On the Vulnerability of Hardware Hash Tables to Sophisticated Attacks

  • Udi Ben-Porat
  • Anat Bremler-Barr
  • Hanoch Levy
  • Bernhard Plattner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7289)


Peacock and Cuckoo hashing schemes are currently the most studied hash implementations for hardware network systems (such as NIDS, Firewalls, etc.). In this work we evaluate their vulnerability to sophisticated complexity Denial of Service (DoS) attacks. We show that an attacker can use insertion of carefully selected keys to hit the Peacock and Cuckoo hashing schemes at their weakest points. For the Peacock Hashing, we show that after the attacker fills up only a fraction (typically 5% − 10%) of the buckets, the table completely loses its ability to handle collisions, causing the discard rate (of new keys) to increase dramatically (100 − 1,800 times higher). For the Cuckoo Hashing, we show an attack that can impose on the system an excessive number of memory accesses and degrade its performance. We analyze the vulnerability of the system as a function of the critical parameters and provide simulations results as well.


Hash Table Intrusion Detection System Regular User Malicious User Drop Probability 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Smith, R., Estan, C., Jha, S.: Backtracking Algorithmic Complexity Attacks Against a NIDS. In: Proceedings of ACSAC Annual Computer Security Applications Conference (2006)Google Scholar
  2. 2.
    Crosby, S., Wallach, D.: Denial of Service via Algorithmic Complexity Attacks. In: Proceedings of USENIX Security Symposium (2003)Google Scholar
  3. 3.
    Kumar, S., Turner, J., Crowley, P.: Peacock Hash: Fast and Updatable Hashing for High Performance Packet Processing Algorithms. In: Proceedings of IEEE INFOCOM (2008)Google Scholar
  4. 4.
    Pagh, R., Rodler, F.: Cuckoo Hashing. Journal of Algorithms (2001)Google Scholar
  5. 5.
    Mitzenmacher, M., Broder, A.: Using Multiple Hash Functions to Improve IP Lookups. In: Proceedings of IEEE INFOCOM (2000)Google Scholar
  6. 6.
    Song, H., Dharmapurikar, S., Turner, J., Lockwood, J.: Fast Hash Table Lookup Using Extended Bloom Filter: An Aid to Network Processing. In: Proceedings of ACM SIGCOMM (2005)Google Scholar
  7. 7.
    Waldvogel, M., Varghese, G., Turner, J., Plattner, B.: Scalable High Speed IP Routing Lookups. In: Proceedings of ACM SIGCOMM (1997)Google Scholar
  8. 8.
    Thinh, T., Kittitornkun, S.: Massively Parallel Cuckoo Pattern Matching Applied for NIDS/NIPS. In: Proceedings of IEEE DELTA (2010)Google Scholar
  9. 9.
    Kirsch, A., Mitzenmacher, M., Varghese, G.: Hash-Based Techniques for High-Speed Packet Processing. Algorithms for Next Generation Networks. Springer (2010)Google Scholar
  10. 10.
    Ben-Porat, U., Bremler-Barr, A., Levy, H.: Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks. In: Proceedings of IEEE INFOCOM (2008)Google Scholar
  11. 11.
    Ben-Porat, U., Bremler-Barr, A., Levy, H., Plattner, B.: On the Vulnerability of Hardware Hash Tables to Sophisticated Attacks. Technical Report (2011),
  12. 12.
    Kirsch, A., Mitzenmacher, M., Wieder, U.: More Robust Hashing: Cuckoo Hashing with a Stash. In: Halperin, D., Mehlhorn, K. (eds.) ESA 2008. LNCS, vol. 5193, pp. 611–622. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Fotakis, D., Pagh, R., Sanders, P., Spirakis, P.: Space Efficient Hash Tables with Worst Case Constant Access Time. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 271–282. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Frieze, A., Melsted, P., Mitzenmacher, M.: An Analysis of Random-Walk Cuckoo Hashing. In: Dinur, I., Jansen, K., Naor, J., Rolim, J. (eds.) APPROX and RANDOM 2009. LNCS, vol. 5687, pp. 490–503. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Kirsch, A., Mitzenmacher, M.: The Power of One Move: Hashing Schemes for Hardware. IEEE/ACM Transactions on Networking 18(6), 1752–1765 (2010)CrossRefGoogle Scholar
  16. 16.
    Estan, C., Keys, K., Moore, D., Varghese, G.: Building a Better NetFlow. In: Proceedings of ACM SIGCOMM (2004)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Udi Ben-Porat
    • 1
  • Anat Bremler-Barr
    • 2
  • Hanoch Levy
    • 3
  • Bernhard Plattner
    • 1
  1. 1.Computer Engineering and Networks LaboratoryETH ZurichSwitzerland
  2. 2.Computer Science Dept.Interdisciplinary CenterHerzliyaIsrael
  3. 3.Computer Science Dept.Tel-Aviv UniversityTel-AvivIsrael

Personalised recommendations