Advertisement

On Robustness and Countermeasures of Reliable Server Pooling Systems Against Denial of Service Attacks

  • Thomas Dreibholz
  • Erwin P. Rathgeb
  • Xing Zhou
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4982)

Abstract

The Reliable Server Pooling (RSerPool) architecture is the IETF’s novel approach to standardize a light-weight protocol framework for server redundancy and session failover. It combines ideas from different research areas into a single, resource-efficient and unified architecture. While there have already been a number of contributions on the performance of RSerPool for its main tasks – pool management, load distribution and failover handling – the robustness of the protocol framework has not yet been evaluated against intentional attacks.

The first goal of this paper is to provide a robustness analysis. In particular, we would like to outline the attack bandwidth necessary for a significant impact on the service. Furthermore, we present and evaluate our countermeasure approach to significantly reduce the impact of attacks.

Keywords

Reliable Server Pooling Attacks Denial of Service Robustness Countermeasures 

References

  1. 1.
    Lei, P., Ong, L., Tüxen, M., Dreibholz, T.: An Overview of Reliable Server Pooling Protocols. Internet-Draft Version 04, IETF, RSerPool Working Group. draft-ietf-rserpool-overview-04.txt (work in progress, Janurary 2008)Google Scholar
  2. 2.
    Dreibholz, T., Rathgeb, E.P.: An Evalulation of the Pool Maintenance Overhead in Reliable Server Pooling Systems. In: Proceedings of the IEEE International Conference on Future Generation Communication and Networking (FGCN), Jeju Island/South Korea, vol. 1, pp. 136–143 (2007), ISBN 0-7695-3048-6Google Scholar
  3. 3.
    Stewart, R., Xie, Q., Morneault, K., Sharp, C., Schwarzbauer, H., Taylor, T., Rytina, I., Kalla, M., Zhang, L., Paxson, V.: Stream Control Transmission Protocol. Standards Track RFC 2960, IETF (2000)Google Scholar
  4. 4.
    Dreibholz, T., Rathgeb, E.P.: On the Performance of Reliable Server Pooling Systems. In: Proceedings of the IEEE Conference on Local Computer Networks (LCN) 30th Anniversary, Sydney/Australia, November 2005 pp. 200–208 (2005), ISBN 0-7695-2421-4Google Scholar
  5. 5.
    Dreibholz, T., Rathgeb, E.P.: Reliable Server Pooling – A Novel IETF Architecture for Availability-Sensitive Services. In: Proceedings of the 2nd IEEE International Conference on Digital Society (ICDS), Sainte Luce/Martinique, February 2008, pp. 150–156 (2008), ISBN 978-0-7695-3087-1Google Scholar
  6. 6.
    Unurkhaan, E.: Secure End-to-End Transport - A new security extension for SCTP. PhD thesis, University of Duisburg-Essen, Institute for Experimental Mathematics (2005)Google Scholar
  7. 7.
    Stillman, M., Gopal, R., Guttman, E., Holdrege, M., Sengodan, S.: Threats Introduced by RSerPool and Requirements for Security. Internet-Draft Version 07, IETF, RSerPool Working Group, draft-ietf-rserpool-threats-07.txt (2007)Google Scholar
  8. 8.
    Jungmaier, A., Rescorla, E., Tüxen, M.: Transport Layer Security over Stream Control Transmission Protocol. Standards Track RFC 3436, IETF (2002)Google Scholar
  9. 9.
    Bellovin, S., Ioannidi, J., Keromytis, A., Stewart, R.: On the Use of Stream Control Transmission Protocol (SCTP) with IPsec. Standards Track RFC 3554, IETF (2003)Google Scholar
  10. 10.
    Dreibholz, T.: Reliable Server Pooling – Evaluation, Optimization and Extension of a Novel IETF Architecture. PhD thesis, University of Duisburg-Essen, Faculty of Economics, Institute for Computer Science and Business Information Systems (2007)Google Scholar
  11. 11.
    Xie, Q., Stewart, R., Stillman, M., Tüxen, M., Silverton, A.: Endpoint Handlespace Redundancy Protocol (ENRP). Internet-Draft Version 18, IETF, RSerPool Working Group, draft-ietf-rserpool-enrp-18.txt (work in progress 2007)Google Scholar
  12. 12.
