8/21/2019 DOS Attack (1)

1/11

Mitigating Denial-of-Service Attacks on the Chord Overlay Network: A Location Hiding

Approach

Abstract

An overlay network is a virtual network formed by nodes (desktop workstations) on top of an existing

TCP/IP-network. Overlay networks typically support a lookup protocol. A lookup operation identifiesthe location of a file given its filename. Location of a file denotes the IP-address of the node that

currently hosts the file. This project is a location hiding approach for mitigating the denial of service

attacks on the chord overlay network. Serverless distributed computing has received significant

attention from both the industry and the research community. Among the mostpopular applications are the wide-area network file systems, exemplified by CFS, Farsite, and

OceanStore. These file systems store files on a large collection of untrusted nodes that form an overlay

network. They use cryptographic techniques to maintain file confidentiality and integrity from

malicious nodes. Unfortunately, cryptographic techniques cannot protect a file holder from a denial-of-service (DoS) attack or a host compromise attack. Hence, most of these distributed file systems are

vulnerable to targeted file attacks, wherein an adversary attempts to attack a small (chosen) set of files

by attacking the nodes that host them.

Existing System

Several serverless file storage services, like CFS, Farsite, OceanStore, and SiRiUS, have recentlyemerged.

An overlay network is a virtual network formed by nodes (desktop workstations) on top of an existing

TCP/IP-network.

Disadvantages

A major drawback with serverless file systems is that they are vulnerable to targeted attacks on files.

The fundamental problem with these systems is that: 1) the number of replicas maintained by the

system is usually much smaller than the number of malicious nodes.

Serverless file storage services are faced with the challenge of having to harness the collectiveresources of loosely coupled, insecure, and unreliable machines to provide a secure and reliable

file storage service.

8/21/2019 DOS Attack (1)

2/11

Proposed SystemThis paper presents LocationGuarda location hiding technique for securing overlay filestorage systems from targeted file attacks.

Our experimental results quantify the overhead of employing LocationGuard and demonstrate its

effectiveness against DoS attacks, host compromise attacks, and various location inference attacks.

Advantages

A file lookup is guaranteed to succeed if and only if the file is present in the system.

A file lookup terminates in a small and bounded number of hops.

The files are uniformly distributed among all active nodes.

The system handles dynamic node joins and leaves.

Software Requirements:

FRONT END : C#

TOOLS USED : Microsoft visual studio 2008/10

BACK END: SQL Server 2005/2008

OPERATING SYSTEM: WINDOWS XP/7

Hardware Requirements:

PROCESSOR : PENTIUM IV 2.6 GHz

RAM : 512 MBMONITOR : 15

HARD DISK : 20 GBCDDRIVE : 52X

KEYBOARD : STANDARD 102 KEYS

MOUSE : 3 BUTTONS

8/21/2019 DOS Attack (1)

3/11

Module:

Client Application

The Client application consists of logging and request process. In this application we can

login by using a user name and password. After logging inside we can select any field of booksto download. Then we make a request to download the book.

Location Guard

The Location Guard gets the request from the client application. Then it processes the request.

This location guard is used in between the client and the file server. The purpose of this location

guard is to hide the location of the file server to everyone who accesses the file to download.

Thus we are avoiding the Denial of Service attack.

Routing Guard

The Routing guard is present in the Location Guard. This routing guard checks whether the

requested file is available in any file server. Then the request is forwarded to the file server

which contains the requested file. Then the location guard sends the file to the client application.

File Server

The file server is the owners of all the files available in the overlay network. This file server gets

the request of the client through the Location Guard. Then the file server checks with the file and

it sends the file to the Location guard. Thus the file is downloaded in the client application. The

location of these file servers are hided from the clients and hackers by the location guard to avoid

the Denial of Service.

8/21/2019 DOS Attack (1)

4/11

Diagram:

Client Application

Location Guard

Routing Guard

8/21/2019 DOS Attack (1)

5/11

File Servers

Data Flow Diagram

8/21/2019 DOS Attack (1)

6/11

Use Case Diagram

Class Diagram

8/21/2019 DOS Attack (1)

7/11

Collaboration Diagram

Sequence Diagram

LocationGuardClientApp RoutingGuard

FileServer1 FileServer2

1: Request 2: requestPass

3: requestTransfer4: request File

5: fileAdd6: File

7: File8: downloadedFile

8/21/2019 DOS Attack (1)

8/11

ClientApp :

ClientApp

LocationGuard

...

RoutingGuard :

RoutingGuard

FileServer1 :

(FileServer1)

FileServer2 :

FileServer2

Request

requestPass

requestTransfer

request File

fileAdd

File

File

downloadedFile

8/21/2019 DOS Attack (1)

9/11

State Diagram

Logged In

Selected

Technology

Request

Book

Process

Request

Forward request to

Server

Server

responds

File

Downloaded

Availability

Check

8/21/2019 DOS Attack (1)

10/11

Activity Diagram

Conclusion

We have described LocationGuarda technique for securing wide-area serverless file sharing

systems from targeted file attacks. Analogous to traditional cryptographic keys that hide the

contents of a file, LocationGuard hides the location of a file on an overlay network.

LocationGuard protects a target file from DoS attacks, host compromise attacks, and file location

inference attacks by providing a simple and efficient access control mechanism with minimal

performance and storage overhead. The unique characteristics of LocationGuard approach is the

careful combination of location key, routing guard, and an extensible package of location

inference guards, which makes it very hard for an adversary to infer the location of a target fileby either actively or passively observing the overlay network. Our experimental results quantify

the overhead of employing location guards and demonstrate the effectiveness of the

LocationGuard scheme against DoS attacks, host compromise attacks, and various location

inference attacks.

Login

Select Book

Send DownloadRequest

Recieve Book

Select

Technology

8/21/2019 DOS Attack (1)

11/11

References

[1] A. Adya, W. Bolosky, M. Castro, G. Cermak, R. Chaiken, J.R. Douceur, J. Howell,

J.R. Lorch, M. Theimer, and R.P. Wattenhofer, Farsite: Federated, Available and

Reliable Storage for an Incompletely Trusted Environment, Proc. Fifth Symp. Operating

Systems Design and Implementation (OSDI), 2002.

[2] M. Atallah, K. Frikken, and M. Blanton, Dynamic and Efficient Key Management

for Access Hierarchies, Proc. 12th ACM Conf. Computer and Comm. Security (CCS),

2005.

[3] M.J. Atallah, M. Blanton, and K.B. Frikken, Incorporating Temporal Capabilities in

Existing Key Management Schemes, Proc. 12th European Symp. Research in Computer

Security (ESORICS), 2007.

[4] J.K.B. Zhao and A. Joseph, Tapestry: An Infrastructure for Fault- Tolerance Wide-

Area Location and Routing, Technical Report UCB/CSD-01-1141, Univ. of California,

Berkeley, 2001.

[5] E. Cohen and D. Jefferson, Protection in the Hydra Operating System, Proc. Fifth

ACM Symp. Operating System Principles (SOSP), 1975.