A Denial-of-Service Resistant DHT

  • Baruch Awerbuch
  • Christian Scheideler
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4731)

Abstract

We consider the problem of designing scalable and robust information systems based on multiple servers that can survive even massive denial-of-service (DoS) attacks. More precisely, we are focusing on designing a scalable distributed hash table (DHT) that is robust against so-called past insider attacks. In a past insider attack, an adversary knows everything about the system up to some time point t0 not known to the system. After t0, the adversary can attack the system with a massive DoS attack in which it can block a constant fraction of the servers of its choice. Yet, the system should be able to survive such an attack in a sense that for any set of lookup requests, one per non-blocked (i.e., non-DoS attacked) server, every lookup request to a data item that was last updated aftert0 can be served by the system, and processing all the requests just needs polylogarithmic time and work at every server. We show that such a system can be designed.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Andersen, D.G.: Mayday: Distributed filtering for internet services. In: 4th Usenix Symp. on Internet Technologies and Systems (2003)Google Scholar
  2. 2.
    Awerbuch, B., Scheideler, C.: Towards a scalable and robust DHT. In: Proc. of the 18th ACM Symp. on Parallel Algorithms and Architectures (SPAA), ACM Press, New York (2006), http://www14.in.tum.de/personen/scheideler Google Scholar
  3. 3.
    Druschel, P., Rowstron, A.: Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In: Middleware 2001. Proc. of the 18th IFIP/ACM International Conference on Distributed Systems Platforms, ACM Press, New York (2001)Google Scholar
  4. 4.
    Dittrich, D., Mirkovic, J., Dietrich, S., Reiher, P.: Internet Denial of Service: Attack and Defense Mechanisms. Prentice Hall PTR, Englewood Cliffs (2005)Google Scholar
  5. 5.
    Karger, D., Lehman, E., Leighton, T., Levine, M., Lewin, D., Panigrahi, R.: Consistent hashing and random trees: Distributed caching protocols for relieving hot spots on the World Wide Web. In: Proc. of the 29th ACM Symp. on Theory of Computing (STOC), pp. 654–663. ACM Press, New York (1997)Google Scholar
  6. 6.
    Kargl, F., Maier, J., Weber, M.: Protecting web servers from distributed denial of service attacks. World Wide Web, pp. 514–524 (2001)Google Scholar
  7. 7.
    Karp, R., Shenker, S., Schindelhauer, C., Vöcking, B.: Randomized rumor spreading. In: Proc. of the 41st IEEE Symp. on Foundations of Computer Science (FOCS), pp. 565–574. IEEE Computer Society Press, Los Alamitos (2000)CrossRefGoogle Scholar
  8. 8.
    Keromytis, A.D., Misra, V., Rubenstein, D.: SOS: Secure Overlay Services. In: Proc. of ACM SIGCOMM, pp. 61–72. ACM Press, New York (2002)Google Scholar
  9. 9.
    Lakshminarayanan, K., Adkins, D., Perrig, A., Stoica, I.: Taming ip packet flooding attacks (2003)Google Scholar
  10. 10.
    Lawton, G.: Stronger domain name system thwarts root-server attacks. IEEE Computer, 14–17 (May 2007)Google Scholar
  11. 11.
    Mehlhorn, K., Vishkin, U.: Randomized and deterministic simulations of PRAMs by parallel machines with restricted granularity of parallel mamories. Acta Informatica 21, 339–374 (1984)MATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Mirkovic, J., Reiher, P.: A taxonomy of ddos attacks and defense mechanisms. ACM SIGCOMM Computer Communications Review 34(2) (2004)Google Scholar
  13. 13.
    Morein, W.G., Stavrou, A., Cook, D.L., Keromytis, A.D., Misra, V., Rubenstein, D.: Using graphic turing tests to counter automated ddos attacks against web servers. In: Proc. of the 10th ACM Int. Conference on Computer and Communications Security (CCS), pp. 8–19. ACM Press, New York (2003)CrossRefGoogle Scholar
  14. 14.
    Naor, M., Wieder, U.: Novel architectures for P2P applications: the continuous-discrete approach. In: Proc. of the 15th ACM Symp. on Parallel Algorithms and Architectures (SPAA), ACM Press, New York (2003)Google Scholar
  15. 15.
    Oikonomou, G., Mirkovic, J., Reiher, P., Robinson, M.: A framework for collaborative ddos defense. In: Jesshope, C., Egan, C. (eds.) ACSAC 2006. LNCS, vol. 4186, Springer, Heidelberg (2006)Google Scholar
  16. 16.
    Padmanabhan, V.N., Sripanidkulchai, K.: The case for cooperative networking. In: Proc. of the 1st International Workshop on Peer-to-Peer Systems (IPTPS) (2002)Google Scholar
  17. 17.
    Plaxton, G., Rajaraman, R., Richa, A.W.: Accessing nearby copies of replicated objects in a distributed environment. In: Proc. of the 9th ACM Symp. on Parallel Algorithms and Architectures (SPAA), pp. 311–320. ACM Press, New York (1997)CrossRefGoogle Scholar
  18. 18.
    Ratnasamy, S., Francis, P., Handley, M., Karp, R., Shenker, S.: A scalable content-addressable network. In: Proc. of the ACM SIGCOMM 2001, ACM Press, New York (2001)Google Scholar
  19. 19.
    Stading, T., Maniatis, P., Baker, M.: Peer-to-peer caching schemes to address flash crowds. In: Proc. of the 1st International Workshop on Peer-to-Peer Systems (IPTPS) (2002)Google Scholar
  20. 20.
    Stavron, A., Rubenstein, D., Sahn, S.: A lightweight robust P2P system to handle flash crowds. In: Proc. of the IEEE Intl. Conf. on Network Protocols (ICNP), IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  21. 21.
    Stavrou, A., Cook, D.L., Morein, W.G., Keromytis, A.D., Misra, V., Rubenstein, D.: Websos: An overlay-based system for protecting web servers from denial of service attacks (2005)Google Scholar
  22. 22.
    Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H.: Chord: A scalable peer-to-peer lookup service for Internet applications. In: Proc. of the ACM SIGCOMM 2001, ACM Press, New York (2001), http://www.pdos.lcs.mit.edu/chord/ Google Scholar
  23. 23.
    Yang, X., Wetherall, D., Anderson, T.: A dos-limiting network architecture. In: Proc. of the ACM SIGCOMM, ACM Press, New York (2005)Google Scholar
  24. 24.
    Zhao, B.Y., Kubiatowicz, J., Joseph, A.: Tapestry: An infrastructure for fault-tolerant wide-area location and routing. Technical report, UCB/CSD-01-1141, University of California at Berkeley (2001), See also http://www.cs.berkeley.edu/~ravenben/tapestry

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Baruch Awerbuch
    • 1
  • Christian Scheideler
    • 2
  1. 1.Dept. of Computer Science, Johns Hopkins University, Baltimore, MD 21218USA
  2. 2.Institut für Informatik, Technische Universität München, 85748 GarchingGermany

Personalised recommendations