    Jungmaier, A., Rathgeb, E.P., Tüxen, M.: On the Use of SCTP in Failover-Scenarios. In: Proceedings of the State Coverage Initiatives, Mobile/Wireless Computing and Communication Systems II, Orlando, Florida/USA, vol. X (2002), ISBN 980-07-8150-1Google Scholar
  13. 13.
    Foster, I.: What is the Grid? A Three Point Checklist. GRID Today (2002)Google Scholar
  14. 14.
    Dreibholz, T., Rathgeb, E.P.: An Evalulation of the Pool Maintenance Overhead in Reliable Server Pooling Systems. SERSC International Journal on Hybrid Information Technology (IJHIT) 1(2) (2008)Google Scholar
  15. 15.
    Dreibholz, T., Rathgeb, E.P.: On Improving the Performance of Reliable Server Pooling Systems for Distance-Sensitive Distributed Applications. In: Proceedings of the 15. ITG/GI Fachtagung Kommunikation in Verteilten Systemen (KiVS), Bern/Switzerland, February 2007, pp. 39–50 (2007), ISBN 978-3-540-69962-0Google Scholar
  16. 16.
    Stewart, R., Xie, Q., Stillman, M., Tüxen, M.: Aggregate Server Access Protcol (ASAP). Internet-Draft Version 18, IETF, RSerPool Working Group, draft-ietf-rserpool-asap-18.txt (work in progress, 2007)Google Scholar
  17. 17.
    Tüxen, M., Dreibholz, T.: Reliable Server Pooling Policies. Internet-Draft Version 07, IETF, RSerPool Working Group, draft-ietf-rserpool-policies-07.txt (work in progress, 2007)Google Scholar
  18. 18.
    Zhou, X., Dreibholz, T., Rathgeb, E.P.: A New Server Selection Strategy for Reliable Server Pooling in Widely Distributed Environments. In: Proceedings of the 2nd IEEE International Conference on Digital Society (ICDS), Sainte Luce/Martinique, February 2008, pp. 171–177 (2008), ISBN 978-0-7695-3087-1Google Scholar
  19. 19.
    ITU-T: Introduction to CCITT Signalling System No. 7. Technical Report Recommendation Q.700, International Telecommunication Union (1993)Google Scholar
  20. 20.
    Dreibholz, T., Jungmaier, A., Tüxen, M.: A new Scheme for IP-based Internet Mobility. In: Proceedings of the 28th IEEE Local Computer Networks Conference (LCN), Königswinter/Germany, November 2003, pp. 99–108 (2003), ISBN 0-7695-2037-5Google Scholar
  21. 21.
    Conrad, P., Jungmaier, A., Ross, C., Sim, W.-C., Tüxen, M.: Reliable IP Telephony Applications with SIP using RSerPool. In: Proceedings of the State Coverage Initiatives, Mobile/Wireless Computing and Communication Systems II, Orlando, Florida/USA, July 2002, vol. X (2002), ISBN 980-07-8150-1Google Scholar
  22. 22.
    Dreibholz, T., Coene, L., Conrad, P.: Reliable Server Pooling Applicability for IP Flow Information Exchange. Internet-Draft Version 05, IETF, Individual Submission. draft-coene-rserpool-applic-ipfix-05.txt (work in progress, 2008)Google Scholar
  23. 23.
    Uyar, Ü., Zheng, J., Fecko, M.A., Samtani, S., Conrad, P.: Evaluation of Architectures for Reliable Server Pooling in Wired and Wireless Environments. IEEE JSAC Special Issue on Recent Advances in Service Overlay Networks 22, 164–175 (2004)Google Scholar
  24. 24.
    Dreibholz, T., Rathgeb, E.P.: A Powerful Tool-Chain for Setup, Distributed Processing, Analysis and Debugging of OMNeT++ Simulations. In: Proceedings of the 1st OMNeT++ Workshop, Marseille/France (March 2008), ISBN 978-963-9799-20-2Google Scholar
  25. 25.
    Varga, A.: OMNeT++ Discrete Event Simulation System User Manual - Version 3.2, Technical University of Budapest/Hungary (2005)Google Scholar
  26. 26.
    Crosby, S.A., Wallach, D.S.: Denial of service via Algorithmic Complexity Attacks. In: Proceedings of the 12th USENIX Security Symposium, Washington, DC/USA, pp. 29–44 (August 2003)Google Scholar
  27. 27.
    Eastlake, D., Jones, P.: US Secure Hash Algorithm 1 (SHA1). Informational RFC 3174, IETF (2001)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Thomas Dreibholz
    • 1
  • Erwin P. Rathgeb
    • 1
  • Xing Zhou
    • 2
  1. 1.Institute for Experimental MathematicsUniversity of Duisburg-EssenEssenGermany
  2. 2.College of Information Science and TechnologyHainan UniversityHaikouChina

Personalised recommendations