Advertisement

Evaluation of Attack Countermeasures to Improve the DoS Robustness of RSerPool Systems by Simulations and Measurements

  • Xing Zhou
  • Thomas Dreibholz
  • Wencai Du
  • Erwin P. Rathgeb
Part of the Informatik aktuell book series (INFORMAT)

Abstract

The Reliable Server Pooling (RSerPool) architecture is the IETF’s new standard for a lightweight server redundancy and session failover framework to support availability-critical applications. RSerPool combines the ideas from different research areas into a single, resource-efficient and unified architecture. While there have already been a number of research papers on its performance in general, the robustness against intentional attacks has not been intensively addressed yet. In particular, there have not been any analyses for real setups.

Therefore, the goal of this paper is to provide a robustness analysis in order to outline the attack bandwidth which is necessary for a significant impact on RSerPool-based services. This analysis is based on lab measurements — using a real RSerPool system setup — as well as on measurements for comparison and validation. Furthermore, we present and evaluate countermeasure approaches to significantly reduce the impact of attacks.1

Keywords

Reliable Server Pooling Security Attacks Denial of Service Robustness Performance Analysis 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    S. Bellovin, J. Ioannidi, A. Keromytis, and R. Stewart. On the Use of Stream Control Transmission Protocol (SCTP) with IPsec. Standards Track RFC 3554, IETF, July 2003.Google Scholar
  2. 2.
    S. A. Crosby and D. S. Wallach. Denial of service via Algorithmic Complexity Attacks. In Proceedings of the 12th USENIX Security Symposium, pages 29–44, Washington, DC/U.S.A., Aug. 2003.Google Scholar
  3. 3.
    T. Dreibholz. Reliable Server Pooling — Evaluation, Optimization and Extension of a Novel IETF Architecture. PhD thesis, University of Duisburg-Essen, Faculty of Economics, Institute for Computer Science and Business Information Systems, Mar. 2007.Google Scholar
  4. 4.
    T. Dreibholz and E. P. Rathgeb. On the Performance of Reliable Server Pooling Systems. In Proceedings of the IEEE Conference on Local Computer Networks (LCN) 30th Anniversary, pages 200–208, Sydney/Australia, Nov. 2005. ISBN 0-7695-2421-4.Google Scholar
  5. 5.
    T. Dreibholz and E. P. Rathgeb. On Improving the Performance of Reliable Server Pooling Systems for Distance-Sensitive Distributed Applications. In Proceedings of the 15. ITG/GI Fachtagung Kommunikation in Verteilten Systemen (KiVS), pages 39–50, Bern/Switzerland, Feb. 2007. ISBN 978-3-540-69962-0.Google Scholar
  6. 6.
    T. Dreibholz and E. P. Rathgeb. A Powerful Tool-Chain for Setup, Distributed Processing, Analysis and Debugging of OMNeT++ Simulations. In Proceedings of the 1st ACM/ICST OMNeT++ Workshop, Marseille/France, Mar. 2008. ISBN 978-963-9799-20-2.Google Scholar
  7. 7.
    T. Dreibholz and E. P. Rathgeb. An Evaluation of the Pool Maintenance Overhead in Reliable Server Pooling Systems. SERSC International Journal on Hybrid Information Technology (IJHIT), 1(2): 17–32, Apr. 2008.Google Scholar
  8. 8.
    T. Dreibholz and E. P. Rathgeb. Reliable Server Pooling — A Novel IETF Architecture for Availability-Sensitive Services. In Proceedings of the 2nd IEEE International Conference on Digital Society (ICDS), pages 150–156, Sainte Luce/Martinique, Feb. 2008. ISBN 978-0-7695-3087-1.Google Scholar
  9. 9.
    T. Dreibholz, E. P. Rathgeb, and X. Zhou. On Robustness and Countermeasures of Reliable Server Pooling Systems against Denial of Service Attacks. In Proceedings of the IFIP Networking, pages 586–598, Singapore, May 2008. ISBN 978-3-540-79548-3.Google Scholar
