This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based Multicast
January-March 2006 (vol. 3 no. 1)
pp. 45-61
We propose a framework and methodology for quantifying the effect of denial of service (DoS) attacks on a distributed system. We present a systematic study of the resistance of gossip-based multicast protocols to DoS attacks. We show that even distributed and randomized gossip-based protocols, which eliminate single points of failure, do not necessarily eliminate vulnerabilities to DoS attacks. We propose Drum—a simple gossip-based multicast protocol that eliminates such vulnerabilities. Drum was implemented in Java and tested on a large cluster. We show, using closed-form mathematical analysis, simulations, and empirical tests, that Drum survives severe DoS attacks.

[1] K.P. Birman, M. Hayden, O. Ozkasap, Z. Xiao, M. Budiu, and Y. Minsky, “Bimodal Multicast,” ACM Trans. Computer Systems (TOCS), vol. 7, no. 2, pp. 41-88, 1999.
[2] R.K.C. Chang, “Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial,” IEEE Comm. Magazine, vol. 40, pp. 42-51, Oct. 2002.
[3] Cisco Systems, “Defining Strategies to Protect against TCP SYN Denial of Service Attacks,” http://www.cisco.com/warp/public/7074.html , 2006.
[4] CSI/FBI, “Computer Crime and Security Survey,” http://www. gocsi.com/forms/fbipdf.jhtml , 2003.
[5] A. Demers, D. Greene, C. Hauser, W. Irish, J. Larson, S. Shenker, H. Stuygis, D. Swinehart, and D. Terry, “Epidemic Algorithms for Replicated Database Maintenance,” Proc. Sixth ACM Symp. Principles of Distributed Computing (PODC), pp. 1-12, 1987.
[6] P.T. Eugster, R. Guerraoui, S.B. Handurukande, A.M. Kermarrec, and P. Kouznetsov, “Lightweight Probabilistic Broadcast,” Proc. Int'l Conf. Dependable Systems and Networks (DSN), 2001.
[7] X. Geng and A.B. Whinston, “Defeating Distributed Denial of Service Attacks,” IEEE IT Professional, pp. 46-51, July/Aug. 2000.
[8] I. Gupta, A.-M. Kermarrec, and A.J. Ganesh, “Efficient Epidemic-Style Protocols for Reliable and Scalable Multicast,” Proc. 21st IEEE Int'l Symp. Reliable Distributed Systems (SRDS), pp. 180-189, Oct. 2002.
[9] I. Gupta, R. van Renesse, K.P. Birman, “Scalable Fault-Tolerant Aggregation in Large Process Groups,” Proc. Int'l Conf. Dependable Systems and Networks (DSN), pp. 433-442, 2001.
[10] Juniper Networks, “The Need for Pervasive Application-Level Attack Protection,” http://itresearch.forbes.com/detail/RES 1067617852_959.html, 2006.
[11] R.M. Karp, C. Schindelhauer, S. Shenker, and B. Vocking, “Randomized Rumor Spreading,” Proc. IEEE Symp. Foundations of Computer Science, pp. 565-574, 2000.
[12] A.-M. Kermarrec, L. Massouli, and A.J. Ganesh, “Probabilistic Reliable Dissemination in Large-Scale Systems,” IEEE Trans. Parallel and Distributed Systems, vol. 14, no. 3, pp. 248-258, Mar. 2003.
[13] M.J. Lin and K. Marzullo, “Directional Gossip: Gossip in a Wide Area Network,” Proc. European Dependable Computing Conf. (EDCC), pp. 364-379, 1999.
[14] M.J. Lin, K. Marzullo, and S. Masini, “Gossip versus Deterministically Constrained Flooding on Small Networks,” Proc. 14th Int'l Symp. DIStributed Computing (DISC), pp. 253-267, 2000.
[15] P. Linga, I. Gupta, and K. Birman, “A Churn-Resistant Peer-to-Peer Web Caching System,” Proc. ACM Workshop Survivable and Self-Regenerative Systems, Oct. 2003.
