Defending networked resources against floods of unwelcome requests

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, February 2008.Includes bibliographical references (p. 172-189).The Internet is afflicted by "unwelcome requests'" defined broadly as spurious claims on scarce resources. For example, the CPU and other resources at a server are targets of denial-of-service (DOS) attacks. Another example is spam (i.e., unsolicited bulk email); here, the resource is human attention. Absent any defense, a very small number of attackers can claim a very large fraction of the scarce resources. Traditional responses identify "bad" requests based on content (for example, spam filters analyze email text and embedded URLs). We argue that such approaches are inherently gameable because motivated attackers can make "bad" requests look "good". Instead, defenses should aim to allocate resources proportionally (so if lo% of the requesters are "bad", they should be limited to lo% of the scarce resources). To meet this goal, we present the design, implementation, analysis, and experimental evaluation of two systems. The first, speak-up, defends servers against application-level denial-of-service by encouraging all clients to automatically send more traffic. The "good" clients can thereby compete equally with the "bad" ones. Experiments with an implementation of speak-up indicate that it allocates a server's resources in rough proportion to clients' upload bandwidths, which is the intended result. The second system, DQE, controls spam with per-sender email quotas. Under DQE, senders attach stamps to emails. Receivers communicate with a well-known, untrusted enforcer to verify that stamps are fresh and to cancel stamps to prevent reuse. The enforcer is distributed over multiple hosts and is designed to tolerate arbitrary faults in these hosts, resist various attacks, and handle hundreds of billions of messages daily (two or three million stamp checks per second). Our experimental results suggest that our implementation can meet these goals with only a few thousand PCs.(cont) The enforcer occupies a novel design point: a set of hosts implement a simple storage abstraction but avoid neighbor maintenance, replica maintenance, and mutual trust. One connection between these systems is that DQE needs a DoS defense-and can use speak-up. We reflect on this connection, on why we apply speak-up to DoS and DQE to spam, and, more generally, on what problems call for which solutions.by Michael Walfish.Ph.D

Packet filter performance monitor (anti-DDOS algorithm for hybrid topologies)

DDoS attacks are increasingly becoming a major problem. According to Arbor Networks, the largest DDoS attack reported by a respondent in 2015 was 500 Gbps. Hacker News stated that the largest DDoS attack as of March 2016 was over 600 Gbps, and the attack targeted the entire BBC website. With this increasing frequency and threat, and the average DDoS attack duration at about 16 hours, we know for certain that DDoS attacks will not be going away anytime soon. Commercial companies are not effectively providing mitigation techniques against these attacks, considering that major corporations face the same challenges. Current security appliances are not strong enough to handle the overwhelming traffic that accompanies current DDoS attacks. There is also a limited research on solutions to mitigate DDoS attacks. Therefore, there is a need for a means of mitigating DDoS attacks in order to minimize downtime. One possible solution is for organizations to implement their own architectures that are meant to mitigate DDoS attacks. In this dissertation, we present and implement an architecture that utilizes an activity monitor to change the states of firewalls based on their performance in a hybrid network. Both firewalls are connected inline. The monitor is mirrored to monitor the firewall states. The monitor reroutes traffic when one of the firewalls become overwhelmed due to a HTTP DDoS flooding attack. The monitor connects to the API of both firewalls. The communication between the rewalls and monitor is encrypted using AES, based on PyCrypto Python implementation. This dissertation is structured in three parts. The first found the weakness of the hardware firewall and determined its threshold based on spike and endurance tests. This was achieved by flooding the hardware firewall with HTTP packets until the firewall became overwhelmed and unresponsive. The second part implements the same test as the first, but targeted towards the virtual firewall. The same parameters, test factors, and determinants were used; however a different load tester was utilized. The final part was the implementation and design of the firewall performance monitor. The main goal of the dissertation is to minimize downtime when network firewalls are overwhelmed as a result of a DDoS attack

