Home Web information Web 3.0 is not a solution to DoS attacks

Web 3.0 is not a solution to DoS attacks

0
  • By Chiueh Tzi-cke 闕志克

The visit of US House of Representatives Speaker Nancy Pelosi to Taiwan on August 3-4 triggered a series of retaliatory countermeasures from China, including military, diplomatic, economic, and economic attacks. and information. Chief among them was an unprecedented large-scale military exercise that covered seven areas around the country’s waters and lasted four days.

In terms of information warfare, it was originally thought that China would impose high-visibility disruptions and damage government information systems with preemptive backdoor programs. Fortunately, this wave of cyberattacks appeared to be aimed solely at blocking government agencies’ network services – a denial of service (DoS) attack – rather than damaging their underlying computer systems. Although the services of several government websites, including the Presidential Office and the Ministry of National Defense, were temporarily interrupted, they were able to resume quickly. Overall, the damage caused by this wave of cyberattacks was quite minor.

The scale of the DoS attack was also not particularly excessive. According to publicly available reports, government office websites collectively suffered around 15,000 GB of cyberattack traffic throughout the day on August 2, 23 times more traffic than during the previous heaviest attack in a single day.

However, a 2020 study conducted by Amazon found that the average traffic volume of the most advanced DoS attacks it experienced that year was over 100 GB per second, or about 360,000 GB in an hour. Therefore, if China were to militarily launch a DoS attack against the whole nation, the scale of the attack would have to be at least 100 times greater than what it did this time around.

Suppose the maximum processing capacity of a network service is 1000 requests per second. When a DoS attacker sends requests to this service at a rate far exceeding its processing capacity, say 5,000 requests per second, the service would be too overwhelmed to properly respond to the attacker’s requests as well as those submitted by legitimate users. Specifically, the service would first place all incoming requests that it cannot process into a buffer zone, which would quickly fill up. He would ultimately have no choice but to drop all further requests, thereby denying them service.

This means that when a network service is under DoS attack, the solution must include the ability to discern the attacker’s requests among all incoming requests, and then reject the attack requests as soon as possible. In other words, the key to mitigating a DoS attack is the ability to distinguish, in real time, between good requests – those of legitimate users – and bad requests – those of an attacker.

Modern DoS attacks are distributed and called distributed DoS attacks (DDoS). Their attack packets come from large numbers of Internet-connected computers, which can be virtual hosts rented from public cloud service providers or devices recruited from a botnet for rent. Because attack hosts can originate from anywhere, it is difficult to use only the source IP addresses of incoming requests to distinguish between attack packets and others.

The most effective countermeasure against DDoS attacks today is traffic scrubbing. State-of-the-art traffic scrubbing technology is able to analyze the packet content of incoming requests to identify attack packets that exploit known vulnerabilities in specific communication protocols.

However, even traffic scrubbing is still relatively powerless against the deadliest form of DDoS attack, which mounts a brute-force attack using a very large number of geographically well-located networked computers, each submitting normal requests at a normal pace.

Fortunately, for government, e-commerce, and mobile application websites that serve the public or consumers, and where network services interact directly with human users, as long as it can be confirmed that there is a user human behind a specific IP address, then all requests from that IP address could be considered legitimate and not part of a DDoS attack.

Therefore, protecting user-facing websites from DDoS attacks comes down to determining whether the source IP address of an incoming request is controlled by a human – a legitimate user – or by a program – an attacker.

A standard way to distinguish between humans and programs is known as the Turing test, which uses problems that humans can easily solve but are beyond the ability of modern AI algorithms to determine. For example, during the login process of many websites, users are presented with (sometimes distorted) images and asked to identify the content using alphanumeric numbers. Similar tests could be used to identify attack requests during a DDoS attack.

Some people have proposed leveraging the emerging Web 3.0 architecture to defuse DoS attacks. Presumably, the intention is to apply the idea of ​​blockchain-like distributed database architecture to the system design of a network service, to improve its overall resilience to DoS attacks. The more network nodes over which a network service is extended, the less likely it is that a failure of one node can interrupt the service. Such an argument applies more to cyberattacks that use malware to control and therefore knock out the victim’s systems.

However, this is not how DoS attacks work. Instead, DoS attacks aim to exhaust the compute and bandwidth resources of the victim’s network service. Taking a fixed resource and distributing it among multiple network nodes does not change the size of the resource. A well-known weakness of blockchain is that its decentralized architecture requires close coordination between participating nodes – it therefore incurs significant computational and communication overhead, which significantly impairs overall system performance compared to its centralized counterpart. Therefore, using the Web 3.0 architecture to defeat DoS attacks has limited value and may well be counterproductive.

Chiueh Tzi-cker is a full professor at the Institute of Information Security, National Tsing Hua University.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. The final decision will be at the discretion of the Taipei Times.