Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
1 IRIS: A Robust Information System Against Insider DoS-Attacks
IRIS: A Robust Information System Against InsiderDoS-AttacksResearch Group Theory of Distributed Systems
Martina Eikel, Christian Scheideler
Goal of a Denial-of-Service (DoS)-attack: make a machine or network resourceunavailable to its intended users
Example from the real world:
October 21, 2002: DoS-attack on all 13 DNS root name servers
due to data replication, root server lookups were still possible, but significantly delayed
Motivation
2 IRIS: A Robust Information System Against Insider DoS-Attacks
Problem: complete data replication in huge storage systems is too inefficient
DoS-resistant storage systems
3 IRIS: A Robust Information System Against Insider DoS-Attacks
Scalabe storage systemes: We want to limit the storage overhead to a logarithmic factor.
DoS-resistant storage systems
4 IRIS: A Robust Information System Against Insider DoS-Attacks
Scalability: minimize replication of information
Robustness: maximize resources needed by the attacker
Fundamental dilemma
5 IRIS: A Robust Information System Against Insider DoS-Attacks
Past Insider:
knows everything about the system until an unknown time t0
can shutdown any constant fraction of the servers (for some specific constant > 0)
can create any legal set of requests
Scheideler et al. presented a storage system with the following capabilities:
Each set of requests for data items that were inserted after t0 can be served correctly(w.h.p.)The system is robust against any DoS-attack, in which at most a constant fraction of theservers is blocked (for a specific constant)
Baruch Awerbuch and Christian ScheidelerA denial-of-service resistant DHTIn: Proceedings of the 21st International Symposium on Distributed Computing (DISC), pp. 33–47,2007.
Matthias Baumgart, Christian Scheideler and Stefan SchmidA DoS-Resilient Information System for Dynamic Data ManagementIn: Proceedings of the 21st ACM Symposium on Parallelism in Algorithms and Architectures (SPAA),pp. 300–309, 2009.
Previous protocols
6 IRIS: A Robust Information System Against Insider DoS-Attacks
Past Insider:
knows everything about the system until an unknown time t0
can shutdown any constant fraction of the servers (for some specific constant > 0)
can create any legal set of requests
Scheideler et al. presented a storage system with the following capabilities:
Each set of requests for data items that were inserted after t0 can be served correctly(w.h.p.)The system is robust against any DoS-attack, in which at most a constant fraction of theservers is blocked (for a specific constant)
Baruch Awerbuch and Christian ScheidelerA denial-of-service resistant DHTIn: Proceedings of the 21st International Symposium on Distributed Computing (DISC), pp. 33–47,2007.
Matthias Baumgart, Christian Scheideler and Stefan SchmidA DoS-Resilient Information System for Dynamic Data ManagementIn: Proceedings of the 21st ACM Symposium on Parallelism in Algorithms and Architectures (SPAA),pp. 300–309, 2009.
Previous protocols
6 IRIS: A Robust Information System Against Insider DoS-Attacks
IRIS: An I nsider R esistant I nformation S ystem
A Denial-of-Service (DoS) insider attacker . . .
. . . knows everything about the system
. . . has the abilitiy to block a specific fraction of the servers
. . . may choose any valid set of lookup requests (one per non-blocked server) to be handledby the systems
IRIS is the first distributed information system with the following capabilities:
it is provably robust against any DoS-attack by a current insider, in which at most a constantfraction of the servers is blocked, i.e. each set of lookup requests for data items is servedcorrectly (w.h.p.)
it requires only a low redundancy (Basic IRIS: constant, Enhanced IRIS: logarithmic)
handling all lookup requests (one per non-blocked server) only takes a polylogarithmicnumber of rounds
Idea of IRIS: use distributed coding strategy to “smear” all data items over all servers
Our new protocol
7 IRIS: A Robust Information System Against Insider DoS-Attacks
IRIS: An I nsider R esistant I nformation S ystem
A Denial-of-Service (DoS) insider attacker . . .
. . . knows everything about the system
. . . has the abilitiy to block a specific fraction of the servers
. . . may choose any valid set of lookup requests (one per non-blocked server) to be handledby the systems
IRIS is the first distributed information system with the following capabilities:
it is provably robust against any DoS-attack by a current insider, in which at most a constantfraction of the servers is blocked, i.e. each set of lookup requests for data items is servedcorrectly (w.h.p.)
it requires only a low redundancy (Basic IRIS: constant, Enhanced IRIS: logarithmic)
handling all lookup requests (one per non-blocked server) only takes a polylogarithmicnumber of rounds
Idea of IRIS: use distributed coding strategy to “smear” all data items over all servers
Our new protocol
7 IRIS: A Robust Information System Against Insider DoS-Attacks
IRIS: An I nsider R esistant I nformation S ystem
A Denial-of-Service (DoS) insider attacker . . .
