Skip to main content
SpringerLink
Log in

Evaluation of Attack Countermeasures to Improve the DoS Robustness of RSerPool Systems by Simulations and Measurements

  • Conference paper
Kommunikation in Verteilten Systemen (KiVS)

Part of the book series: Informatik aktuell ((INFORMAT))

Abstract

The Reliable Server Pooling (RSerPool) architecture is the IETF’s new standard for a lightweight server redundancy and session failover framework to support availability-critical applications. RSerPool combines the ideas from different research areas into a single, resource-efficient and unified architecture. While there have already been a number of research papers on its performance in general, the robustness against intentional attacks has not been intensively addressed yet. In particular, there have not been any analyses for real setups.

Therefore, the goal of this paper is to provide a robustness analysis in order to outline the attack bandwidth which is necessary for a significant impact on RSerPool-based services. This analysis is based on lab measurements — using a real RSerPool system setup — as well as on measurements for comparison and validation. Furthermore, we present and evaluate countermeasure approaches to significantly reduce the impact of attacks.1

Funded by the State Administration of Foreign Experts Affairs, P. R. China (funding number 20084600036) and the German Research Foundation (Deutsche Forschungsgemeinschaft).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. S. Bellovin, J. Ioannidi, A. Keromytis, and R. Stewart. On the Use of Stream Control Transmission Protocol (SCTP) with IPsec. Standards Track RFC 3554, IETF, July 2003.

    Google Scholar 

  2. S. A. Crosby and D. S. Wallach. Denial of service via Algorithmic Complexity Attacks. In Proceedings of the 12th USENIX Security Symposium, pages 29–44, Washington, DC/U.S.A., Aug. 2003.

    Google Scholar 

  3. T. Dreibholz. Reliable Server Pooling — Evaluation, Optimization and Extension of a Novel IETF Architecture. PhD thesis, University of Duisburg-Essen, Faculty of Economics, Institute for Computer Science and Business Information Systems, Mar. 2007.

    Google Scholar 

  4. T. Dreibholz and E. P. Rathgeb. On the Performance of Reliable Server Pooling Systems. In Proceedings of the IEEE Conference on Local Computer Networks (LCN) 30th Anniversary, pages 200–208, Sydney/Australia, Nov. 2005. ISBN 0-7695-2421-4.

    Google Scholar 

  5. T. Dreibholz and E. P. Rathgeb. On Improving the Performance of Reliable Server Pooling Systems for Distance-Sensitive Distributed Applications. In Proceedings of the 15. ITG/GI Fachtagung Kommunikation in Verteilten Systemen (KiVS), pages 39–50, Bern/Switzerland, Feb. 2007. ISBN 978-3-540-69962-0.

    Google Scholar 

  6. T. Dreibholz and E. P. Rathgeb. A Powerful Tool-Chain for Setup, Distributed Processing, Analysis and Debugging of OMNeT++ Simulations. In Proceedings of the 1st ACM/ICST OMNeT++ Workshop, Marseille/France, Mar. 2008. ISBN 978-963-9799-20-2.

    Google Scholar 

  7. T. Dreibholz and E. P. Rathgeb. An Evaluation of the Pool Maintenance Overhead in Reliable Server Pooling Systems. SERSC International Journal on Hybrid Information Technology (IJHIT), 1(2): 17–32, Apr. 2008.

    Google Scholar 

  8. T. Dreibholz and E. P. Rathgeb. Reliable Server Pooling — A Novel IETF Architecture for Availability-Sensitive Services. In Proceedings of the 2nd IEEE International Conference on Digital Society (ICDS), pages 150–156, Sainte Luce/Martinique, Feb. 2008. ISBN 978-0-7695-3087-1.

    Google Scholar 

  9. T. Dreibholz, E. P. Rathgeb, and X. Zhou. On Robustness and Countermeasures of Reliable Server Pooling Systems against Denial of Service Attacks. In Proceedings of the IFIP Networking, pages 586–598, Singapore, May 2008. ISBN 978-3-540-79548-3.

    Google Scholar 

  10. T. Dreibholz and M. Tüxen. Reliable Server Pooling Policies. RFC 5356, IETF, Sept. 2008.

    Google Scholar 

  11. T. Dreibholz, X. Zhou, and E. P. Rathgeb. A Performance Evaluation of RSerPool Server Selection Policies in Varying Heterogeneous Capacity Scenarios. In Proceedings of the 33rd IEEE EuroMirco Conference on Software Engineering and Advanced Applications, pages 157–164, Lübeck/Germany, Aug. 2007. ISBN 0-7695-2977-1.

