open menu
A Retrospective on an Overlay-based DDoS Defense Mechanism_Seminar Series: CyberSecurity in Spring: The Spring of CyberSecurity
A Retrospective on an Overlay-based DDoS Defense Mechanism

by Angelos Keromytis, Professor, Georgia Tech

March 22nd, 2021 17:00

Host: Evangelos Markatos, Computer Science Department, University of Crete


Denial of service (DoS) attacks continue to threaten the reliability of networking systems. Previous approaches for protecting networks from DoS attacks are reactive in that they wait for an attack to be launched before taking appropriate measures to protect the network. This leaves the door open for other attacks that use more sophisticated methods to mask their traffic. We propose an architecture called Secure Overlay Services (SOS) that proactively prevents DoS attacks, geared toward supporting Emergency Services or similar types of communication. The architecture is constructed using a combination of secure overlay tunneling, routing via consistent hashing, and filtering. We reduce the probability of successful attacks by (i) performing intensive filtering near protected network edges, pushing the attack point perimeter into the core of the network, where high-speed routers can handle the volume of attack traffic, and (ii) introducing randomness and anonymity into the architecture, making it difficult for an attacker to target nodes along the path to a specific SOS-protected destination. Using simple analytical models, we evaluate the likelihood that an attacker can successfully launch a DoS attack against an SOS-protected network. Our analysis demonstrates that such an architecture reduces the likelihood of a successful attack to minuscule levels.

Short Biography
Dr. Angelos D. Keromytis is Professor, John H. Weitnauer, Jr. Chair, and Georgia Research Alliance (GRA) Eminent Scholar at the Georgia Institute of Technology. His field of research is systems and network security, and applied cryptography. He came to Georgia Tech from DARPA, where he served as Program Manager in the Information Innovation Office (I2O) from 2014 to 2018. During that time, he initiated five major research initiatives in cybersecurity and managed a portfolio of nine programs, and supervised technology transitions and partnerships with numerous elements of the Department of Defense, the Intelligence Community, Law Enforcement, and other parts of the U.S. government. For his work, he received the DAPRA Superior Public Service Medal, and the Results Matter Award. Prior to DARPA, he served as Program Director with the Computer and Network Systems Division in the Directorate for Computer and Information Science & Engineering (CISE) at the National Science Foundation (NSF), where he co-managed the Secure and Trustworthy Cyberspace (SaTC) program and helped initiate a number of cross-disciplinary and public-private programs. Prior to his public service tour, Dr. Keromytis was a faculty member with the Department of Computer Science at Columbia University, where he founded the Network Security Lab. Dr. Keromytis is an elected Fellow of the ACM and the IEEE. He has 53 issued U.S. patents and over 250 refereed publications. His work has been cited over 20,000 times, with an h-index of 72 and i10-index of 229. He has founded two new technology ventures, StackSafe and Allure Security Technology. He received his Ph.D. (2001) and M.Sc. (1997) in Computer Science from the University of Pennsylvania, and his B.Sc. in Computer Science from the University of Crete, Greece. He is a certified PADI Master Instructor, with over 500 dives.