. . . knows everything about the system
. . . has the abilitiy to block a specific fraction of the servers
. . . may choose any valid set of lookup requests (one per non-blocked server) to be handledby the systems
IRIS is the first distributed information system with the following capabilities:
it is provably robust against any DoS-attack by a current insider, in which at most a constantfraction of the servers is blocked, i.e. each set of lookup requests for data items is servedcorrectly (w.h.p.)
it requires only a low redundancy (Basic IRIS: constant, Enhanced IRIS: logarithmic)
handling all lookup requests (one per non-blocked server) only takes a polylogarithmicnumber of rounds
Idea of IRIS: use distributed coding strategy to “smear” all data items over all servers
Our new protocol
7 IRIS: A Robust Information System Against Insider DoS-Attacks
1 Motivation
2 The IRIS SystemStorage strategyThe Lookup ProtocolAnalysis
3 Conclusion
Overview
8 IRIS: A Robust Information System Against Insider DoS-Attacks
n servers that know each other
set of m data items to store in the system
synchronous round model
DoS-attacker enters and inspects the entire system after its setup
attacker chooses an ε-fraction of the servers to be blocked
attacker may select an arbitrary collection of lookup requests(one per non-blocked server)
task of the system: serve all lookup requests correctly and efficiently
Our Model
9 IRIS: A Robust Information System Against Insider DoS-Attacks
Given: k data items d1, . . . ,dk ∈ {0,1}z
d1 dk. . .
�
. . .
d1 dk�1. . .
�dk
Example:
d1 = 010d2 = 110d3 = 001d4 = 111⊕
010
d′1 = 0100d′2 = 1101d′3 = 0010
⊕1d′4 = 1111
Assume: Sever that holds d2 is blocked
Goal: Restore d2 using information in d′1,d′3,d′4.
d′1 = 0 1 0 0d′2 =d′3 = 0 0 1 0d′4 = 1 1 1 1
Encoding of data items, k = logn
10 IRIS: A Robust Information System Against Insider DoS-Attacks
Given: k data items d1, . . . ,dk ∈ {0,1}z
d1 dk. . .
�
. . .
d1 dk�1. . .
�dk
Example:
d1 = 010d2 = 110d3 = 001d4 = 111⊕
010
d′1 = 0100d′2 = 1101d′3 = 0010
⊕1d′4 = 1111
Assume: Sever that holds d2 is blocked
Goal: Restore d2 using information in d′1,d′3,d′4.
d′1 = 0 1 0 0d′2 =d′3 = 0 0 1 0d′4 = 1 1 1 1
Encoding of data items, k = logn
10 IRIS: A Robust Information System Against Insider DoS-Attacks
Given: k data items d1, . . . ,dk ∈ {0,1}z
d1 dk. . .
�
. . .
d1 dk�1. . .
�dk
Example:
d1 = 010d2 = 110d3 = 001d4 = 111⊕
010
d′1 = 0100d′2 = 1101d′3 = 0010
⊕1d′4 = 1111
Assume: Sever that holds d2 is blocked
Goal: Restore d2 using information in d′1,d′3,d′4.
d′1 = 0 1 0 0d′2 =d′3 = 0 0 1 0d′4 = 1 1 1 1
Encoding of data items, k = logn
10 IRIS: A Robust Information System Against Insider DoS-Attacks
Given: k data items d1, . . . ,dk ∈ {0,1}z
d1 dk. . .
�
. . .
d1 dk�1. . .
�dk
Example:
d1 = 010d2 = 110d3 = 001d4 = 111⊕
010
d′1 = 0100d′2 = 1101d′3 = 0010
⊕1d′4 = 1111
Assume: Sever that holds d2 is blocked
Goal: Restore d2 using information in d′1,d′3,d′4.
d′1 = 0 1 0 0d′2 =d′3 = 0 0 1 0d′4 = 1 1 1 1
Encoding of data items, k = logn
10 IRIS: A Robust Information System Against Insider DoS-Attacks
Given: k data items d1, . . . ,dk ∈ {0,1}z
d1 dk. . .
�
. . .
d1 dk�1. . .
�dk
Example:
d1 = 010d2 = 110d3 = 001d4 = 111⊕
010
d′1 = 0100d′2 = 1101d′3 = 0010
⊕1d′4 = 1111
Assume: Sever that holds d2 is blocked
Goal: Restore d2 using information in d′1,d′3,d′4.
d′1 = 0 1 0 0d′2 =d′3 = 0 0 1 0d′4 = 1 1 1 1
Encoding of data items, k = logn
10 IRIS: A Robust Information System Against Insider DoS-Attacks
Given: k data items d1, . . . ,dk ∈ {0,1}z
d1 dk. . .