    Google Scholar 

  12. I. Foster. What is the Grid? A Three Point Checklist. GRID Today, July 2002.

    Google Scholar 

  13. C. Hohendorf, E. P. Rathgeb, E. Unurkhaan, and M. Tüxen. Secure End-to-End Transport Over SCTP. Journal of Computers, 2(4):31–40, June 2007.

    Article  Google Scholar 

  14. A. Jungmaier, E. Rescorla, and M. Tüxen. Transport Layer Security over Stream Control Transmission Protocol. Standards Track RFC 3436, IETF, Dec. 2002.

    Google Scholar 

  15. P. Lei, L. Ong, M. Tüxen, and T. Dreibholz. An Overview of Reliable Server Pooling Protocols. Informational RFC 5351, IETF, Sept. 2008.

    Google Scholar 

  16. P. Schöttle, T. Dreibholz, and E. P. Rathgeb. On the Application of Anomaly Detection in Reliable Server Pooling Systems for Improved Robustness against Denial of Service Attacks. In Proceedings of the 33rd IEEE Conference on Local Computer Networks (LCN), pages 207–214, Montreal/Canada, Oct. 2008. ISBN 978-1-4244-2413-9.

    Google Scholar 

  17. R. Stewart. Stream Control Transmission Protocol. Standards Track RFC 4960, IETF, Sept. 2007.

    Google Scholar 

  18. R. Stewart, Q. Xie, M. Stillman, and M. Tüxen. Aggregate Server Access Protcol (ASAP). RFC 5352, IETF, Sept. 2008.

    Google Scholar 

  19. M. Stillman, R. Gopal, E. Guttman, M. Holdrege, and S. Sengodan. Threats Introduced by RSerPool and Requirements for Security. RFC 5355, IETF, Sept. 2008.

    Google Scholar 

  20. E. Unurkhaan. Secure End-to-End Transport-A new security extension for SCTP. PhD thesis, University of Duisburg-Essen, Institute for Experimental Mathematics, July 2005.

    Google Scholar 

  21. Q. Xie, R. Stewart, M. Stillman, M. Tüxen, and A. Silverton. Endpoint Handiespace Redundancy Protocol (ENRP). RFC 5353, IETF, Sept. 2008.

    Google Scholar 

  22. X. Zhou, T. Dreibholz, and E. P. Rathgeb. A New Approach of Performance Improvement for Server Selection in Reliable Server Pooling Systems. In Proceedings of the 15th IEEE International Conference on Advanced Computing and Communication (ADCOM), pages 117–121, Guwahati/India, Dec. 2007. ISBN 0-7695-3059-1.

    Google Scholar 

  23. X. Zhou, T. Dreibholz, and E. P. Rathgeb. Improving the Load Balancing Performance of Reliable Server Pooling in Heterogeneous Capacity Environments. In Proceedings of the 3rd Asian Internet Engineering Conference (AINTEC), volume 4866 of Lecture Notes in Computer Science, pages 125–140. Springer, Nov. 2007. ISBN 978-3-540-76808-1.

    Google Scholar 

  24. X. Zhou, T. Dreibholz, and E. P. Rathgeb. A New Server Selection Strategy for Reliable Server Pooling in Widely Distributed Environments. In Proceedings of the 2nd IEEE International Conference on Digital Society (ICDS), pages 171–177, Sainte Luce/Martinique, Feb. 2008. ISBN 978-0-7695-3087-1.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Information Science and Technology, Hainan University, Renmin Avenue 58, 570228, Haikou, Hainan, China

    Xing Zhou & Wencai Du

  2. Institute for Experimental Mathematics, University of Duisburg-Essen, Ellernstrasse 29, 45326, Essen, Germany

    Thomas Dreibholz & Erwin P. Rathgeb

Authors
  1. Xing Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas Dreibholz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wencai Du
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Erwin P. Rathgeb
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Universität Kassel, FB 16, Wilhelmshöher Allee 73, 34121, Kassel

    Klaus David  & Kurt Geihs  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhou, X., Dreibholz, T., Du, W., Rathgeb, E.P. (2009). Evaluation of Attack Countermeasures to Improve the DoS Robustness of RSerPool Systems by Simulations and Measurements. In: David, K., Geihs, K. (eds) Kommunikation in Verteilten Systemen (KiVS). Informatik aktuell. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-92666-5_18

Download citation

Publish with us

Policies and ethics

Search

Navigation