[16] D. Malkhi, Y. Mansour, and M.K. Reiter, “Diffusion without False Rumors: On Propagating Updates in a Byzantine Environment,” Theoretical Computer Science, vol. 299, nos. 1-3, pp. 289-306, Apr. 2003.
[17] D. Malkhi, E. Pavlov, and Y. Sella, “Optimal Unconditional Information Diffusion,” Proc. 15th Int'l Symp. DIStributed Computing (DISC), 2001.
[18] D. Malkhi, M.K. Reiter, O. Rodeh, and Y. Sella, “Efficient Update Diffusion in Byzantine Environments,” Proc. 20th IEEE Int'l Symp. Reliable Distributed Systems (SRDS), Oct. 2001.
[19] Y.M. Minsky and F.B. Schneider, “Tolerating Malicious Gossip,” Distributed Computing, vol. 16, no. 1, pp. 49-68, Feb. 2003.
[20] D. Moore, G. Voelker, and S. Savage, “Inferring Internet Denial-of-Service Activity,” Proc. 10th USENIX Security Symp., pp. 9-22, Aug. 2001.
[21] NetContinuum, “Web Application Firewall: How NetContinuum Stops the 21 Classes of Web Application Threats,” http://www.netcontinuum.com/products/whitePapers getPDF. cfm?n=NC_WhitePaper_WebFirewall.pdf , 2006.
[22] P-Cube, “Dos Protection,” http://www.p-cube.com/new_solutionsservice_DoS.shtml , 2006.
[23] P-Cube, “Minimizing the Effects of Dos Attacks,” http://www.juniper.net/solutions/literature/ app_note350001.pdf, 2006.
[24] B. Pittel, “On Spreading a Rumor,” SIAM J. Applied Math., vol. 47, no. 1, pp. 213-223, Feb. 1987.
[25] Riverhead Networks, “Products Overview,” http://www.river head.com/prindex.html, 2004.
[26] L. Rodrigues and R.G. A.-M.K.S. Handurukande, and J. Pereira, “Adaptive Gossip-Based Broadcast,” Proc. Int'l Conf. Dependable Systems and Networks (DSN), pp. 47-56, June 2003.
[27] C.L. Schuba, I.V. Krsul, M.G. Kuhn, E.H. Spafford, A. Sundaram, and D. Zamboni, “Analysis of a Denial of Service Attack on TCP,” Proc. 1997 IEEE Symp. Security and Privacy, pp. 208-223, May 1997.
[28] S. Staniford, V. Paxson, and N. Weaver, “How to Own the Internet in Your Spare Time,” Proc. 11th USENIX Security Symp., pp. 149-167, Aug. 2002.
[29] S. de Vries, “Application Denial of Service Attacks,” http://www.corsaire.com/white-papers040405-application-level-dos-attacks.pdf , 2006
[30] J. Wang, L. Lu, and A.A. Chien, “Tolerating Denial-of-Service Attacks Using Overlay Networks— Impact of Overlay Network Topology,” Proc. ACM Workshop Survivable and Self-Regenerative Systems, Oct. 2003.
[31] E.W. Weisstein, CRC Concise Encyclopedia of Mathematics. CRC Press, 1998.
[32] B. White, J. Lepreau, L. Stoller, R. Ricci, S. Guruprasad, M. Newbold, M. Hibler, C. Barb, and A. Joglekar, “An Integrated Experimental Environment for Distributed Systems and Networks,” Proc. Fifth Symp. Operating Systems Design and Implementation, pp. 255-270, Dec. 2002.
[33] L. Zhou, F.B. Schneider, and R. van Renesse, “COCA: A Secure Distributed Online Certification Authority,” ACM Trans. Computer Systems, vol. 20, no. 4, pp. 329-368, 2002.

Index Terms:
Distributed applications, reliability, availability, and serviceability, distributed programming.
Citation:
Gal Badishi, Idit Keidar, Amir Sasson, "Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based Multicast," IEEE Transactions on Dependable and Secure Computing, vol. 3, no. 1, pp. 45-61, Jan.-March 2006, doi:10.1109/TDSC.2006.12
Usage of this product signifies your acceptance of the Terms of Use.