Towards DoS-resistant distributed information systems

Denial-of-service (DoS) attacks are one of the biggest threats in the Internet. The predominant approaches to deal with DoS-attacks are to use filtering, redundancy and information hiding. However, against an insider, all of these mechanisms might be useless. I will present strategies for scalable distributed information systems that are nevertheless robust against Denial-of-Service (DoS) attacks by an insider as long as the insider cannot block more than a constant fraction of the servers. Since that insider is allowed to know *everything* about the system, cryptographic hash functions or randomization do not help to distribute the data in an unpredictable way. Hence, it appears that a huge redundancy is necessary so that no data item becomes inaccessible during the DoS attack. Interestingly, it turns out that when using coding, a redundancy of less than log n is already sufficient to serve any collection of lookup requests in a fast and reliable way, even during a DoS attack of an insider.

This is joint work with Martina Eikel. A paper detailing the construction will appear at SPAA 2013.