  10. 10.
    T. Dreibholz and M. Tüxen. Reliable Server Pooling Policies. RFC 5356, IETF, Sept. 2008.Google Scholar
  11. 11.
    T. Dreibholz, X. Zhou, and E. P. Rathgeb. A Performance Evaluation of RSerPool Server Selection Policies in Varying Heterogeneous Capacity Scenarios. In Proceedings of the 33rd IEEE EuroMirco Conference on Software Engineering and Advanced Applications, pages 157–164, Lübeck/Germany, Aug. 2007. ISBN 0-7695-2977-1.Google Scholar
  12. 12.
    I. Foster. What is the Grid? A Three Point Checklist. GRID Today, July 2002.Google Scholar
  13. 13.
    C. Hohendorf, E. P. Rathgeb, E. Unurkhaan, and M. Tüxen. Secure End-to-End Transport Over SCTP. Journal of Computers, 2(4):31–40, June 2007.CrossRefGoogle Scholar
  14. 14.
    A. Jungmaier, E. Rescorla, and M. Tüxen. Transport Layer Security over Stream Control Transmission Protocol. Standards Track RFC 3436, IETF, Dec. 2002.Google Scholar
  15. 15.
    P. Lei, L. Ong, M. Tüxen, and T. Dreibholz. An Overview of Reliable Server Pooling Protocols. Informational RFC 5351, IETF, Sept. 2008.Google Scholar
  16. 16.
    P. Schöttle, T. Dreibholz, and E. P. Rathgeb. On the Application of Anomaly Detection in Reliable Server Pooling Systems for Improved Robustness against Denial of Service Attacks. In Proceedings of the 33rd IEEE Conference on Local Computer Networks (LCN), pages 207–214, Montreal/Canada, Oct. 2008. ISBN 978-1-4244-2413-9.Google Scholar
  17. 17.
    R. Stewart. Stream Control Transmission Protocol. Standards Track RFC 4960, IETF, Sept. 2007.Google Scholar
  18. 18.
    R. Stewart, Q. Xie, M. Stillman, and M. Tüxen. Aggregate Server Access Protcol (ASAP). RFC 5352, IETF, Sept. 2008.Google Scholar
  19. 19.
    M. Stillman, R. Gopal, E. Guttman, M. Holdrege, and S. Sengodan. Threats Introduced by RSerPool and Requirements for Security. RFC 5355, IETF, Sept. 2008.Google Scholar
  20. 20.
    E. Unurkhaan. Secure End-to-End Transport-A new security extension for SCTP. PhD thesis, University of Duisburg-Essen, Institute for Experimental Mathematics, July 2005.Google Scholar
  21. 21.
    Q. Xie, R. Stewart, M. Stillman, M. Tüxen, and A. Silverton. Endpoint Handiespace Redundancy Protocol (ENRP). RFC 5353, IETF, Sept. 2008.Google Scholar
  22. 22.
    X. Zhou, T. Dreibholz, and E. P. Rathgeb. A New Approach of Performance Improvement for Server Selection in Reliable Server Pooling Systems. In Proceedings of the 15th IEEE International Conference on Advanced Computing and Communication (ADCOM), pages 117–121, Guwahati/India, Dec. 2007. ISBN 0-7695-3059-1.Google Scholar
  23. 23.
    X. Zhou, T. Dreibholz, and E. P. Rathgeb. Improving the Load Balancing Performance of Reliable Server Pooling in Heterogeneous Capacity Environments. In Proceedings of the 3rd Asian Internet Engineering Conference (AINTEC), volume 4866 of Lecture Notes in Computer Science, pages 125–140. Springer, Nov. 2007. ISBN 978-3-540-76808-1.Google Scholar
  24. 24.
    X. Zhou, T. Dreibholz, and E. P. Rathgeb. A New Server Selection Strategy for Reliable Server Pooling in Widely Distributed Environments. In Proceedings of the 2nd IEEE International Conference on Digital Society (ICDS), pages 171–177, Sainte Luce/Martinique, Feb. 2008. ISBN 978-0-7695-3087-1.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Xing Zhou
    • 1
  • Thomas Dreibholz
    • 2
  • Wencai Du
    • 1
  • Erwin P. Rathgeb
    • 2
  1. 1.College of Information Science and TechnologyHainan UniversityHaikou, HainanChina
  2. 2.Institute for Experimental MathematicsUniversity of Duisburg-EssenEssenGermany

Personalised recommendations