FAIR: Forwarding Accountability for Internet Reputability

This paper presents FAIR, a forwarding accountability mechanism that incentivizes ISPs to apply stricter security policies to their customers. The Autonomous System (AS) of the receiver specifies a traffic profile that the sender AS must adhere to. Transit ASes on the path mark packets. In case of traffic profile violations, the marked packets are used as a proof of misbehavior. FAIR introduces low bandwidth overhead and requires no per-packet and no per-flow state for forwarding. We describe integration with IP and demonstrate a software switch running on commodity hardware that can switch packets at a line rate of 120 Gbps, and can forward 140M minimum-sized packets per second, limited by the hardware I/O subsystem. Moreover, this paper proposes a "suspicious bit" for packet headers - an application that builds on top of FAIR's proofs of misbehavior and flags packets to warn other entities in the network.Comment: 16 pages, 12 figure

Accountable infrastructure and its impact on internet security and privacy

The Internet infrastructure relies on the correct functioning of the basic underlying protocols, which were designed for functionality. Security and privacy have been added post hoc, mostly by applying cryptographic means to different layers of communication. In the absence of accountability, as a fundamental property, the Internet infrastructure does not have a built-in ability to associate an action with the responsible entity, neither to detect or prevent misbehavior. In this thesis, we study accountability from a few different perspectives. First, we study the need of having accountability in anonymous communication networks as a mechanism that provides repudiation for the proxy nodes by tracing back selected outbound traffic in a provable manner. Second, we design a framework that provides a foundation to support the enforcement of the right to be forgotten law in a scalable and automated manner. The framework provides a technical mean for the users to prove their eligibility for content removal from the search results. Third, we analyze the Internet infrastructure determining potential security risks and threats imposed by dependencies among the entities on the Internet. Finally, we evaluate the feasibility of using hop count filtering as a mechanism for mitigating Distributed Reflective Denial-of-Service attacks, and conceptually show that it cannot work to prevent these attacks.Die Internet-Infrastrutur stützt sich auf die korrekte Ausführung zugrundeliegender Protokolle, welche mit Fokus auf Funktionalität entwickelt wurden. Sicherheit und Datenschutz wurden nachträglich hinzugefügt, hauptsächlich durch die Anwendung kryptografischer Methoden in verschiedenen Schichten des Protokollstacks. Fehlende Zurechenbarkeit, eine fundamentale Eigenschaft Handlungen mit deren Verantwortlichen in Verbindung zu bringen, verhindert jedoch, Fehlverhalten zu erkennen und zu unterbinden. Diese Dissertation betrachtet die Zurechenbarkeit im Internet aus verschiedenen Blickwinkeln. Zuerst untersuchen wir die Notwendigkeit für Zurechenbarkeit in anonymisierten Kommunikationsnetzen um es Proxyknoten zu erlauben Fehlverhalten beweisbar auf den eigentlichen Verursacher zurückzuverfolgen. Zweitens entwerfen wir ein Framework, das die skalierbare und automatisierte Umsetzung des Rechts auf Vergessenwerden unterstützt. Unser Framework bietet Benutzern die technische Möglichkeit, ihre Berechtigung für die Entfernung von Suchergebnissen nachzuweisen. Drittens analysieren wir die Internet-Infrastruktur, um mögliche Sicherheitsrisiken und Bedrohungen aufgrund von Abhängigkeiten zwischen den verschiedenen beteiligten Entitäten zu bestimmen. Letztlich evaluieren wir die Umsetzbarkeit von Hop Count Filtering als ein Instrument DRDoS Angriffe abzuschwächen und wir zeigen, dass dieses Instrument diese Art der Angriffe konzeptionell nicht verhindern kann

MI: Cross-layer Malleable Identity

Abstract-Access to Internet services is granted based on application-layer user identities, which also offer accountability. The revered layered network model dictates a disparate networklayer identity scheme for systems. We challenge this religious layered model adherence by demonstrating the practical benefits derived from a cross-layer identity scheme. Instead of a rigid identity, our malleable identity (MI) scheme empowers a traffic originator to fine-tune, on a per-case basis if necessary, her 3rd-party issued identity attributes embedded in an identity voucher (IV). When tagged to traffic, IVs benefit users, the Internet and services. A user can (a) control her traffic identifiability, ranging from anonymous, pseudonymous to personallyidentifiable through attributes fine-tuning and (b) enjoy Internetwide Single-Sign On (SSO) to network-layer Internet resources and application-layer services through IV persistence, without privacy loss naturally associated with SSO. The Internet and services can prioritize traffic, using IV attributes, as defense against Denial-of-Capability (DoC), Distributed Denial-of-Service (DDoS) and Border Gateway Protocol (BGP) prefix hijack/route forgery. MI is protocol/architecture-agnostic, and backwards/forwards compatible

