CDN on Demand: Affordable DDoS Defense using Untrusted IaaS-Clouds
Yossi Gilad came to give a talk at the MIT on using untrusted IaaS clouds to prevent DDoS attacks, which was published in NDSS 2016. I will outline some keys points in his talk, but for more information, I refer you to his paper.
Many websites use content delivery networks (CDNs) as a form of denial of service (DoS) defense. They distribute content across multiple, geo-distributed proxies. CDNs allow for a high-bandwidth, distributed, and scalable infrastructure, but there are still a few problems.
First is cost. It is expensive for CDNs to provide continuous, full service. Second is key management. For HTTPS sites, the website has to provide its secret key to the CDN, but a CDN might be compromised or malicious. Finally, there is a tradeoff between cost and trust. More trusted CDNs, like Akamai and Amazon, are more expensive than less trusted CDNs, like CDN77. The question is if they can build a secure, low-cost CDN-based DoS defense.
The goals are to build a CDN system built on multiple low-cost IaaS clouds, and deploy only when and where they are needed. The system should have object level security and does not have to share its keys with the CDN. Finally, they want this to be a software package rather than third-party service (open source).
The key idea is the use of clientless authenticated objects. They store static “authenticated objects” on untrusted proxies. This way, the website does not have to share private keys and complements the TLS network level protection. However, this avoids changes to the client but allows for flexibility in an “on-demand” system because it allows for cheaper, less trusted crowds and allows the system to switch between clouds.
What about private content? The website needs to establish a user key on authentication and use the content origin as an authentication oracle. They store private web objects encrypted, and each object is associated with a unique symmetric key. They also have a loss-resilient tunnel that tunnels packets between content-origin and proxies over UDP that uses network coding to ensure delivery even in situations with high packet loss.
Here is asummary of their results:
- Handle thousands of clients simultaneously
- DoS attacks and flash-crowds have limited effect
- Fraction of the cost of commercial CDN defenses
For more details about their results and other components of the system, I refer you to their paper. This is interesting work that allows web services to deploy their website on CDNs more cheaply because they do not have to pay a premium for using a less trusted CDN.
