26]  Eric Rescorla,et al.  Transport Layer Security over Stream Control Transmission Protocol , 2002, RFC.

[27]  Matt Holdrege,et al.  Threats Introduced by Reliable Server Pooling (RSerPool) and Requirements for Security in Response to Threats , 2008, RFC.

[28]  Thomas Dreibholz Reliable server pooling: evaluation, optimization and extension of a novel IETF architecture , 2007 .

[29]  Donald E. Eastlake,et al.  US Secure Hash Algorithm 1 (SHA1) , 2001, RFC.

[30]  Xing Zhou,et al.  On Robustness and Countermeasures of Reliable Server Pooling Systems Against Denial of Service Attacks , 2008, Networking.

[31]  Thomas Dreibholz An efficient approach for state sharing in server pools , 2002, 27th Annual IEEE Conference on Local Computer Networks, 2002. Proceedings. LCN 2002..

[32]  Andreas Jungmaier Das Transportprotokoll SCTP , 2005 .