Increasing the robustness of networked systems

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2009.Includes bibliographical references (p. 133-143).What popular news do you recall about networked systems? You've probably heard about the several hour failure at Amazon's computing utility that knocked down many startups for several hours, or the attacks that forced the Estonian government web-sites to be inaccessible for several days, or you may have observed inexplicably slow responses or errors from your favorite web site. Needless to say, keeping networked systems robust to attacks and failures is an increasingly significant problem. Why is it hard to keep networked systems robust? We believe that uncontrollable inputs and complex dependencies are the two main reasons. The owner of a web-site has little control on when users arrive; the operator of an ISP has little say in when a fiber gets cut; and the administrator of a campus network is unlikely to know exactly which switches or file-servers may be causing a user's sluggish performance. Despite unpredictable or malicious inputs and complex dependencies we would like a network to self-manage itself, i.e., diagnose its own faults and continue to maintain good performance. This dissertation presents a generic approach to harden networked systems by distinguishing between two scenarios. For systems that need to respond rapidly to unpredictable inputs, we design online solutions that re-optimize resource allocation as inputs change. For systems that need to diagnose the root cause of a problem in the presence of complex subsystem dependencies, we devise techniques to infer these dependencies from packet traces and build functional representations that facilitate reasoning about the most likely causes for faults. We present a few solutions, as examples of this approach, that tackle an important class of network failures. Specifically, we address (1) re-routing traffic around congestion when traffic spikes or links fail in internet service provider networks, (2) protecting websites from denial of service attacks that mimic legitimate users and (3) diagnosing causes of performance problems in enterprises and campus-wide networks. Through a combination of implementations, simulations and deployments, we show that our solutions advance the state-of-the-art.by Srikanth Kandula.Ph.D

Internet Monitor 2014: Reflections on the Digital World: Platforms, Policy, Privacy, and Public Discourse

This publication is the second annual report of the Internet Monitor project at the Berkman Centerfor Internet & Society at Harvard University. As with the inaugural report, this year’s edition is a collaborative effort of the extended Berkman community. Internet Monitor 2014: Reflections on the Digital World includes nearly three dozen contributions from friends and colleagues around the world that highlight and discuss some of the most compelling events and trends in the digitally networked environment over the past year. The result, intended for a general interest audience, brings together reflection and analysis on a broad range of issues and regions — from an examination of Europe’s “right to be forgotten” to a review of the current state of mobile security to an exploration of a new wave of movements attempting to counter hate speech online — and offers it up for debate and discussion. Our goal remains not to provide a definitive assessment of the “state of the Internet” but rather to provide a rich compendium of commentary on the year’s developments with respect to the online space. Last year’s report examined the dynamics of Internet controls and online activity through the actions of government, corporations, and civil society. We focus this year on the interplay between technological platforms and policy; growing tensions between protecting personal privacy and using big data for social good; the implications of digital communications tools for public discourse and collective action; and current debates around the future of Internet governance. The report reflects the diversity of ideas and input the Internet Monitor project seeks to invite. Some of the contributions are descriptive; others prescriptive. Some contain purely factual observations; others offer personal opinion. In addition to those in traditional essay format, contributions this year include a speculative fiction story exploring what our increasingly data-driven world might bring, a selection of “visual thinking” illustrations that accompany a number of essays, a “Year in Review” timeline that highlights many of the year’s most fascinating Internet-related news stories (and an interactive version of which is available at the netmonitor.org), and a slightly tongue-in-cheek “By the Numbers” section that offers a look at the year’s important digital statistics. We believe that each contribution offers insights, and hope they provoke further reflection, conversation, and debate in both offline and online settings around the globe

Internet Monitor 2014: Reflections on the Digital World: Platforms, Policy, Privacy, and Public Discourse

