Resilient Networking
LV wurde für das SoSe 2020 abgesagt!
HINT
The exercise of this lecture is a reading group, where each participating student is expected to present (at least) one paper throughout the term. Due to the timing constraints we hence have to limit the number of participants of this course.
Topic
The lecture resilient networking provides an overview on the basics of secure networks as well as on current threats and respective countermeasures. Especially bandwidth-depleting Denial of Service attacks represent a serious threat. Moreover, over the last years the number of targeted and highly sophisticated attacks on company and governmental networks increased. To make it worse, as a new trend at the moment, the interconnection of the Internet with cyber physical systems takes place. Such systems, e.g., the energy network (smart grid), trans- portation systems and large industrial facilities, are critical infrastructures with severe results in case of their failure. Thus, the Internet that interconnects these systems has evolved to a critical infrastructure as well.
The lecture introduces the current state-of-the-art in the research towards resilient networks. Resilience-enhancing techniques can be generally classified in proactive and reactive methods. Proactive techniques are redundancy and compartmentalization. Redundancy allows to tolerate attacks to a certain extent, while compartmentalization attempts to restrict the attack locally and preventing its expansion across the whole system. Reactive techniques follow a three step approach by comprising the phases of detecting an attack, mitigate its impacts, and finally restore a system's usual operation.
Based upon this categorisation of resilience strategies the lecture will give an excursus to graph theorie and will introduce generic strategies to increase the resilience of networks, e.g., proactively establishing backup routes and fast restoration strategies. Furthermore, the lecture will provide an overview on BGP routing and the Domain Name Service, as two essential Internet services. Both services are presented and current attacks as well as corresponding countermeasures are described. Moreover, Denial of Service attacks and their mitigation are observed in detail as well as mechanism for increasing the resilience of P2P networks. Finally, Intrusion Detection systems are covered as mechanisms to mitigate the impacts of successful attacks.
Please register to the mailing list
Teaching Material (SS19)
Lecture Schedule
| 01.04. | Preliminaries (pdf) |
| 08.04. | Background |
| 15.04. | Background (Graphs) (pdf) |
| 22.04 | Easter Vacation |
| 29.04. | Background (Crypto) (pdf) |
| 14.05. | Routing and Routing Security (pdf) |
| 06.05. | Routing Security (ctd.) (pdf) |
| 13.05. | IPsec |
| 20.05. | Name Resolution /DNS |
| 27.05. | Name Resolution / DNS Security |
| 03.06. |
Denial of Service |
| 10.06. | Pentecost |
| 17.06. | Faculty Anniversary |
| 24.06. | Name Resolution (pdf) |
| 01.07. | Intrusion Detection (Falko Dressler - pdf) |
| 08.07. | Name Resolution Security (pdf) |
This link leads to the coursera course on crypto by Dan Boneh, as mentioned in the lecture.
Reading Group Schedules
Initial set of papers, more potentially to follow...
| 24.04. | |
|
Magoni, Damien. "Tearing down the Internet." IEEE Journal on Selected Areas in Communications 21.6 (2003): 949-960 |
08.05. |
|
Schuchard, Max, et al. "Losing control of the internet: using the data plane to attack the control plane." Proceedings of the 17th ACM conference on Computer and communications security. ACM, 2010. Cohen, Reuven, Raziel Hess-Green, and Gabi Nakibly. "Small lies, lots of damage: a partition attack on link-state routing protocols." 2015 IEEE Conference on Communications and Network Security (CNS). IEEE, 2015. |
15.05. |
| 22.05. | |
|
Herley, Cormac, and Paul C. Van Oorschot. "Sok: Science, security and the elusive goal of security as a scientific pursuit." 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 2017. |
29.05. |
|
Meza, Justin, et al. "A large scale study of data center network reliability." Proceedings of the Internet Measurement Conference 2018. ACM, 2018. "All your dns records point to us: Understanding the security threats of dangling dns records." Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2016. |
05.06. |
| Pentecost | 12.06. |
|
Smith, Jared M., and Max Schuchard. "Routing around congestion: Defeating DDoS attacks and adverse network conditions via reactive BGP routing." 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 2018. Jonker, Mattijs, et al. "Millions of targets under attack: a macroscopic characterization of the DoS ecosystem." Proceedings of the 2017 Internet Measurement Conference. ACM, 2017. |
26.06. |
|
03.07. |
|
|
Rossow, Christian. "Amplification Hell: Revisiting Network Protocols for DDoS Abuse." NDSS. 2014. "Identifying the scan and attack infrastructures behind amplification DDoS attacks." Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2016. (Read this for fun: Herwig, Stephen, et al. "Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet."Krupp, Johannes, Michael Backes, and Christian Rossow. :-) ) |
10.07. |
Template that helps reading papers (h/t: anonymous student from Darmstadt).
Collaborative Editing: https://etherpad.net/p/resilient_networking
Overview of Information
Master/Diploma Computer Science (INF-PM-ANW, INF-BAS4, INF-VERT4),
Master Media Computer Science (INF-BI-3)
Lectures and exercises
English
6th semester or later
Basic knowledge in distributed systems and IT security is recommended. The lecture is intended for master and diploma students.
Lecture: 2, exercise: 2
oral examination
- Monday, 5. DS, 14:50-16:20, APB/E010 and
- Wednesday, 5. DS, 14:50-16:20, APB/E009
- The lecture starts on Monday, April 1th, 2019!
- Einschreibung ab 21.03.2019, 8:00 Uhr!
- Studenten, die sich nicht in die LV über jExam einschreiben können, wenden sich bitte per Email ans Sekretariat (martina.gersonde@tu-dresden.de) mit folgenden Angaben:
- Name, Vorname
- Matrikel-nr
- Studiengang
- in welchem Modul wollen Sie die LV einbringen