Protecting
Network Quality of Service
Against
Denial of Service Attacks
Douglas S. Reeves

S. Felix Wu

Fengmin Gong
NC STATE UNIVERSITY / MCNC
Talk: “00-17 reeves”
CACC Research Review Meeting
October 25, 2000
NC STATE UNIVERSITY / MCNC
New Capabilities...
• Discriminating between users; a good
thing!
– Bandwidth, quality, response time, …
• Based on trust, need, importance, credit,
urgency, .... : Policies!
2
NC STATE UNIVERSITY / MCNC
...New Vulnerabilities
• Steps
– provisioning
– user signaling
– Admission control
– network signaling
– Traffic policing
• Each step is vulnerable!
3
NC STATE UNIVERSITY / MCNC
Attack 1: Excessive User Demands
• Everyone asks for...
– ...maximum resource amount
– ...premium service
4
NC STATE UNIVERSITY / MCNC
Our Solution: Resource Pricing
• (An example: Telephone Network)
5
NC STATE UNIVERSITY / MCNC
Resource Prices Based on Demand
• Predicted-load (static) pricing
• Auction-based (semi-static) pricing
• Congestion-based (dynamic) pricing
• Combined approaches
6
NC STATE UNIVERSITY / MCNC
Policy Specification / Enforcement
• What determines the price?
• How much can each user pay?
7
NC STATE UNIVERSITY / MCNC
Provable Fairness
• Fairness is a policy
• Achievable...
– Pareto optimal
– Weighted max-min fair
– Proportional fair
– Equal QoS
– Maximal aggregate utility
– Maximum revenue
8
NC STATE UNIVERSITY / MCNC
Comparison With Other
Approaches
• First-come, first-served
– “grab resources early and often”
• Fixed (absolute) priority
– starvation problems
• Non-weighted fairness (TCP)
– everyone is equal?
• Other resource pricing work
– static / centralized, restricted fairness
9
NC STATE UNIVERSITY / MCNC
Future Work: Implementation
• Fall 2000 (management tools: Summer 2001)
10
NC STATE UNIVERSITY / MCNC
Fut. Wk.: 3rd Party Authorization
• Spring 2001
11
NC STATE UNIVERSITY / MCNC
Future Work: Service Class
Provisioning
• Given predicted demand for each service
class...
– how much of each service class should
network owner provision?
– what price charge for each class?
• Goals: maximum profit, maximum utility,
...?
12
NC STATE UNIVERSITY / MCNC
Future Work: Protecting the
Pricing Mechanism
• Vulnerability to attack
• Protecting…
– RSVP
– COPS
– SIP
– Policy server and databases
– Authorization server, user database, billing
database
• Spring 2002
13
NC STATE UNIVERSITY / MCNC
Impact of This Work
• Disincentives for "bad" user behavior
• Ability to flexibly specify and enforce
policies
• Efficient (optimal) allocation
• Economic incentives for deployment of
new services
14
NC STATE UNIVERSITY / MCNC
Attack 3: TCP Packet Dropping
• Congestion causes "normal" packet
dropping
• Can malicious packet dropping (not due to
normal congestion) be detected?
– due to corrupted routers
– due to "unfriendly" users
15
NC STATE UNIVERSITY / MCNC
Attack 4: Compromised
DiffServ Routers
16
NC STATE UNIVERSITY / MCNC
Attack Types
• Dropping one data flow to benefit others
• Injecting(spoofing, flooding,...) packets to
a high priority flow
• Remarking packets in a data flow
• Delaying packets in a data flow
• Compromised ingress, core, or egress
routers
17