This publication is the second annual report of the Internet Monitor project at the Berkman Center for Internet & Society at Harvard University. As with the inaugural report, this year's edition is a collaborative effort of the extended Berkman community. Internet Monitor 2014: Reflections on the Digital World includes nearly three dozen contributions from friends and colleagues around the world that highlight and discuss some of the most compelling events and trends in the digitally networked environment over the past year.The result, intended for a general interest audience, brings together reflection and analysis on a broad range of issues and regions—from an examination of Europe's "right to be forgotten" to a review of the current state of mobile security to an exploration of a new wave of movements attempting to counter hate speech online—and offers it up for debate and discussion. Our goal remains not to provide a definitive assessment of the "state of the Internet" but rather to provide a rich compendium of commentary on the year's developments with respect to the online space.Last year's report examined the dynamics of Internet controls and online activity through the actions of government, corporations, and civil society. We focus this year on the interplay between technological platforms and policy; growing tensions between protecting personal privacy and using big data for social good; the implications of digital communications tools for public discourse and collective action; and current debates around the future of Internet governance.The report reflects the diversity of ideas and input the Internet Monitor project seeks to invite. Some of the contributions are descriptive; others prescriptive. Some contain purely factual observations; others offer personal opinion. In addition to those in traditional essay format, contributions this year include a speculative fiction story exploring what our increasingly data-driven world might bring, a selection of "visual thinking" illustrations that accompany a number of essays, a "Year in Review" timeline that highlights many of the year's most fascinating Internet-related news stories (and an interactive version of which is available at thenetmonitor.org), and a slightly tongue-in-cheek "By the Numbers" section that offers a look at the year's important digital statistics. We believe that each contribution offers insights, and hope they provoke further reflection, conversation, and debate in both offline and online settings around the globe

Whistleblowing for Change

The courageous acts of whistleblowing that inspired the world over the past few years have changed our perception of surveillance and control in today's information society. But what are the wider effects of whistleblowing as an act of dissent on politics, society, and the arts? How does it contribute to new courses of action, digital tools, and contents? This urgent intervention based on the work of Berlin's Disruption Network Lab examines this growing phenomenon, offering interdisciplinary pathways to empower the public by investigating whistleblowing as a developing political practice that has the ability to provoke change from within

Whistleblowing for Change

The courageous acts of whistleblowing that inspired the world over the past few years have changed our perception of surveillance and control in today's information society. But what are the wider effects of whistleblowing as an act of dissent on politics, society, and the arts? How does it contribute to new courses of action, digital tools, and contents? This urgent intervention based on the work of Berlin's Disruption Network Lab examines this growing phenomenon, offering interdisciplinary pathways to empower the public by investigating whistleblowing as a developing political practice that has the ability to provoke change from within

The Legal and Regulatory Aspect of International Cybercrime and Cybersecurity: Limits and Challenges

The development of the internet and digital technologies represent a major opportunity for humanity in transforming businesses and providing new tools for everyday communication. Internet users are spending increasing amounts of time online and undertaking a greater range of online and social networking activities. However, just like a double edged sword, the internet also presents opportunities to cybercrimes in the Information society. The nature of some ‘traditional’ crime types has been transformed by the use of computers and other information communications technology (ICT) in terms of its scale and reach, with risks extending to many aspects of social life, such as financial transactions, sexual offences, harassment and threatening behavior, and commercial damage and disorder. Cybercrime is a transnational menace in the sense that it cuts across borders. The most critical challenges of the information society have been the security of digital data and information systems and the prevention of the malicious misuse of information communications technologies by cyber criminals, terrorist groups, or state actors. Measures to address these security challenges of the information society birthed a concept known as “cyber security”. Cyber security seeks to promote and ensure the overall security of digital information and information systems with a view to securing the information society. Thus, the concept is broadly concerned with social, legal, regulatory and technological measures that will ensure the integrity, confidentiality, availability and the overall security of digital information and information systems in order to achieve a high degree of trust and security necessary for the development of a sustainable information cyber space. This dissertation contends that, on the one hand, International laws are behind in providing proper regulatory coverage for cybercrime, while, on the other hand, existing regulations have largely been unsuccessful in containing cyber security threats primarily due to complications caused by the disharmonization of cyber security laws and regulation. This dissertation also attempts to discuss the legal and regulatory aspects of cyber security in International law. An analysis of international, regional and national regulatory responses to cyber security in both developed and developing countries was made. It calls attention to the limits and challenges of these regulatory responses in the promotion of cyber security and explores several regulatory measures to address the highlighted challenges with a view to promoting global cyber security. It suggests several regulatory measures to enhance global cyber security and also emphasizes the need for the collective responsibility of states for global cyber security

