Abstract
The Reliable Server Pooling (RSerPool) architecture is the IETF’s new standard for a lightweight server redundancy and session failover framework to support availability-critical applications. RSerPool combines the ideas from different research areas into a single, resource-efficient and unified architecture. While there have already been a number of research papers on its performance in general, the robustness against intentional attacks has not been intensively addressed yet. In particular, there have not been any analyses for real setups.
Therefore, the goal of this paper is to provide a robustness analysis in order to outline the attack bandwidth which is necessary for a significant impact on RSerPool-based services. This analysis is based on lab measurements — using a real RSerPool system setup — as well as on measurements for comparison and validation. Furthermore, we present and evaluate countermeasure approaches to significantly reduce the impact of attacks.1
Funded by the State Administration of Foreign Experts Affairs, P. R. China (funding number 20084600036) and the German Research Foundation (Deutsche Forschungsgemeinschaft).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
S. Bellovin, J. Ioannidi, A. Keromytis, and R. Stewart. On the Use of Stream Control Transmission Protocol (SCTP) with IPsec. Standards Track RFC 3554, IETF, July 2003.
S. A. Crosby and D. S. Wallach. Denial of service via Algorithmic Complexity Attacks. In Proceedings of the 12th USENIX Security Symposium, pages 29–44, Washington, DC/U.S.A., Aug. 2003.
T. Dreibholz. Reliable Server Pooling — Evaluation, Optimization and Extension of a Novel IETF Architecture. PhD thesis, University of Duisburg-Essen, Faculty of Economics, Institute for Computer Science and Business Information Systems, Mar. 2007.
T. Dreibholz and E. P. Rathgeb. On the Performance of Reliable Server Pooling Systems. In Proceedings of the IEEE Conference on Local Computer Networks (LCN) 30th Anniversary, pages 200–208, Sydney/Australia, Nov. 2005. ISBN 0-7695-2421-4.
T. Dreibholz and E. P. Rathgeb. On Improving the Performance of Reliable Server Pooling Systems for Distance-Sensitive Distributed Applications. In Proceedings of the 15. ITG/GI Fachtagung Kommunikation in Verteilten Systemen (KiVS), pages 39–50, Bern/Switzerland, Feb. 2007. ISBN 978-3-540-69962-0.
T. Dreibholz and E. P. Rathgeb. A Powerful Tool-Chain for Setup, Distributed Processing, Analysis and Debugging of OMNeT++ Simulations. In Proceedings of the 1st ACM/ICST OMNeT++ Workshop, Marseille/France, Mar. 2008. ISBN 978-963-9799-20-2.
T. Dreibholz and E. P. Rathgeb. An Evaluation of the Pool Maintenance Overhead in Reliable Server Pooling Systems. SERSC International Journal on Hybrid Information Technology (IJHIT), 1(2): 17–32, Apr. 2008.
T. Dreibholz and E. P. Rathgeb. Reliable Server Pooling — A Novel IETF Architecture for Availability-Sensitive Services. In Proceedings of the 2nd IEEE International Conference on Digital Society (ICDS), pages 150–156, Sainte Luce/Martinique, Feb. 2008. ISBN 978-0-7695-3087-1.
T. Dreibholz, E. P. Rathgeb, and X. Zhou. On Robustness and Countermeasures of Reliable Server Pooling Systems against Denial of Service Attacks. In Proceedings of the IFIP Networking, pages 586–598, Singapore, May 2008. ISBN 978-3-540-79548-3.
T. Dreibholz and M. Tüxen. Reliable Server Pooling Policies. RFC 5356, IETF, Sept. 2008.
T. Dreibholz, X. Zhou, and E. P. Rathgeb. A Performance Evaluation of RSerPool Server Selection Policies in Varying Heterogeneous Capacity Scenarios. In Proceedings of the 33rd IEEE EuroMirco Conference on Software Engineering and Advanced Applications, pages 157–164, Lübeck/Germany, Aug. 2007. ISBN 0-7695-2977-1.
I. Foster. What is the Grid? A Three Point Checklist. GRID Today, July 2002.
C. Hohendorf, E. P. Rathgeb, E. Unurkhaan, and M. Tüxen. Secure End-to-End Transport Over SCTP. Journal of Computers, 2(4):31–40, June 2007.
A. Jungmaier, E. Rescorla, and M. Tüxen. Transport Layer Security over Stream Control Transmission Protocol. Standards Track RFC 3436, IETF, Dec. 2002.
P. Lei, L. Ong, M. Tüxen, and T. Dreibholz. An Overview of Reliable Server Pooling Protocols. Informational RFC 5351, IETF, Sept. 2008.
P. Schöttle, T. Dreibholz, and E. P. Rathgeb. On the Application of Anomaly Detection in Reliable Server Pooling Systems for Improved Robustness against Denial of Service Attacks. In Proceedings of the 33rd IEEE Conference on Local Computer Networks (LCN), pages 207–214, Montreal/Canada, Oct. 2008. ISBN 978-1-4244-2413-9.
R. Stewart. Stream Control Transmission Protocol. Standards Track RFC 4960, IETF, Sept. 2007.
R. Stewart, Q. Xie, M. Stillman, and M. Tüxen. Aggregate Server Access Protcol (ASAP). RFC 5352, IETF, Sept. 2008.
M. Stillman, R. Gopal, E. Guttman, M. Holdrege, and S. Sengodan. Threats Introduced by RSerPool and Requirements for Security. RFC 5355, IETF, Sept. 2008.
E. Unurkhaan. Secure End-to-End Transport-A new security extension for SCTP. PhD thesis, University of Duisburg-Essen, Institute for Experimental Mathematics, July 2005.
Q. Xie, R. Stewart, M. Stillman, M. Tüxen, and A. Silverton. Endpoint Handiespace Redundancy Protocol (ENRP). RFC 5353, IETF, Sept. 2008.
X. Zhou, T. Dreibholz, and E. P. Rathgeb. A New Approach of Performance Improvement for Server Selection in Reliable Server Pooling Systems. In Proceedings of the 15th IEEE International Conference on Advanced Computing and Communication (ADCOM), pages 117–121, Guwahati/India, Dec. 2007. ISBN 0-7695-3059-1.
X. Zhou, T. Dreibholz, and E. P. Rathgeb. Improving the Load Balancing Performance of Reliable Server Pooling in Heterogeneous Capacity Environments. In Proceedings of the 3rd Asian Internet Engineering Conference (AINTEC), volume 4866 of Lecture Notes in Computer Science, pages 125–140. Springer, Nov. 2007. ISBN 978-3-540-76808-1.
X. Zhou, T. Dreibholz, and E. P. Rathgeb. A New Server Selection Strategy for Reliable Server Pooling in Widely Distributed Environments. In Proceedings of the 2nd IEEE International Conference on Digital Society (ICDS), pages 171–177, Sainte Luce/Martinique, Feb. 2008. ISBN 978-0-7695-3087-1.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhou, X., Dreibholz, T., Du, W., Rathgeb, E.P. (2009). Evaluation of Attack Countermeasures to Improve the DoS Robustness of RSerPool Systems by Simulations and Measurements. In: David, K., Geihs, K. (eds) Kommunikation in Verteilten Systemen (KiVS). Informatik aktuell. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-92666-5_18
Download citation
DOI: https://doi.org/10.1007/978-3-540-92666-5_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-92665-8
Online ISBN: 978-3-540-92666-5
eBook Packages: Computer Science and Engineering (German Language)