�
. . .
d1 dk�1. . .
�dk
Example:
d1 = 010d2 = 110d3 = 001d4 = 111⊕
010
d′1 = 0100d′2 = 1101d′3 = 0010
⊕1d′4 = 1111
Assume: Sever that holds d2 is blocked
Goal: Restore d2 using information in d′1,d′3,d′4.
d′1 = 0 1 0 0d′2 = ? ? ? ?d′3 = 0 0 1 0d′4 = 1 1 1 1
Encoding of data items, k = logn
10 IRIS: A Robust Information System Against Insider DoS-Attacks
Given: k data items d1, . . . ,dk ∈ {0,1}z
d1 dk. . .
�
. . .
d1 dk�1. . .
�dk
Example:
d1 = 010d2 = 110d3 = 001d4 = 111⊕
010
d′1 = 0100d′2 = 1101d′3 = 0010
⊕1d′4 = 1111
Assume: Sever that holds d2 is blocked
Goal: Restore d2 using information in d′1,d′3,d′4.
d′1 = 0 1 0 0d′2 = ? ? ? 1d′3 = 0 0 1 0d′4 = 1 1 1 1
Encoding of data items, k = logn
10 IRIS: A Robust Information System Against Insider DoS-Attacks
Given: k data items d1, . . . ,dk ∈ {0,1}z
d1 dk. . .
�
. . .
d1 dk�1. . .
�dk
Example:
d1 = 010d2 = 110d3 = 001d4 = 111⊕
010
d′1 = 0100d′2 = 1101d′3 = 0010
⊕1d′4 = 1111
Assume: Sever that holds d2 is blocked
Goal: Restore d2 using information in d′1,d′3,d′4.
d′1 = 0 1 0 0d′2 = ? ? ? 1d′3 = 0 0 1 0d′4 = 1 1 1 1
⊕ 0 1 0
Encoding of data items, k = logn
10 IRIS: A Robust Information System Against Insider DoS-Attacks
Given: k data items d1, . . . ,dk ∈ {0,1}z
d1 dk. . .
�
. . .
d1 dk�1. . .
�dk
Example:
d1 = 010d2 = 110d3 = 001d4 = 111⊕
010
d′1 = 0100d′2 = 1101d′3 = 0010
⊕1d′4 = 1111
Assume: Sever that holds d2 is blocked
Goal: Restore d2 using information in d′1,d′3,d′4.
d′1 = 0 1 0 0d′2 = 1 1 0 1d′3 = 0 0 1 0d′4 = 1 1 1 1
⊕ 0 1 0
Encoding of data items, k = logn
10 IRIS: A Robust Information System Against Insider DoS-Attacks
cut data items into c = Θ(logm) pieces
map data items via c hash functions to the servers
hash functions need to satisfy certain expansion properties
(randomly chosen hash functions satisfy these properties, w.h.p.)
c/4 pieces are sufficient for recovering a data item (e.g. Reed-Solomon Coding)
encode each n-tuple of data items with each other using a k-ary butterfly as underlyingtopology
Initial distribution of the data items in the system
11 IRIS: A Robust Information System Against Insider DoS-Attacks
n columns of nodes
logk n+1 levels
n/k disjoint complete bipartite subgraphs between level ` and `+1
k-ary butterfly
12 IRIS: A Robust Information System Against Insider DoS-Attacks
For each server introduce logk n+1 (virtual) nodes
Each server is responsible for the nodes in its colum
In the following:
Server: actual/real server that is part of the distributed system
Node: Artificial entities that point to servers
. . .
. . .
. . .
. . .
. . .
. . . logkn
. . .
0
Level
1 Place data items in nodes on level 0.2 Encode data items in k-blocks between level 0 and 1.3 For each level ` encode data item in k-blocks between level ` and `+1
Encoding of n data items over a k-ary butterfly, k = logn
13 IRIS: A Robust Information System Against Insider DoS-Attacks
For each server introduce logk n+1 (virtual) nodes
Each server is responsible for the nodes in its colum
In the following:
Server: actual/real server that is part of the distributed system
Node: Artificial entities that point to servers
. . .
. . .
. . .
. . .
. . .
. . . logkn
. . .
0
Level
1 Place data items in nodes on level 0.2 Encode data items in k-blocks between level 0 and 1.3 For each level ` encode data item in k-blocks between level ` and `+1
Encoding of n data items over a k-ary butterfly, k = logn
13 IRIS: A Robust Information System Against Insider DoS-Attacks
. . .
