Mitigating DDoS attacks using OpenFlow-based software defined networking

Over the last years, Distributed Denial-of-Service (DDoS) attacks have become an increasing threat on the Internet, with recent attacks reaching traffic volumes of up to 500 Gbps. To make matters worse, web-based facilities that offer “DDoS-as-a-service” (i.e., Booters) allow for the layman to launch attacks in the order of tens of Gbps in exchange for only a few euros. A recent development in networking is the principle of Software Defined Networking (SDN), and related technologies such as OpenFlow. In SDN, the control plane and data plane of the network are decoupled. This has several advantages, such as centralized control over forwarding decisions, dynamic updating of forwarding rules, and easier and more flexible network configuration. Given these advantages, we expect SDN to be well-suited for DDoS attack mitigation. Typical mitigation solutions, however, are not built using SDN. In this paper we propose to design and to develop an OpenFlow-based mitigation architecture for DDoS attacks. The research involves looking at the applicability of OpenFlow, as well as studying existing solutions built on other technologies. The research is as yet in its beginning phase and will contribute towards a Ph.D. thesis after four years

In-network quality optimization for adaptive video streaming services

HTTP adaptive streaming (HAS) services allow the quality of streaming video to be automatically adapted by the client application in face of network and device dynamics. Due to their advantages compared to traditional techniques, HAS-based protocols are widely used for over-the-top (OTT) video streaming. However, they are yet to be adopted in managed environments, such as ISP networks. A major obstacle is the purely client-driven design of current HAS approaches, which leads to excessive quality oscillations, suboptimal behavior, and the inability to enforce management policies. Moreover, the provider has no control over the quality that is provided, which is essential when offering a managed service. This article tackles these challenges and facilitates the adoption of HAS in managed networks. Specifically, several centralized and distributed algorithms and heuristics are proposed that allow nodes inside the network to steer the HAS client's quality selection process. The algorithms are able to enforce management policies by limiting the set of available qualities for specific clients. Additionally, simulation results show that by coordinating the quality selection process across multiple clients, the proposed algorithms significantly reduce quality oscillations by a factor of five and increase the average delivered video quality by at least 14%

Threat Landscape and Good Practice Guide for Software Defined Networks/5G

5G represents the next major phase of mobile telecommunication systems and network architectures beyond the current 4G standards, aiming at extreme broadband and ultra-robust, low latency connectivity, to enable the programmable connectivity for the Internet of Everything2. Despite the significant debate on the technical specifications and the technological maturity of 5G, which are under discussion in various fora3, 5G is expected to affect positively and significantly several industry sectors ranging from ICT to industry sectors such as car and other manufacturing, health and agriculture in the period up to and beyond 2020. 5G will be driven by the influence of software on network functions, known as Software Defined Networking (SDN) and Network Function Virtualization (NFV). The key concept that underpins SDN is the logical centralization of network control functions by decoupling the control and packet forwarding functionality of the network. NFV complements this vision through the virtualization of these functionalities based on recent advances in general server and enterprise IT virtualization. Considering the technological maturity of the technologies that 5G can leverage on, SDN is the one that is moving faster from development to production. To realize the business potential of SDN/5G, a number of technical issues related to the design and operation of Software Defined Networks need to be addressed. Amongst them, SDN/5G security is one of the key issues, that needs to be addressed comprehensively in order to avoid missing the business opportunities arising from SDN/5G. In this report, we review threats and potential compromises related to the security of SDN/5G networks. More specifically, this report contains a review of the emerging threat landscape of 5G networks with particular focus on Software Defined Networking. It also considers security of NFV and radio network access. To provide a comprehensive account of the emerging threat SDN/5G landscape, this report has identified related network assets and the security threats, challenges and risks arising for these assets. Driven by the identified threats and risks, this report has also reviewed and identified existing security mechanisms and good practices for SDN/5G/NFV, and based on these it has analysed gaps and provided technical, policy and organizational recommendations for proactively enhancing the security of SDN/5G

