Roger P. Karrer's Homepage

Roger P. Karrer

Senior Research Scientist

Address:
Ernst-Reuter-Platz 7
D-10587 Berlin
Germany

Phone:+49 30 8353 58459
Fax: +49 30 8353 58409

Email: roger [dott] karrer [att] telekom [dot] de

Introduction

The openness of the Internet design is one factor that has led to its spectacular growth. However, we are increasingly seeing the dark side of this openness, as worms, viruses, Distributed Denial of Service (DDoS) attacks, phishing and pharming are threatening the stability and the use of the Internet. I am currently investigating two issues related to DDoS attacks:

EC: an edge-based capability approach to thwart DDoS attacks on access networks
Designing the perfect DDoS attack

Edge-based capabilities

Access networks are frequent bottlenecks in the Internet and therefore prone to attack DDoS attacks. To defend against such DDoS flooding attacks, related work attempts to identify malicious flow based on their conformance to TCP friendliness. However, today, we notice a trend towards stealthy attacks where zombie machines attack a target and thereby behave as if they were legitimate clients. To address these attacks, we take a different approach: we investigate how the concept of capabilities (e.g., CAPTCHAs, Puzzles) can be leveraged to prevent DDoS attacks inside the network.

Ulrich Kühn and Roger Karrer: Edge-based capabilities: controlling unsolicited traffic in the Internet. 3rd place of the First German Award for IT security of the Horst Görtz Stiftung for our work Edge-based Capabilities (EC). More information about the news is available from heise.de, the International School of IT Security (is-its), the Deutsche Telekom Website, or the Deutsche Telekom Laboratories Website.
Roger Karrer, EC: an edge-based architecture against DDoS attacks and malware spread. In Proceedings of the 2nd International Workshop on Security in Networks and Distributed Systems (SNDS'06), in conjunction with AINA 2006, Vienna, Austria, April 2006. pdf
Roger Karrer and Ulrich Kühn, Method, Computer Network System and Gate for Identifying and Controlling Unsolicited Traffic.. European Patent application, filed April 12, 2006

Designing the perfect DDoS attack

Today, we note a trend away from brute force DDoS attacks towards sophisticated, stealthy DDoS attacks. We start with the question what a perfect DDoS attack could look like and whether and how it could be detected in theory. Then, we will assess how closely to the theoretical results we can get in reality. No detailed public information is currently available on this topic.