Secure%20Collective%20Defense%20Network%20(SCOLD)

1
Secure Collective Defense Network(SCOLD)

• C. Edward Chow Yu CaiDave WilkinsonSarah
  Jelinek

Part of this project is sponsored by a grant from
NISSC and a seed grant from EAS RDC.
2
Goals of SCOLD Project

• The goal of the project is to investigate
  techniques for enhancing Internet security and
  protecting the Internet Infrastructure through
  collective defense.
• SCOLD explores the use of alternate gateways and
  a collection of proxy servers for intrusion
  tolerance.
• SCOLD pushes back intrusion attacks using an
  enhanced IDIP (Intrusion Detection and Isolation
  Protocol) and SLP (Service Location Protocol).

3
How to use Alternate Routes When Under DDoS
Attack
4
SCOLD ApproachRedirect Through Proxy Servers
5
Timeline and Deliverables

• Phase 1. 6/2/2003-7/9/2003 (feasibility study)
• Extend Bind9 DNS with Secure DNS update/query
  including indirect routing entries
• Develop indirect routing with IP tunnel
• NISSC Midterm Report.
• Phase 2. 7/10/2003-8/9/2003 (SCID 0.1
  development)
• Develop SCID protocol among SCID coordinator,
  proxy server, DNS server, and target.
• Integrate proxy server with A2D2 for intrusion
  detection.
• Enhance A2D2 IDS with IDIP protocol for intrusion
  push back.
• Phase 3. 8/10/2003-9/9/2003
• Create test scripts and benchmark to evaluate
  SCID version 0.1 system
• Suggest improvements to SCID version 0.2 system.
• NISSC Final Report.

6
Status

• Extended Bind9 DNS with DNS update with new
  indirect routing entry/query
• Developing client side indirect routing with IP
  tunnel
• Modified client resolve library to create IP
  tunnel when receives new indirect routing entry
  from DNS server.
• Created protocol for SCOLD coordinator to issue
  the indirect routing requests to target DNS,
  proxy server, alternate way, and target server.
• Perform initial performance evaluation
• Setting up two SCOLD prototype test beds.
• One with virtual machines using vmware.
• One with real machines connected by small switch.
• Looking for sites to participate in real Internet
  WAN tests!

7
Secure DNS Update
target.targetnet.com. 10 IN A 133.41.96.71 target.targetnet.com. 10 IN ALT 203.55.57.102                         10 IN ALT 203.55.57.103                         10 IN ALT 185.11.16.49
8
SCOLD Indirect Routing Using Daemons
9
Indirect Routing With Modified Client Resolve
Library
10
How about using NAT?
11
Pro and Con of Using NAT

• Advantages
• No changes in Client DNS server and Client
• Disadvantages
• IP spoofing (Client use reverse DNS lookup will
  find IP address belong to different organization)
• Proxy server have limited IP addresses and may
  force to use IP masquerade (Client needs to use
  different port)

12
Pro and Con of Using SCOLD

• Advantages
• Allow the use of multiple routes
• Use them simultaneously increase aggregate
  bandwidth
• Select one of them and fall back to other for
  reliability and security
• Avoid bottleneck.
• Disadvantages
• Require redesign of DNS and routing, modify the
  client resolve library.
• Overhead associated with indirect route

13
SCOLD Testbed
14
Performance of SCOLD Systems
15
Performance of Enhanced Resolve Library
16
Summary

• It is our hope that the preliminary research
  results of the SCOLD project will produce a
  valuable secure software package, and provide
  valuable insights for the network security
  related proposals.
• Currently we are focus on the secure DNS update
  and indirect route

17
Need your help to test SCOLD

• Requirement for a full SCOLD service node
  (capable of issuing reroute requests)
• Three Linux Redhat 9 machines. Two served as
  gateways with connections to two different
  Internet subnets or ISPs. One runs target DNS
  server, web server, and SCOLD coordinator.