Talks
Today’s software development landscape has witnessed a shift towards microservices architectures. Using this approach, large software systems are composed of multiple separate microservices, each responsible for specific tasks. The breakdown to microservices is also reflected in the infrastructure, where individual microservices can be executed with different hardware configurations and scaling properties. As systems grow larger, incoming traffic can trigger multiple calls between different microservices to handle each request.
Auto-scaling is a technique widely used to adapt systems to fluctuating traffic loads by automatically increasing (scale-up) and decreasing (scale-down) the number of resources used.
Our work shows that when microservices with separate auto-scaling mechanisms work in tandem to process ingress traffic, they can overload each other. This overload results in throttling (DoS)
or the over-provisioning of resources (EDoS).
In the lecture we will demonstrate how an attacker can exploit the tandem behavior of microservices with different auto-scaling mechanisms to create an attack we denote as the Tandem Attack. We demonstrate the attack on a typical and recommended serverless architecture, using AWS Lambda for code execution and DynamoDB as database. Part of the results will be presented as an IEEE INFOCOM’23 poster.
It is a common belief that Auto-scaling mechanisms serve as a mitigation for Distributed Denial of Service (DDoS) attacks on cloud computing infrastructures by dynamically adding machines to cope with the additional load. Intuitively, such attacks are mostly associated with Economic Denial of Sustainability (EDoS) derived from paying for the extra resources required to process the malicious incoming traffic.
Contrary to this belief, we present and analyze the Yo-Yo attack, a new attack against the auto-scaling mechanism that can cause significant performance degradation in addition to economic damage. We demonstrate the attack on Amazon EC2, Kubernetes, and serverless architecture. We then present and analyze Tandem Attack, a new attack on Microservices architecture. In this attack, the attacker exploits the tandem behavior of services with different auto-scaling mechanisms, causing both economic and performance damage.
Several different DNSSEC configurations have been suggested in recent years in an attempt to address different security and privacy issues in the DNS system. In this presentation we briefly review, and analyse the performances of different configurations using a baseline throughput measurement (based on DNSPERF). We show that while each configuration serves an important role by solving some issues (e.g.: Zone Walking, Scalability for Large Zones), the overall throughput of the system is degraded, and this opens the door to DDoS amplification attacks due to the much larger message size, and extra cryptography computations.
Our goal is to design and implement (PoC level implementation) of a high throughput communication link between DNS resolver and authoritative servers that provides proof of authenticity and at the same time disables zone waking attacks. The motivation is to provide the same level of security as DNSSEC without the poor performances that come with it during a flood of NX requests attack, and without opening the door to zone walking attacks.
We designed and implemented an adaptive communication protocol between recursive resolver and authoritative servers with the above properties. We implemented a PoC that works (with Knot servers) at a throughput close to that of the standard DNS protocol, w/o DNSSEC (20,500 rps, requests per second, compared to 23,500 rps in plain DNS). We note that if one is willing to scarify and enable zone walking attacks, then a much higher throughput solution is possible as demonstrated by the NSEC3 aggressive caching implementation in Knot.
Manufacturer Usage Description (MUD) is a whitelisting-based access control framework allowing IoT manufacturers to publish their devices’ legitimate communications by specifying the permitted end-points and flows using domain names and port\protocol information. In this talk, we present three independent enhancements to the MUD framework.
First, while MUD services typically run on the CPE at the LAN-level, we suggest applying MUD at the ISP-level, thus providing a more scalable solution. We present a demo that summarizes our successful PoC with a large nation-level ISP.
Secondly, some end-points with which an IoT device may communicate are not associated with a domain-name, making it impossible to specify them accurately in a MUD file (e.g., cases of P2P or local end-points within the LAN). We thus extend the MUD architecture to enable accurate specification of such end-points. We then discuss our experience of implementing the solution using osMUD.
Thirdly, while the MUD philosophy is that vendors specify the MUD files, we suggest that for IoT vendors that do not provide MUD files, the files can be automatically acquired from IoT traffic in-the-wild. Combining the automatic acquisition with the first enhancement, the ISP-level architecture, improves both considerably.
Integrating all three enhancements together considerably strengthen and expand the MUD effectiveness and provide a higher security level.
The work presented here is the cumulative product of several projects done in part with: Yehuda Afek, David Hay, Ran Goldschmidt, Lior Shafir, Gafnit Abraham, Avraham Shalev, Ihab Zhaika, Haim Levy, Zohar Yakhini, Bar Meyuhas and Ran Shuster.
We will discuss different attacks on the DNS system and their mitigation. Including a new devastating attack that could easily paralyze parts of the Internet.
Computer networks have undergone and continue to experience a major transformation, whereby billions of low-cost devices are being connected to the network to provide additional functionality and better user experience. Unlike traditional network devices, these devices, collectively known as the “Internet of Things” (IoT), typically have very limited computational, memory, and power resources . These IoT devices became a major security concerns, both due to human factors and to technical challenges in deploying security mechanisms on devices with low resources. The number and diversity of IoT devices creates a huge attack surface that is often exploited by attackers to launch large-scale attacks, sometimes exploiting well-known vulnerabilities.
This talk will highlight the security concerns of IoT devices from a networking perspective and explore how to secure IoT devices using whitelists, in which communication between a device and an endpoint is prohibited unless that endpoint appears in the corresponding whitelist.
Computer networks have undergone and continue to experience a major transformation, whereby billions of low-cost devices are being connected to the network to provide additional functionality and better user experience. Unlike traditional network devices, these devices, collectively known as the “Internet of Things” (IoT), typically have very limited computational, memory, and power resources. These IoT devices became a major security concerns, both due to human factors and to technical challenges in deploying security mechanisms on devices with low resources. The number and diversity of IoT devices creates a huge attack surface that is often exploited by attackers to launch large-scale attacks, sometimes exploiting well-known vulnerabilities. This talk will highlight the security concerns of IoT devices from a networking perspective and explore how to secure IoT devices using whitelists, in which communication between a device and an endpoint is prohibited unless that endpoint appears in the corresponding whitelist. Finally, we will discuss deployment options for such a solution (namely, within the internet gateway, as virtual network function within the ISP network, or a combination of the two).
Computer networks have undergone and continue to experience a major transformation, whereby billions of low-cost devices, Internet of Things (IoTs), are being connected to the network. Unlike traditional network devices, these devices typically have very limited computational, memory, and power resources, and attackers often exploit them to launch large-scale attacks.
This talk will highlight the security concerns of IoT devices from a networking perspective and explore how to secure IoT devices using whitelists, in which communication between a device and an endpoint is prohibited unless that endpoint appears in the device whitelist.
We present a new scalable ISP level architecture to secure and protect IoT devices. We address several challenges in the system design: the whitelist enforcement architecture, ML techniques to identify IoT devices, and the automatic acquisition of whitelists in the wild.