. . .
. . .
. . .
logkn
. . .
0
Level
Each two levels contain n/k disjoint k-blocks
k-blocks of each two levels form n/k complete k-bipartite graphs
1 Place data items in nodes on level 0.
2 Encode data items in k-blocks between level 0 and 1.
3 For each level ` encode data item in k-blocks between level ` and `+1
Encoding of n data items over a k-ary butterfly, k = logn
13 IRIS: A Robust Information System Against Insider DoS-Attacks
. . .
. . .
. . .
. . .
logkn
. . .
0
Level
1 Place data items in nodes on level 0.
2 Encode data items in k-blocks between level 0 and 1.
3 For each level ` encode data item in k-blocks between level ` and `+1
Encoding of n data items over a k-ary butterfly, k = logn
13 IRIS: A Robust Information System Against Insider DoS-Attacks
. . .
. . .
. . .
. . .
logkn
. . .
0
Level
1 Place data items in nodes on level 0.
2 Encode data items in k-blocks between level 0 and 1.
3 For each level ` encode data item in k-blocks between level ` and `+1
Encoding of n data items over a k-ary butterfly, k = logn
13 IRIS: A Robust Information System Against Insider DoS-Attacks
. . .
. . .
. . .
. . .
logkn
. . .
0
Level
1 Place data items in nodes on level 0.
2 Encode data items in k-blocks between level 0 and 1.
3 For each level ` encode data item in k-blocks between level ` and `+1
Encoding of n data items over a k-ary butterfly, k = logn
13 IRIS: A Robust Information System Against Insider DoS-Attacks
data items are spread over all nodes
encoding easily possible in a distributed fashion
when using Reed-Solomon codes, the IRIS system has a constant redundancy
Storage Strategy Properties
14 IRIS: A Robust Information System Against Insider DoS-Attacks
1 Motivation
2 The IRIS SystemStorage strategyThe Lookup ProtocolAnalysis
3 Conclusion
Overview
15 IRIS: A Robust Information System Against Insider DoS-Attacks
Divided into three stages:
1 Preprocessing stage
2 Probing stage
3 Decoding stage
The Lookup Protocol
16 IRIS: A Robust Information System Against Insider DoS-Attacks
Divided into two stages:
1 Butterfly completion
non-blocked servers determine a unique representative for each blocked server
Result: for each blocked server a unique non-blocked server is determined that will takeover the role of the blocked server⇒ we can route in the k-ary butterfly as if all servers are still non-blockedPossible in O(logn) rounds
2 Decoding depth computation
Preprocessing Stage
17 IRIS: A Robust Information System Against Insider DoS-Attacks
Divided into two stages:
1 Butterfly completion
non-blocked servers determine a unique representative for each blocked server
Result: for each blocked server a unique non-blocked server is determined that will takeover the role of the blocked server⇒ we can route in the k-ary butterfly as if all servers are still non-blockedPossible in O(logn) rounds
2 Decoding depth computation
Preprocessing Stage
17 IRIS: A Robust Information System Against Insider DoS-Attacks
1 Butterfly completion X
2 Decoding depth computation
Goal: For each sub butterfly compute the decoding overhead
Preprocessing Stage
18 IRIS: A Robust Information System Against Insider DoS-Attacks
1 Butterfly completion X
2 Decoding depth computation
Goal: For each sub butterfly compute the decoding overhead
0
1
2
3
Preprocessing Stage
18 IRIS: A Robust Information System Against Insider DoS-Attacks
1 Butterfly completion X
2 Decoding depth computation
Goal: For each sub butterfly compute the decoding overhead
0
1
2
3
Preprocessing Stage
18 IRIS: A Robust Information System Against Insider DoS-Attacks
1 Butterfly completion X
2 Decoding depth computation
Goal: For each sub butterfly compute the decoding overhead
0
1
2
3
butterfly node pointing to a non-blocked server
butterfly node pointing to a blocked server
Preprocessing Stage
18 IRIS: A Robust Information System Against Insider DoS-Attacks
1 Butterfly completion X
2 Decoding depth computation
Goal: For each sub butterfly compute the decoding overhead
0 0 0
1 1 1 1 1 1 1 1 11
0
1
2
3
