Abstract
We consider the problem of designing scalable and robust information systems based on multiple servers that can survive even massive denial-of-service (DoS) attacks. More precisely, we are focusing on designing a scalable distributed hash table (DHT) that is robust against so-called past insider attacks. In a past insider attack, an adversary knows everything about the system up to some time point t 0 not known to the system. After t 0, the adversary can attack the system with a massive DoS attack in which it can block a constant fraction of the servers of its choice. Yet, the system should be able to survive such an attack in a sense that for any set of lookup requests, one per non-blocked (i.e., non-DoS attacked) server, every lookup request to a data item that was last updated after t 0 can be served by the system, and processing all the requests just needs polylogarithmic time and work at every server. We show that such a system can be designed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andersen, D.G.: Mayday: Distributed filtering for internet services. In: 4th Usenix Symp. on Internet Technologies and Systems (2003)
Awerbuch, B., Scheideler, C.: Towards a scalable and robust DHT. In: Proc. of the 18th ACM Symp. on Parallel Algorithms and Architectures (SPAA), ACM Press, New York (2006), http://www14.in.tum.de/personen/scheideler
Druschel, P., Rowstron, A.: Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In: Middleware 2001. Proc. of the 18th IFIP/ACM International Conference on Distributed Systems Platforms, ACM Press, New York (2001)
Dittrich, D., Mirkovic, J., Dietrich, S., Reiher, P.: Internet Denial of Service: Attack and Defense Mechanisms. Prentice Hall PTR, Englewood Cliffs (2005)
Karger, D., Lehman, E., Leighton, T., Levine, M., Lewin, D., Panigrahi, R.: Consistent hashing and random trees: Distributed caching protocols for relieving hot spots on the World Wide Web. In: Proc. of the 29th ACM Symp. on Theory of Computing (STOC), pp. 654–663. ACM Press, New York (1997)
Kargl, F., Maier, J., Weber, M.: Protecting web servers from distributed denial of service attacks. World Wide Web, pp. 514–524 (2001)
Karp, R., Shenker, S., Schindelhauer, C., Vöcking, B.: Randomized rumor spreading. In: Proc. of the 41st IEEE Symp. on Foundations of Computer Science (FOCS), pp. 565–574. IEEE Computer Society Press, Los Alamitos (2000)
Keromytis, A.D., Misra, V., Rubenstein, D.: SOS: Secure Overlay Services. In: Proc. of ACM SIGCOMM, pp. 61–72. ACM Press, New York (2002)
Lakshminarayanan, K., Adkins, D., Perrig, A., Stoica, I.: Taming ip packet flooding attacks (2003)
Lawton, G.: Stronger domain name system thwarts root-server attacks. IEEE Computer, 14–17 (May 2007)
Mehlhorn, K., Vishkin, U.: Randomized and deterministic simulations of PRAMs by parallel machines with restricted granularity of parallel mamories. Acta Informatica 21, 339–374 (1984)
Mirkovic, J., Reiher, P.: A taxonomy of ddos attacks and defense mechanisms. ACM SIGCOMM Computer Communications Review 34(2) (2004)
Morein, W.G., Stavrou, A., Cook, D.L., Keromytis, A.D., Misra, V., Rubenstein, D.: Using graphic turing tests to counter automated ddos attacks against web servers. In: Proc. of the 10th ACM Int. Conference on Computer and Communications Security (CCS), pp. 8–19. ACM Press, New York (2003)
Naor, M., Wieder, U.: Novel architectures for P2P applications: the continuous-discrete approach. In: Proc. of the 15th ACM Symp. on Parallel Algorithms and Architectures (SPAA), ACM Press, New York (2003)
Oikonomou, G., Mirkovic, J., Reiher, P., Robinson, M.: A framework for collaborative ddos defense. In: Jesshope, C., Egan, C. (eds.) ACSAC 2006. LNCS, vol. 4186, Springer, Heidelberg (2006)
Padmanabhan, V.N., Sripanidkulchai, K.: The case for cooperative networking. In: Proc. of the 1st International Workshop on Peer-to-Peer Systems (IPTPS) (2002)
Plaxton, G., Rajaraman, R., Richa, A.W.: Accessing nearby copies of replicated objects in a distributed environment. In: Proc. of the 9th ACM Symp. on Parallel Algorithms and Architectures (SPAA), pp. 311–320. ACM Press, New York (1997)
Ratnasamy, S., Francis, P., Handley, M., Karp, R., Shenker, S.: A scalable content-addressable network. In: Proc. of the ACM SIGCOMM 2001, ACM Press, New York (2001)
Stading, T., Maniatis, P., Baker, M.: Peer-to-peer caching schemes to address flash crowds. In: Proc. of the 1st International Workshop on Peer-to-Peer Systems (IPTPS) (2002)
Stavron, A., Rubenstein, D., Sahn, S.: A lightweight robust P2P system to handle flash crowds. In: Proc. of the IEEE Intl. Conf. on Network Protocols (ICNP), IEEE Computer Society Press, Los Alamitos (2002)
Stavrou, A., Cook, D.L., Morein, W.G., Keromytis, A.D., Misra, V., Rubenstein, D.: Websos: An overlay-based system for protecting web servers from denial of service attacks (2005)
Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H.: Chord: A scalable peer-to-peer lookup service for Internet applications. In: Proc. of the ACM SIGCOMM 2001, ACM Press, New York (2001), http://www.pdos.lcs.mit.edu/chord/
Yang, X., Wetherall, D., Anderson, T.: A dos-limiting network architecture. In: Proc. of the ACM SIGCOMM, ACM Press, New York (2005)
Zhao, B.Y., Kubiatowicz, J., Joseph, A.: Tapestry: An infrastructure for fault-tolerant wide-area location and routing. Technical report, UCB/CSD-01-1141, University of California at Berkeley (2001), See also http://www.cs.berkeley.edu/~ravenben/tapestry
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Awerbuch, B., Scheideler, C. (2007). A Denial-of-Service Resistant DHT. In: Pelc, A. (eds) Distributed Computing. DISC 2007. Lecture Notes in Computer Science, vol 4731. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75142-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-75142-7_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75141-0
Online ISBN: 978-3-540-75142-7
eBook Packages: Computer ScienceComputer Science (R0)