Date of Award

1-1-2009

Document Type

Campus Access Dissertation

Department

Computer Science and Engineering

First Advisor

Chin-Tser Huang

Abstract

Online transactions are becoming more and more common nowadays. Both the availability of server and the availability of network are crucial for the transactions to go smoothly. In this dissertation we discuss soft mobility techniques used for ensuring network and data availability in the presence of Denial-of-Service (DoS) attacks. Adaptive roaming replica scheme is proposed for ensuring the availability of the data and Dynamic Early Filtering of Internet Traffic (DEFT) is proposed for ensuring the availability of network resources.

For ensuring data availability, the current common practice is to set up multiple static replicas of the data. Static replicas are commonly placed at different locations on the Internet so that users can access the data easily and quickly. However a determined attacker can shutdown the system by carrying out targeted DoS attacks. We propose an adaptive roaming replica scheme, where a small number of roaming replicas will be added and periodically moved to different locations whenever a certain number of static replicas are down. Roaming Data Moving Protocol (RDMP) is proposed for changing the location of roaming replicas and Roaming Data Discovery Protocol (RDDP) is proposed for the client to discover the location of roaming replicas. Simulation results show that by using the proposed adaptive roaming replica scheme, data availability is substantially improved under the circumstances of determined DoS attacks.

For ensuring network availability, the most widely used technique is Firewalls and Access Control Lists (ACL). These methods filter the attacking traffic at the border of the destination network. We show that these end-oriented methods are not sufficient when the amount of traffic is huge and propose a new method called Dynamic Early Filtering of Internet Traffic (DEFT) which blocks the attacking traffic as close to the source as possible. DEFT uses flow specification information which is passed to neighboring routers using BGP update messages. The experimental results show that with small overhead DEFT can effectively reduce the average transmission latency and increase the average throughput of legitimate traffic.

Share

COinS