It is a common belief that Auto-scaling mechanisms serve as a mitigation for Distributed Denial of Service (DDoS) attacks on cloud computing infrastructures by dynamically adding machines to cope with the additional load. Intuitively, such attacks are mostly associated with Economic Denial of Sustainability (EDoS) derived from paying for the extra resources required to process the malicious incoming traffic.
Contrary to this belief, we present and analyze the Yo-Yo attack, a new attack against the auto-scaling mechanism that can cause significant performance degradation in addition to economic damage. We demonstrate the attack on Amazon EC2, Kubernetes, and serverless architecture. We then present and analyze Tandem Attack, a new attack on Microservices architecture. In this attack, the attacker exploits the tandem behavior of services with different auto-scaling mechanisms, causing both economic and performance damage.
Manufacturer Usage Description (MUD) is a whitelisting-based access control framework allowing IoT manufacturers to publish their devices’ legitimate communications by specifying the permitted end-points and flows using domain names and port\protocol information. In this talk, we present three independent enhancements to the MUD framework.
First, while MUD services typically run on the CPE at the LAN-level, we suggest applying MUD at the ISP-level, thus providing a more scalable solution. We present a demo that summarizes our successful PoC with a large nation-level ISP.
Secondly, some end-points with which an IoT device may communicate are not associated with a domain-name, making it impossible to specify them accurately in a MUD file (e.g., cases of P2P or local end-points within the LAN). We thus extend the MUD architecture to enable accurate specification of such end-points. We then discuss our experience of implementing the solution using osMUD.
Thirdly, while the MUD philosophy is that vendors specify the MUD files, we suggest that for IoT vendors that do not provide MUD files, the files can be automatically acquired from IoT traffic in-the-wild. Combining the automatic acquisition with the first enhancement, the ISP-level architecture, improves both considerably.
Integrating all three enhancements together considerably strengthen and expand the MUD effectiveness and provide a higher security level.
The work presented here is the cumulative product of several projects done in part with: Yehuda Afek, David Hay, Ran Goldschmidt, Lior Shafir, Gafnit Abraham, Avraham Shalev, Ihab Zhaika, Haim Levy, Zohar Yakhini, Bar Meyuhas and Ran Shuster.
Computer networks have undergone and continue to experience a major transformation, whereby billions of low-cost devices, Internet of Things (IoTs), are being connected to the network. Unlike traditional network devices, these devices typically have very limited computational, memory, and power resources, and attackers often exploit them to launch large-scale attacks.
This talk will highlight the security concerns of IoT devices from a networking perspective and explore how to secure IoT devices using whitelists, in which communication between a device and an endpoint is prohibited unless that endpoint appears in the device whitelist.
We present a new scalable ISP level architecture to secure and protect IoT devices. We address several challenges in the system design: the whitelist enforcement architecture, ML techniques to identify IoT devices, and the automatic acquisition of whitelists in the wild.