butterfly node pointing to a non-blocked server
butterfly node pointing to a blocked server
u := (`,x) butterfly node on level ` incolumn x
Decoding depth dd`(u) of u on level `:
dd`(u)=
0 u not blocked∞ ` last level & u blocked
Preprocessing Stage
18 IRIS: A Robust Information System Against Insider DoS-Attacks
1 Butterfly completion X
2 Decoding depth computation
Goal: For each sub butterfly compute the decoding overhead
0 0 0
1 1 1 1 1 1 1 1 11
1111 1 1
0
1
2
3
butterfly node pointing to a non-blocked server
butterfly node pointing to a blocked server
u := (`,x) butterfly node on level ` incolumn x
Decoding depth dd`(u) of u on level `:
dd`(u)=
0 u not blocked∞ ` last level & u blockedmaxv∈C(v){dd`(v)}+1 else
Preprocessing Stage
18 IRIS: A Robust Information System Against Insider DoS-Attacks
1 Butterfly completion X
2 Decoding depth computation
Goal: For each sub butterfly compute the decoding overhead
0 0 0
1 1 1 1 1 1 1 1 11
1111 1 1
2 2 1
30
1
2
3
butterfly node pointing to a non-blocked server
butterfly node pointing to a blocked server
u := (`,x) butterfly node on level ` incolumn x
Decoding depth dd`(u) of u on level `:
dd`(u)=
0 u not blocked∞ ` last level & u blockedmaxv∈C(v){dd`(v)}+1 else
Preprocessing Stage
18 IRIS: A Robust Information System Against Insider DoS-Attacks
1 Butterfly completion X
2 Decoding depth computation
Goal: For each sub butterfly compute the decoding overhead
0 0 0
1 1 1 1 1 1 1 1 11
1111 1 1
2 2 1
30
1
2
3
butterfly node pointing to a non-blocked server
butterfly node pointing to a blocked server
u := (`,x) butterfly node on level ` incolumn x
Decoding depth dd`(u) of u on level `:
dd`(u)=
0 u not blocked∞ ` last level & u blockedmaxv∈C(v){dd`(v)}+1 else
dd(u) = dd0(u)
Preprocessing Stage
18 IRIS: A Robust Information System Against Insider DoS-Attacks
1 Butterfly completion X
2 Decoding depth computation
Goal: For each sub butterfly compute the decoding overhead
0 0 0
1 1 1 1 1 1 1 1 11
1111 1 1
2 2 1
30
1
2
3
butterfly node pointing to a non-blocked server
butterfly node pointing to a blocked server
u := (`,x) butterfly node on level ` incolumn x
Decoding depth dd`(u) of u on level `:
dd`(u)=
0 u not blocked∞ ` last level & u blockedmaxv∈C(v){dd`(v)}+1 else
dd(u) = dd0(u)
BF(u): subbutterfly of depth ` u iscontained in
Preprocessing Stage
18 IRIS: A Robust Information System Against Insider DoS-Attacks
1 Butterfly completion X
2 Decoding depth computation
Goal: For each sub butterfly compute the decoding overhead
0 0 0
1 1 1 1 1 1 1 1 11
1111 1 1
2 2 1
30
1
2
3
butterfly node pointing to a non-blocked server
butterfly node pointing to a blocked server
u := (`,x) butterfly node on level ` incolumn x
Decoding depth dd`(u) of u on level `:
dd`(u)=
0 u not blocked∞ ` last level & u blockedmaxv∈C(v){dd`(v)}+1 else
dd(u) = dd0(u)
BF(u): subbutterfly of depth ` u iscontained in
dd(BF(u)) = maxv∈BF(u) dd(v)
Preprocessing Stage
18 IRIS: A Robust Information System Against Insider DoS-Attacks
1 Butterfly completion X
2 Decoding depth computation
Lemmadd(BF)> logk n⇔ exists complete depth logk n bintree of blocked nodes in BF
Example:
n = 27,
k = 3,
logk n = 3,
2logk n = 8 | {z }27 servers, 8 blocked
1111 11 11
0 0
0
0001 1 1 1
11
1
Corollary
Less than 2logk n servers blocked⇒ all data items are recoverable
Preprocessing Stage
19 IRIS: A Robust Information System Against Insider DoS-Attacks
1 Butterfly completion X
2 Decoding depth computation
Lemmadd(BF)> logk n⇔ exists complete depth logk n bintree of blocked nodes in BF
Example:
n = 27,
k = 3,
logk n = 3,
2logk n = 8 | {z }27 servers, 8 blocked
1111 11 11
0 0
0
0001 1 1 1
11
1
Corollary
Less than 2logk n servers blocked⇒ all data items are recoverable
Preprocessing Stage
19 IRIS: A Robust Information System Against Insider DoS-Attacks
Three stages:
1 Preprocessing stage X
2 Probing stage
3 Decoding stage
Lookup Protocol Overview
20 IRIS: A Robust Information System Against Insider DoS-Attacks
Remember:
Each data item d was splitted into c = Θ(logm) pieces.