Economic issues in distributed computing

textOn the Internet, one of the essential characteristics of electronic commerce is the integration of large-scale computer networks and business practices. Commercial servers are connected through open and complex communication technologies, and online consumers access the services with virtually unpredictable behavior. Both of them as well as the e-Commerce infrastructure are vulnerable to cyber attacks. Among the various network security problems, the Distributed Denial-of-Service (DDoS) attack is a unique example to illustrate the risk of commercial network applications. Using a massive junk traffic, literally anyone on the Internet can launch a DDoS attack to flood and shutdown an eCommerce website. Cooperative technological solutions for Distributed Denial-of-Service (DDoS) attacks are already available, yet organizations in the best position to implement them lack incentive to do so, and the victims of DDoS attacks cannot find effective methods to motivate the organizations. Chapter 1 discusses two components of the technological solutions to DDoS attacks: cooperative filtering and cooperative traffic smoothing by caching, and then analyzes the broken incentive chain in each of these technological solutions. As a remedy, I propose usage-based pricing and Capacity Provision Networks, which enable victims to disseminate enough incentive along attack paths to stimulate cooperation against DDoS attacks. Chapter 2 addresses possible Distributed Denial-of-Service (DDoS) attacks toward the wireless Internet including the Wireless Extended Internet, the Wireless Portal Network, and the Wireless Ad Hoc network. I propose a conceptual model for defending against DDoS attacks on the wireless Internet, which incorporates both cooperative technological solutions and economic incentive mechanisms built on usage-based fees. Cost-effectiveness is also addressed through an illustrative implementation scheme using Policy Based Networking (PBN). By investigating both technological and economic difficulties in defense of DDoS attacks which have plagued the wired Internet, our aim here is to foster further development of wireless Internet infrastructure as a more secure and efficient platform for mobile commerce. To avoid centralized resources and performance bottlenecks, online peer-to-peer communities and online social network have become increasingly popular. In particular, the recent boost of online peer-to-peer communities has led to exponential growth in sharing of user-contributed content which has brought profound changes to business and economic practices. Understanding the dynamics and sustainability of such peer-to-peer communities has important implications for business managers. In Chapter 3, I explore the structure of online sharing communities from a dynamic process perspective. I build an evolutionary game model to capture the dynamics of online peer-to-peer communities. Using online music sharing data collected from one of the IRC Channels for over five years, I empirically investigate the model which underlies the dynamics of the music sharing community. Our empirical results show strong support for the evolutionary process of the community. I find that the two major parties in the community, namely sharers and downloaders, are influencing each other in their dynamics of evolvement in the community. These dynamics reveal the mechanism through which peer-to-peer communities sustain and thrive in a constant changing environment.Information, Risk, and Operations Management (IROM

Packet filter performance monitor (anti-DDOS algorithm for hybrid topologies)

DDoS attacks are increasingly becoming a major problem. According to Arbor Networks, the largest DDoS attack reported by a respondent in 2015 was 500 Gbps. Hacker News stated that the largest DDoS attack as of March 2016 was over 600 Gbps, and the attack targeted the entire BBC website. With this increasing frequency and threat, and the average DDoS attack duration at about 16 hours, we know for certain that DDoS attacks will not be going away anytime soon. Commercial companies are not effectively providing mitigation techniques against these attacks, considering that major corporations face the same challenges. Current security appliances are not strong enough to handle the overwhelming traffic that accompanies current DDoS attacks. There is also a limited research on solutions to mitigate DDoS attacks. Therefore, there is a need for a means of mitigating DDoS attacks in order to minimize downtime. One possible solution is for organizations to implement their own architectures that are meant to mitigate DDoS attacks. In this dissertation, we present and implement an architecture that utilizes an activity monitor to change the states of firewalls based on their performance in a hybrid network. Both firewalls are connected inline. The monitor is mirrored to monitor the firewall states. The monitor reroutes traffic when one of the firewalls become overwhelmed due to a HTTP DDoS flooding attack. The monitor connects to the API of both firewalls. The communication between the rewalls and monitor is encrypted using AES, based on PyCrypto Python implementation. This dissertation is structured in three parts. The first found the weakness of the hardware firewall and determined its threshold based on spike and endurance tests. This was achieved by flooding the hardware firewall with HTTP packets until the firewall became overwhelmed and unresponsive. The second part implements the same test as the first, but targeted towards the virtual firewall. The same parameters, test factors, and determinants were used; however a different load tester was utilized. The final part was the implementation and design of the firewall performance monitor. The main goal of the dissertation is to minimize downtime when network firewalls are overwhelmed as a result of a DDoS attack