Improving SNI-based HTTPS Security Monitoring

International audienceRecent surveys show that the proportion of encrypted web traffic is quickly increasing. On one side, it provides users with essential properties of security and privacy, but on the other side, it raises important challenges and issues for organizations, related to the security monitoring of encrypted traffic (filtering, anomaly detection, etc.). This paper proposes to improve a recent technique for HTTPS traffic monitoring that is based on the Server Name Indication (SNI) field of TLS and which has been implemented in many firewall solutions. This method currently has some weaknesses that can be used to bypass firewalls by overwriting the SNI value of new TLS connections. Our investigation shows that 92% of the HTTPS websites surveyed in this paper can be accessed with a fake SNI. Our approach verifies the coherence between the real destination server and the claimed value of SNI by relying on a trusted DNS service. Experimental results show the ability to overcome the shortage of SNI-based monitoring by detecting forged SNI values while having a very small false positive rate (1.7%). The overhead of our solution only adds negligible delays to access HTTPS websites. The proposed method opens the door to improve global HTTPS monitoring and firewall systems

Wildlife Tourism and the Gulf Coast Economy

The U.S. Gulf Coast is endowed with exceptional natural beauty and ecological diversity, including wetlands, waters, beaches, forests, and all the wildlife that inhabit them. Wildlife tourism constitutes a major regional "industry." Each year, wildlife watching, recreational fishing, and hunting draw 20 million participants annually in the five states of Alabama, Florida, Louisiana, Mississippi, and Texas. The wildlife tourism industry consists not only of wildlife guide and outfitter businesses that directly serve wildlife tourists, but also the lodging and dining establishments where they eat and sleep. Wildlife tourism depends on healthy ecosystems, which are the region's "natural capital." However, the future health and productivity of these ecosystems are in peril, in part due to natural events, such as storms, but also because human activities have altered the natural hydrology and halted natural processes, leading to severe land loss and a decrease in the health of the region's estuaries. For example, one of the most significant and far-reaching alterations is the channelization of the Mississippi River within its delta. This deltaic system has historically played a key role in the ecologic and economic well-being of the Northern Gulf of Mexico. While the channelization of the river by an extensive levee system has benefitted commerce, ports, and communities, this way of managing the river has all but stopped the natural deltaic processes that once built and maintained the regions wetlands and barrier islands. Dredging and construction of a vast network of canals and pipelines for the oil and gas industry have also caused considerable damage to the wetlands and wildlife. These human alterations, combined with natural processes, such as wetlands subsidence, extreme weather and sea-level rise, have led to a loss of nearly 1,900 square miles of land since 1932. Large-scale land loss and decrease in water quality throughout the Gulf threatens wildlife, habitats and the tourism activities they make possible. Without bold action, the Gulf Coast economy risks losing billions of dollars in revenue. In 2012, Congress passed the RESTORE Act, legislation mandating that 80% of Clean Water Act fines from the 2010 Deepwater Horizon oil spill go to the five Gulf Coast states to restore the ecosystem and economy. Supplementing the RESTORE Act funds, Gulf states are expected to receive significant new revenues from settlement of BP's criminal liability for the oil spill (administered by the National Fish and Wildlife Foundation), and from payments for damages from the spill under NRDA (the federal Natural Resource Damage Assessment process). Combined, these new revenue sources provide an unprecedented opportunity to reverse decades of harm to the Gulf Coast and to begin restoring the environment to a healthy and resilient condition.Because a healthy ecosystem is at the heart of the region's economy, restoring the Gulf ecosystem is the best way to help the region economically. Owners of wildlife tourism businesses who were interviewed for this study clearly indicated what is at stake for their industry; where ecosystems can no longer support wildlife, visitors have no reason to come. This suggests the urgency of restoring ecosystems to avoid losing a key part of the economy. Funds from the RESTORE Act and other legal settlements provide an unprecedented opportunity to protect not only the coastal environment but also one of the region's most important economic drivers

The Pan American (1997-03-20)

https://scholarworks.utrgv.edu/panamerican/1338/thumbnail.jp