The c pieces were stored in the servers responsible for h1(d), . . . ,hc(d).
Using Reed-Solomon codes c/4 pieces are sufficient for recovering d.
There is a unique path from each butterfly node on level logk n to each hi(d).
Probing Stage
21 IRIS: A Robust Information System Against Insider DoS-Attacks
Remember:
Each data item d was splitted into c = Θ(logm) pieces.
The c pieces were stored in the servers responsible for h1(d), . . . ,hc(d).
Using Reed-Solomon codes c/4 pieces are sufficient for recovering d.
There is a unique path from each butterfly node on level logk n to each hi(d).
. . . . . .
hi(d)h1(d) hc(d)
. . . . . .
logk n
0
Probing Stage
21 IRIS: A Robust Information System Against Insider DoS-Attacks
Idea:
Each server s that received a lookup request for a data item d chooses c non blocked servers
Forward lookup request for d along the c unique paths Pi(d) from to
. . . . . .
hi(d)h1(d) hc(d)
. . . . . .
logk n
0
s1(d) si(d) sc(d)
(s, d)
Probing Stage
22 IRIS: A Robust Information System Against Insider DoS-Attacks
Idea:
Each server s that received a lookup request for a data item d chooses c non blocked servers
Forward lookup request for d along the c unique paths Pi(d) from to
. . . . . .
hi(d)h1(d) hc(d)
. . . . . .
logk n
0
Pi(d)
s1(d) si(d) sc(d)
(s, d)
Probing Stage
22 IRIS: A Robust Information System Against Insider DoS-Attacks
Lookup forwarding proceeds in O(logk n) rounds
In round r the r-th node of each path Pi(d) determines whether
it received “too many” messages for different lookup requests (node congested)
the decoding depths of its subbutterfly is exceeded (node blocked)
node congested or block⇒ inform origin of lookup request and deactivate requestforwarding along the corresponding path
. . . . . .
hi(d)h1(d) hc(d)
. . . . . .
logk n
0
Pi(d)
s1(d) si(d) sc(d)
(s, d)
Probing Stage
23 IRIS: A Robust Information System Against Insider DoS-Attacks
Lookup forwarding proceeds in O(logk n) rounds
In round r the r-th node of each path Pi(d) determines whether
it received “too many” messages for different lookup requests (node congested)
the decoding depths of its subbutterfly is exceeded (node blocked)
node congested or block⇒ inform origin of lookup request and deactivate requestforwarding along the corresponding path
. . . . . .
hi(d)h1(d) hc(d)
. . . . . .
logk n
0
Pi(d)
s1(d) si(d) sc(d)
(s, d)
Probing Stage
23 IRIS: A Robust Information System Against Insider DoS-Attacks
Lookup forwarding proceeds in O(logk n) rounds
In round r the r-th node of each path Pi(d) determines whether
it received “too many” messages for different lookup requests (node congested)
the decoding depths of its subbutterfly is exceeded (node blocked)
node congested or block⇒ inform origin of lookup request and deactivate requestforwarding along the corresponding path
. . . . . .
hi(d)h1(d) hc(d)
. . . . . .
logk n
0
Pi(d)
s1(d) si(d) sc(d)
(s, d)
Probing Stage
23 IRIS: A Robust Information System Against Insider DoS-Attacks
After O(logk n) rounds:each server that received a lookup request knows the number of deactivated requests
computes smallest level ` such that at least c/2 request were active
if `= 0: lookup successful
else: request is said to belong to level ` and further handled in the decoding stage
. . . . . .
hi(d)h1(d) hc(d)
. . . . . .
logk n
0
s1(d) si(d) sc(d)
(s, d)
`
Probing Stage
24 IRIS: A Robust Information System Against Insider DoS-Attacks
After O(logk n) rounds:each server that received a lookup request knows the number of deactivated requests
computes smallest level ` such that at least c/2 request were active
if `= 0: lookup successful
else: request is said to belong to level ` and further handled in the decoding stage
. . . . . .
hi(d)h1(d) hc(d)
. . . . . .
logk n
0
s1(d) si(d) sc(d)
(s, d)
`
Probing Stage
24 IRIS: A Robust Information System Against Insider DoS-Attacks
Three stages:
1 Preprocessing stage X
2 Probing stage X
3 Decoding stage
Lookup Protocol Overview
25 IRIS: A Robust Information System Against Insider DoS-Attacks
Goal: Decoding of remaining requests
Proceeds in phases from 0 to logk n
Phase `: Handle requests belonging to level `
Decoding Stage
26 IRIS: A Robust Information System Against Insider DoS-Attacks
Phase `:
Divided into Θ(logk n) rounds.
