Towards denial-of-service resistant Internet services

Christian Scheideler

Abstract:

Denial-of-service (DoS) attacks are plaguing the Internet every day. How
resistent can an Internet service be made against DoS attacks? Surprisingly,
the right algorithmic techniques can make it extremely robust, even against
insider attacks. Consider, for example, the problem of designing a distributed
information service that is robust against so-called past insider attacks. In
a
past insider attack, an insider has COMPLETE knowledge of the system up to
some
time step t not known the system and can use that knowledge to start a DoS
attack that can shut down a constant fraction of its servers. Nevertheless, a
scalable distributed information service can be set up that can survive any
attack of this type in a sense that ANYTHING inserted or updated in the system
after step t will be safe against the attack. But what if the attacker has the
capabilities to shut down all of the servers? Then NO algorithmic technique
will be able to protect it. In this case, changes to the Internet architecture
are necessary. I claim that the necessary changes are relatively small - just
the protocols at the edge of the Internet have to be changed. ISPs have to
provide and enforce a pseudonymity service and a filtering service for anyone
connecting to the Internet (including both providers and customers). For the
filtering service, it would be sufficient to allow Internet users to specify
rate caps on certain connections similar to port filtering or IP address
filtering as it is already used at ISPs. I will argue that in this case
Internet services can be designed that are by far more robust against DoS
attacks than possible today.