| 講演名 | 2016-03-03 Collaborative Spoofing Detection and Mitigation - SDN based looping authentication for DNS services Nor Masri bin Sahri(九大), Koji Okamura(九大), |
|---|---|
| PDFダウンロードページ |  PDFダウンロードページへ |
| 抄録(和) | As DNS packet are mostly UDP-based, make it as a perfect platform for hackers to launch a well-known type of distributed denial of service (DDoS). The purpose of this attack is to saturate the DNS server availability and resources with ?unwanted? DNS query traffic. This type of attack utilizes a large number of botnet and usually perform spoofing on the IP address of the targeted victim. While it is difficult to identify which one is legitimate or attack traffic, we take a different approach for spoofing detection and mitigation strategies to protect the DNS server by utilizing Software Defined Networking (SDN). In this paper, we present CAuth, a novel mechanism that autonomously block the spoofing query packet while authenticate the legitimate query. By manipulating Openflow control message, we design a collaborative approach between client and server network. Whenever a server controller receives query packet, it will send an authentication packet back to the client network and later the client controller also reply via authentication packet back to the server controller. The server controller will only forward the query to the respective server if it receives the replied authentication packet from the client. Most notably, our mechanism designed with no changes in existing DNS application and Openflow protocol. From the evaluation, CAuth instantly manage to block 100% spoofing query packet as soon as the mechanism started. |
| 抄録(英) | As DNS packet are mostly UDP-based, make it as a perfect platform for hackers to launch a well-known type of distributed denial of service (DDoS). The purpose of this attack is to saturate the DNS server availability and resources with ?unwanted? DNS query traffic. This type of attack utilizes a large number of botnet and usually perform spoofing on the IP address of the targeted victim. While it is difficult to identify which one is legitimate or attack traffic, we take a different approach for spoofing detection and mitigation strategies to protect the DNS server by utilizing Software Defined Networking (SDN). In this paper, we present CAuth, a novel mechanism that autonomously block the spoofing query packet while authenticate the legitimate query. By manipulating Openflow control message, we design a collaborative approach between client and server network. Whenever a server controller receives query packet, it will send an authentication packet back to the client network and later the client controller also reply via authentication packet back to the server controller. The server controller will only forward the query to the respective server if it receives the replied authentication packet from the client. Most notably, our mechanism designed with no changes in existing DNS application and Openflow protocol. From the evaluation, CAuth instantly manage to block 100% spoofing query packet as soon as the mechanism started. |
| キーワード(和) | spoofing detection / dns flooding attack / authentication / network security / openflow / SDN |
| キーワード(英) | spoofing detection / dns flooding attack / authentication / network security / openflow / SDN |
| 資料番号 | SITE2015-58,IA2015-90 |
| 発行日 | 2016-02-25 (SITE, IA) |
| 研究会情報 | |
| 研究会 | IA / SITE / IPSJ-IOT |
|---|---|
| 開催期間 | 2016/3/3(から2日開催) |
| 開催地(和) | 虹の松原ホテル (佐賀県唐津市) |
| 開催地(英) | Nijino-Matsubara Hotel (Karatsu-shi, Saga-prefecture) |
| テーマ(和) | インターネットと情報倫理教育、一般 |
| テーマ(英) | Internet and Information Ethics Education, etc. |
| 委員長氏名(和) | 吉田 健一(筑波大) / 吉開 範章(日大) |
| 委員長氏名(英) | Ken-ichi Yoshida(Univ. of Tsukuba) / Noriaki Yoshikai(Nihon Univ.) |
| 副委員長氏名(和) | 大崎 博之(関西学院大) / 地引 昌弘(NICT) / 中村 豊(九工大) / 岡田 仁志(NII) / 森住 哲也(ネッツエスアイ東洋) |
| 副委員長氏名(英) | Hiroyuki Osaki(Kwansei Gakuin Univ.) / Masahiro Jibiki(NICT) / Yutaka Nakamura(Kyushu Inst. of Tech.) / Hitoshi Okada(NII) / Tetsuya Morizumi(Toyo Networks & System Integration) |
| 幹事氏名(和) | 松浦 知史(東工大) / 義久 智樹(阪大) / 宮田 純子(神奈川大) / 多川 孝央(九大) |
| 幹事氏名(英) | Satoshi Matsuura(Tokyo Inst. of Tech.) / Tomoki Yoshihisa(Osaka Univ.) / Sumiko Miyama(Kanagawa Univ.) / Takahiro Tagawa(Kyushu Univ.) |
| 幹事補佐氏名(和) | 屏 雄一郎(KDDI研) / 山本 寛(立命館大) / 渡辺 俊貴(NEC) / 芳賀 高洋(岐阜聖徳学園大) |
| 幹事補佐氏名(英) | Yuichiro Hei(KDDI R&D Labs.) / Hiroshi Yamamoto(Ritsumeikan Univ.) / Toshiki Watanabe(NEC) / Takahiro Haga(Gifu Shotoku Gakuen Univ.) |
| 講演論文情報詳細 | |
| 申込み研究会 | Technical Committee on Internet Architecture / Technical Committee on Social Implications of Technology and Information Ethics / Special Interest Group on Internet and Operation Technology |
|---|---|
| 本文の言語 | ENG |
| タイトル(和) | |
| サブタイトル(和) | |
| タイトル(英) | Collaborative Spoofing Detection and Mitigation - SDN based looping authentication for DNS services |
| サブタイトル(和) | |
| キーワード(1)(和/英) | spoofing detection / spoofing detection |
| キーワード(2)(和/英) | dns flooding attack / dns flooding attack |
| キーワード(3)(和/英) | authentication / authentication |
| キーワード(4)(和/英) | network security / network security |
| キーワード(5)(和/英) | openflow / openflow |
| キーワード(6)(和/英) | SDN / SDN |
| 第 1 著者 氏名(和/英) | Nor Masri bin Sahri / Nor Masri bin Sahri |
| 第 1 著者 所属(和/英) | Kyushu University(略称:九大) Kyushu University(略称:Kyushu University) |
| 第 2 著者 氏名(和/英) | Koji Okamura / Koji Okamura |
| 第 2 著者 所属(和/英) | Kyushu University(略称:九大) Kyushu University(略称:Kyushu University) |
| 発表年月日 | 2016-03-03 |
| 資料番号 | SITE2015-58,IA2015-90 |
| 巻番号(vol) | vol.115 |
| 号番号(no) | SITE-481,IA-482 |
| ページ範囲 | pp.55-60(SITE), pp.55-60(IA), |
| ページ数 | 6 |
| 発行日 | 2016-02-25 (SITE, IA) |