Round 0: Each server s with request for d belonging to level `:
1 Choose set A(d) of c/2 indices from [c] such that the corresponding lookup requests for dwere active in level ` of the probing stage
2 For all i ∈ A(d): initiate spreading of decode(d, i) messages in UT(v)
Remaining Rounds: determine whether “too many” nodes in UT(v) are congested
Decoding Stage
27 IRIS: A Robust Information System Against Insider DoS-Attacks
Phase `:
Divided into Θ(logk n) rounds.
Round 0: Each server s with request for d belonging to level `:
1 Choose set A(d) of c/2 indices from [c] such that the corresponding lookup requests for dwere active in level ` of the probing stage
2 For all i ∈ A(d): initiate spreading of decode(d, i) messages in UT(v)
Remaining Rounds: determine whether “too many” nodes in UT(v) are congested
s1(d) si(d) sc(d)
(s, d)
hi(d)h1(d) hc(d)
`
logk n
0
Decoding Stage
27 IRIS: A Robust Information System Against Insider DoS-Attacks
Phase `:
Divided into Θ(logk n) rounds.
Round 0: Each server s with request for d belonging to level `:
1 Choose set A(d) of c/2 indices from [c] such that the corresponding lookup requests for dwere active in level ` of the probing stage
2 For all i ∈ A(d): initiate spreading of decode(d, i) messages in UT(v)
Remaining Rounds: determine whether “too many” nodes in UT(v) are congested
v
UT (v)
s1(d) si(d) sc(d)
(s, d)
hi(d)h1(d) hc(d)
`
logk n
0
Decoding Stage
27 IRIS: A Robust Information System Against Insider DoS-Attacks
Phase `:
Divided into Θ(logk n) rounds.
Round 0: Each server s with request for d belonging to level `:
1 Choose set A(d) of c/2 indices from [c] such that the corresponding lookup requests for dwere active in level ` of the probing stage
2 For all i ∈ A(d): initiate spreading of decode(d, i) messages in UT(v)
Remaining Rounds: determine whether “too many” nodes in UT(v) are congested
v
UT (v)
s1(d) si(d) sc(d)
(s, d)
hi(d)h1(d) hc(d)
`
logk n
0
Decoding Stage
27 IRIS: A Robust Information System Against Insider DoS-Attacks
At the end of phase `:
each node on level 0 of UT(v) knows whether a node from BF(v) was congested
v sends this information to s
If ≤ c/4 sub-butterflies are congested: s initiates decoding of c/4 sub-butterfliesIf > c/4 sub-butterflies are congested: lookup for d declared to belong to level `+1
Remember: c/4 pieces are sufficient for recovering d (Reed-Solomon)
UT (v)
BF (v)
v
s1(d) si(d) sc(d)
(s, d)
hi(d)h1(d) hc(d)
`
logk n
0
Decoding Stage
28 IRIS: A Robust Information System Against Insider DoS-Attacks
At the end of phase `:
each node on level 0 of UT(v) knows whether a node from BF(v) was congested⇒ v knows whether a node from BF(v) was congestedv sends this information to s⇒ s knows how many of its sub-butterflies are congested
If ≤ c/4 sub-butterflies are congested: s initiates decoding of c/4 sub-butterfliesIf > c/4 sub-butterflies are congested: lookup for d declared to belong to level `+1
Remember: c/4 pieces are sufficient for recovering d (Reed-Solomon)
UT (v)
BF (v)
v
s1(d) si(d) sc(d)
(s, d)
hi(d)h1(d) hc(d)
`
logk n
0
Decoding Stage
28 IRIS: A Robust Information System Against Insider DoS-Attacks
At the end of phase `:
each node on level 0 of UT(v) knows whether a node from BF(v) was congested⇒ v knows whether a node from BF(v) was congestedv sends this information to s⇒ s knows how many of its sub-butterflies are congestedIf ≤ c/4 sub-butterflies are congested: s initiates decoding of c/4 sub-butterfliesIf > c/4 sub-butterflies are congested: lookup for d declared to belong to level `+1
Remember: c/4 pieces are sufficient for recovering d (Reed-Solomon)
UT (v)
BF (v)
v
s1(d) si(d) sc(d)
(s, d)
hi(d)h1(d) hc(d)
`
logk n
0
Decoding Stage
28 IRIS: A Robust Information System Against Insider DoS-Attacks
1 Motivation
2 The IRIS SystemStorage strategyThe Lookup ProtocolAnalysis
3 Conclusion
Overview
29 IRIS: A Robust Information System Against Insider DoS-Attacks
LemmaNumber of lookup requests belonging to level r ∈ {0, . . . , logk n} is ≤ ϕn/kr, ϕ = Θ(k).
