Cited By
View all- Lee YKim D(2020)A Taxonomy for Security Flaws in Event-Based SystemsApplied Sciences10.3390/app1020733810:20(7338)Online publication date: 20-Oct-2020
The overlay scan attack: inferring topologies of distributed pub/sub systems through broker saturation
Authors: 
Leonardo Aniello, 
Roberto Baldoni, Claudio Ciccotelli, Giuseppe Antonio Di Luna, Francesco Frontali, 
Leonardo QuerzoniAuthors Info & Claims
Leonardo Aniello, Roberto Baldoni, Claudio Ciccotelli, Giuseppe Antonio Di Luna, Francesco Frontali, Leonardo QuerzoniAuthors Info & ClaimsPages 107 - 117
Abstract
While pub/sub communication middleware has become main-stream in many application domains, little has been done to assess its weaknesses from a security standpoint. Complex attacks are usually planned by attackers by carefully analyzing the victim to identify those systems that, if successfully targeted, could provide the most effective result. In this paper we show that some pub/sub middleware are inherently vulnerable to a specific kind of preparatory attack, namely the Overlay Scan Attack, that a malicious user could exploit to infer the internal topology of a system, a sensible information that could be used to plan future attacks. The topology inference is performed by only using the standard primitives provided by the pub/sub middleware and assuming minimal knowledge on the target system. The practicality of this attack has been shown both in a simulated environment and through a test performed on a SIENA pub/sub deployment.
References
[1]
Siena web site. http://www.inf.usi.ch/carzaniga/siena/.
[2]
I. Althöfer. On Optimal Realizations of Finite Metric Spaces by Graphs. Discrete Comput. Geom., 3(2):103--122, 1988.
[3]
R. Baldoni, L. Querzoni, S. Tarkoma, and A. Virgillito. Distributed Event Routing in Publish/Subscribe Communication Systems. In B. G. H. Miranda, L. Rodriguez, editor, MiNEMA State-of-the-Art. Springer Berlin/Heidelberg, February 2009.
[4]
Y. Bejerano. Taking the Skeletons Out of the Closets: A Simple and Efficient Topology Discovery Scheme for Large Ethernet LANs. In Proceedings of the 25th IEEE International Conference on Computer Communications (INFOCOM), pages 1--13, April 2006.
[5]
A. Carzaniga, M. J. Rutherford, and A. L. Wolf. A Routing Scheme for Content-Based Networking. In Proceedings of the 23rd IEEE International Conference on Computer Communications (INFOCOM), 2004.
[6]
F. Chung, M. Garrett, R. Graham, and D. Shallcross. Distance Realization Problems with Applications to Internet Tomography. Journal of Computer and System Sciences, 63(2):432--448, 2001.
[7]
J. C. Culberson and P. Rudnicki. A Fast Algorithm for Constructing Trees from Distance Matrices. Inf. Process. Lett., 30(4):215--220, Feb. 1989.
[8]
F. Dabek, R. Cox, M. F. Kaashoek, and R. Morris. Vivaldi: A Decentralized Network Coordinate System. ACM SIGCOMM, 2004.
[9]
W. H. E. Day and H. Edelsbrunner. Efficient Algorithms for Agglomerative Hierarchical Clustering Methods. Journal of Classification, 1984.
[10]
A. W. M. Dress. Trees, Tight Extensions of Metric Spaces and the Cohomological Dimension of Certain Groups: a Note on Combinatorial Properties of Metric Spaces. Adv. in Math., 53, 1984.
[11]
C. Fragouli, A. Markopoulou, and S. N. Diggavi. Topology Inference Using Network Coding. In Proceedings of the 44th Allerton Conference on Communication, Control, and Computing, volume 1, pages 771--779, September 2006.
[12]
C. Gates. Coordinated Scan Detection. In Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS), 2009.
[13]
S. L. Hakimi and S. S. Yau. Distance Matrix of a Graph and its Realizability. Quart. Appl. Math., 22:305--317, 1965.
[14]
X. Jin, W.-P. Yiu, S.-H. Chan, and Y. Wang. Network Topology Inference Based on End-to-End Measurements. IEEE Journal on Selected Areas in Communications, 24(12):2182--2195, Dec 2006.
[15]
M. S. Kang, S. B. Lee, and V. D. Gligor. The Crossfire Attack. In Proceedings of the 34th IEEE Symposium on Security and Privacy (SP), pages 127--141, Washington, DC, USA, 2013. IEEE Computer Society.
[16]
J. Ni, H. Xie, S. Tatikonda, and Y. Yang. Efficient and Dynamic Routing Topology Inference From End-to-End Measurements. IEEE/ACM Transactions on Networking, 18(1):123--135, Feb 2010.
[17]
A. Papadopoulos and Y. Manolopoulos. Structure-based Similarity Search with Graph Histograms. In Proceedings of the 10th International Workshop on Database and Expert Systems Applications, pages 174--178, 1999.
[18]
T. Schuett, A. Reinefeld, F. Schintke, and M. Hoffmann. Gossip-based Topology Inference for Efficient Overlay Mapping on Data Centers. In Proceedings of the 9th IEEE International Conference on Peer-to-Peer Computing (P2P), pages 147--150, Sept 2009.
[19]
A. Studer and A. Perrig. The Coremelt Attack. In Proceedings of the 14th European Conference on Research in Computer Security (ESORICS), pages 37--52, Berlin, Heidelberg, 2009. Springer-Verlag.
[20]
D. Stutzbach and R. Rejaie. Capturing Accurate Snapshots of the Gnutella Network. In Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM), volume 4, pages 2825--2830, March 2005.
[21]
A. Wun, A. Cheung, and H.-A. Jacobsen. A Taxonomy for Denial of Service Attacks in Content-based Publish/Subscribe Systems. In Proceedings of the 2007 Inaugural International ACM Conference on Distributed Event-Based Systems (DEBS), pages 116--127, New York, NY, USA, 2007. ACM.
Index Terms
- The overlay scan attack: inferring topologies of distributed pub/sub systems through broker saturation
Recommendations
AntiTomo: Network topology obfuscation against adversarial tomography-based topology inference
AbstractBy using tomography-based topology inference method, attackers can infer the topology of a network without the collaboration of the internal nodes in that network, which can greatly improve the efficiency of their subsequent link flood attack (...
Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption
The provisioning of basic security mechanisms such as authentication and confidentiality is highly challenging in a content-based publish/subscribe system. Authentication of publishers and subscribers is difficult to achieve due to the loose coupling of ...
A taxonomy for denial of service attacks in content-based publish/subscribe systems
DEBS '07: Proceedings of the 2007 inaugural international conference on Distributed event-based systemsDenial of Service (DoS) attacks continue to affect the availability of critical systems on the Internet. The existing DoS problem is enough to merit significant research dedicated to analyzing and classifying DoS attacks in the Internet context. However,...
Comments
Information & Contributors
Information
Published In
Copyright © 2014 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 26 May 2014
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
DEBS '14: The 8th ACM International Conference on Distributed Event-Based Systems
May 26 - 29, 2014
Mumbai, India
Acceptance Rates
DEBS '14 Paper Acceptance Rate 16 of 174 submissions, 9%;
Overall Acceptance Rate 145 of 583 submissions, 25%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 135Total Downloads
- Downloads (Last 12 months)5
- Downloads (Last 6 weeks)0
Reflects downloads up to 06 Jan 2025
Other Metrics
Citations
Cited By
View all- Lee YKim D(2020)A Taxonomy for Security Flaws in Event-Based SystemsApplied Sciences10.3390/app1020733810:20(7338)Online publication date: 20-Oct-2020
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in