Mapping Crisis: Participation, Datafication, and Humanitarianism in the Age of Digital Mapping

This book brings together critical perspectives on the role that mapping people, knowledges and data now plays in humanitarian work, both in cartographic terms and through data visualisations. Since the rise of Google Earth in 2005, there has been an explosion in the use of mapping tools to quantify and assess the needs of the poor, including those affected by climate change and the wider neo-liberal agenda. Yet, while there has been a huge upsurge in the data produced around these issues, the representation of people remains questionable. Some have argued that representation has diminished in humanitarian crises as people are increasingly reduced to data points. In turn, this data becomes ever more difficult to analyse without vast computing power, leading to a dependency on the old colonial powers to refine the data of the poor, before selling it back to them. These issues are not entirely new, and questions around representation, participation and humanitarianism can be traced back beyond the speeches of Truman, but the digital age throws these issues back to the fore, as machine learning, algorithms and big data centres take over the process of mapping the subjugated and subaltern. This book questions whether, as we map crises, it is the map itself that is in crisis

Migration, Mobility and Human Rights at the Eastern Border of the European Union - Space of Freedom and Security

This edited collection of migration papers would like to emphasise the acute need for migration related study and research in Romania. At this time, migration and mobility are studied as minor subjects in Economics, Sociology, Political Sciences and European Studies only (mostly at post-graduate level). We consider that Romanian universities need more ‘migration studies’, while research should cover migration as a whole, migration and mobility being analysed from different points of view – social, economical, legal etc. Romania is part of the European Migration Space not only as a source of labourers for the European labour market, but also as source of quality research for the European scientific arena. Even a country located at the eastern border of the European Union, we consider Romania as part of the European area of freedom, security and justice, and therefore interested in solving correctly all challenges incurred by the complex phenomena of migration and workers’ mobility at the European level. The waves of illegal immigrants arriving continuously on the Spanish, Italian and Maltese shores, and the workers’ flows from the new Member States from Central and Eastern Europe following the 2004 accession, forced the EU officials and the whole Europe to open the debate on the economical and mostly social consequences of labour mobility. This study volume is our contribution to this important scientific debate. Starting with the spring of 2005, the Jean Monnet European Centre of Excellence and the School of High Comparative European Studies (SISEC), both within the West University of Timisoara, have proposed a series of events in order to raise the awareness of the Romanian scientific environment on this very sensitive issues: migration and mobility in the widen European Space. An annual international event to celebrate 9 May - The Europe Day was already a tradition for SISEC (an academic formula launched back in 1995 in order to prepare national experts in European affairs, offering academic post-graduate degrees in High European Studies). With the financial support from the Jean Monnet Programme (DG Education and Culture, European Commission), a first migration panel was organised in the framework of the international colloquium ‘Romania and the European Union in 2007’ held in Timisoara between 6 and 7 of May 2005 (panel Migration, Asylum and Human Rights at the Eastern Border of the European Union). Having in mind the positive welcoming of the migration related subjects during the 2005 colloquium, a second event was organised on 5 May 2006 in the framework of the European Year of Workers’ Mobility: the international colloquium Migration and Mobility: Assets and Challenges for the Enlargement of the European Union. In the same period, the Jean Monnet European Centre of Excellence, SISEC and The British Council in Bucharest have jointly edited two special issues of The Romanian Journal of European Studies, no.4/2005 and 5-6/2006, both dedicated to migration and mobility. Preliminary versions of many of the chapters of this volume were presented at the above mentioned international events. The papers were chosen according to their scientific quality, after an anonymously peer-review selection. The authors debate both theoretical issues and practical results of their research. They are renowned experts at international level, members of the academia, PhD students or experienced practitioners involved in the management of the migration flows at the governmental level. This volume was financed by the Jean Monnet Programme of the Directorate General Education and Culture, European Commission, throughout the Jean Monnet European Centre of Excellence (C03/0110) within the West University of Timisoara, Romania, and is dedicated to the European Year of Workers’ Mobility 2006. Timisoara, December 200