⇒ ϕ = Θ(k) lookup requests have to be handled in the last phase of the decoding stage.⇒ No node will be congested in the last phase.⇒ All remaining lookup requests served after the last phase.
LemmaThe lookup protocol of IRIS takes at most O(log2 n) communication rounds with at mostO(log3 n) congestion in every round at each node, w.h.p.
Correctness and Efficiency
30 IRIS: A Robust Information System Against Insider DoS-Attacks
LemmaNumber of lookup requests belonging to level r ∈ {0, . . . , logk n} is ≤ ϕn/kr, ϕ = Θ(k).
⇒ ϕ = Θ(k) lookup requests have to be handled in the last phase of the decoding stage.⇒ No node will be congested in the last phase.⇒ All remaining lookup requests served after the last phase.
LemmaThe lookup protocol of IRIS takes at most O(log2 n) communication rounds with at mostO(log3 n) congestion in every round at each node, w.h.p.
Correctness and Efficiency
30 IRIS: A Robust Information System Against Insider DoS-Attacks
LemmaNumber of lookup requests belonging to level r ∈ {0, . . . , logk n} is ≤ ϕn/kr, ϕ = Θ(k).
⇒ ϕ = Θ(k) lookup requests have to be handled in the last phase of the decoding stage.⇒ No node will be congested in the last phase.⇒ All remaining lookup requests served after the last phase.
LemmaThe lookup protocol of IRIS takes at most O(log2 n) communication rounds with at mostO(log3 n) congestion in every round at each node, w.h.p.
Correctness and Efficiency
30 IRIS: A Robust Information System Against Insider DoS-Attacks
1 Motivation
2 The IRIS SystemStorage strategyThe Lookup ProtocolAnalysis
3 Conclusion
Overview
31 IRIS: A Robust Information System Against Insider DoS-Attacks
What we did:
Development of the first distributed information system that can serve any set of lookuprequests (one per non-blocked node) even under a running insider DoS-attack thatblocks an ε-fraction of the servers efficiently (polylogarithmic time) and correctly.
Basic IRIS
Maximum # of blocked servers 2logk n
Storage Overhead constant
Conclusion
32 IRIS: A Robust Information System Against Insider DoS-Attacks
What we did:
Development of the first distributed information system that can serve any set of lookuprequests (one per non-blocked node) even under a running insider DoS-attack thatblocks an ε-fraction of the servers efficiently (polylogarithmic time) and correctly.
Basic IRIS
Maximum # of blocked servers 2logk n
Storage Overhead constant
Conclusion
32 IRIS: A Robust Information System Against Insider DoS-Attacks
What we did:
Development of the first distributed information system that can serve any set of lookuprequests (one per non-blocked node) even under a running insider DoS-attack thatblocks an ε-fraction of the servers efficiently (polylogarithmic time) and correctly.
Basic IRIS Enhanced IRIS
Maximum # of blocked servers 2logk n εn, ε < 1 arbitrary
Storage Overhead constant logarithmic
Conclusion
32 IRIS: A Robust Information System Against Insider DoS-Attacks
What we did:
Development of the first distributed information system that can serve any set of lookuprequests (one per non-blocked node) even under a running insider DoS-attack thatblocks an ε-fraction of the servers efficiently (polylogarithmic time) and correctly.
Basic IRIS Enhanced IRIS
Maximum # of blocked servers 2logk n εn, ε < 1 arbitrary
Storage Overhead constant logarithmic
Main Differences to Basic IRIS:
use coding strategy that can recover from any two blocked servers within a k-block(e.g. coding strategy EVENODD [1])
k-blocks are no longer organized in a k-ary butterfly, but we make use of permutationswith certain expansion properties
[1] Blaum, Brady, Bruck, Menon: “EVENODD: an optimal scheme for tolerating double disk failures in raidarchitectures.” (SIGARCH Comput. Archit. News, 22(2):245–254, April 1994)
Conclusion
32 IRIS: A Robust Information System Against Insider DoS-Attacks
Thank you for the attention. Questions?
33 IRIS: A Robust Information System Against Insider DoS-Attacks
34 IRIS: A Robust Information System Against Insider DoS-Attacks
Martina Eikel, Christian Scheideler
Sonderforschungsbereich 901Universität PaderbornFürstenallee 1133102 Paderborn
http://sfb901.uni-paderborn.de
MotivationThe IRIS SystemStorage strategyThe Lookup ProtocolAnalysis
Conclusion