The Crossfire attack [IEEE S&P’13] cuts off network connections to a variety of attacker-chosen Internet hosts (e.g., servers of an enterprise, a city, a state, or a small country) by flooding only a few network links in the backbone of the Internet. We demonstrated via Internet- scale experiments that the Crossfire attack can cause massive connectivity losses; e.g., it disables up to 53% of the total number of Internet connections of some US states, and up to about 33% of all the connections of the West Coast of the US. Crossfire differs from other traditional attacks in the following aspects: it is scalable to large numbers of hosts since it floods a set of few common network links that are shared by a large number of hosts beyond them; it maintains its attack effectiveness persistently (e.g., hours or days) because it is adaptive to defense strategies and its traffic flows are indistinguishable from legitimate ones.
- Min Suk Kang, Soo Bum Lee, and Virgil D. Gligor. “The Crossfire Attack.” In Proceedings of IEEE Symposium on Security and Privacy (IEEE S&P), May 2013.
We investigated the fundamental vulnerabilities of the Internet that make the Crossfire attack possible and highly effective. We performed large-scale Internet measurement study and defined the notion of Routing Bottlenecks of the Internet [ACM CCS’14]. A routing bottleneck of a certain set of hosts (e.g., cloud service, city, or country) is the small set of network links that carry the vast majority (e.g., 7-80%) of Internet routes towards the hosts, which makes them potentially vulnerable to the Crossfire attack. The measurements showed the existence of the routing bottlenecks in 30 countries and major cities around the world. Interestingly, it has shown that the cost minimization of Internet routing and network structure is the main cause of the routing bottlenecks, which is a very desirable feature of Internet routing.
- Min Suk Kang and Virgil D. Gligor. “Routing Bottlenecks in the Internet: Causes, Exploits, and Countermeasures.” In Proceedings of ACM Conference on Computer and Communications Security (CCS), November 2014.
CoDef: Collaborative Defense
We develop a defensive mechanism, called CoDef [CoNEXT’13], that provides bandwidth guarantees to legitimate users when transit networks are under link-flooding attacks, such as Crossfire. CoDef enables collaboration among different networks to detect and filter the legitimate-looking attack traffic by testing the bots via routing conformance test.
- Soo Bum Lee, Min Suk Kang, and Virgil D. Gligor. “CoDef: Collaborative Defense Against Large-Scale Link-Flooding Attacks.” In Proceedings of ACM Conference on emerging Networking EXperiments and Technologies (CoNEXT), December 2013.
Spiffy: Inducing Cost-Detectability Tradeoffs
We developed a defense mechanism, called SPIFFY [NDSS’16], that aims for deterring cost-sensitive, rational denial-of-service attackers. Recognizing the big cost advantage of attackers over their defenders (e.g., cost of generating attack bandwidth is orders of magnitude lower than provisioning the same bandwidth at the target), we designed the SPIFFY mechanism that reduces the attack-defense cost asymmetry. SPIFFY exploits software-defined networking (SDN) to dynamically test large number of denial-of-service bots, ultimately forcing the attacker to spend significantly more attack budget.
- Min Suk Kang, Virgil D. Gligor, and Vyas Sekar. “SPIFFY: Inducing Cost-Detectability Tradeoffs for Persistent Link-Flooding Attacks.” In Proceedings of Network and Distributed System Security Symposium (NDSS) (To Appear), February 2016.
Cellular network security
We developed a selfish resource-consumption attack that allows malicious mobile users to consume unfair amount of cellular radio resources and thus potentially launch denial-of-service attacks to other legitimate users [WiSec’13]. The attack exploits the fundamental vulnerabilities of a state-of-the-art resource management technique, called the multi-cell cooperation, which coordinates multiple cell sites in different locations to serve a particular mobile user. In this attack, malicious mobile users can easily manipulate the channel state measurements and force the cellular system to waste radio resources by conducting unnecessary multi-cell cooperations.
- Shrikant Adhikarla, Min Suk Kang, and Patrick Tague. “Selfish Manipulation of Cooperative Cellular Communications via Channel Fabrication.” In Proceedings of ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), April 2013.
DNS is a particularly attractive target protocol for large-scale surveillance for several reasons: DNS queries are small in size but full of private information (i.e., who tries to access what service); they are used in virtually all Internet services; and they are mostly unencrypted. To protect DNS queries against privacy attacks, several proposals have been made to encrypt DNS queries by default. However, the query encryption alone actually does not significantly improve the domain name privacy. To guarantee user privacy without breaking the current ecosystem, we propose a mechanism, which utilizes cooperative name resolution operations and guarantees the unobservability and/or unlinkability of domain names.
Please visit the list of full publications for my past research on cognitive ratios, sensor networks, cooperative cellular networks, etc.