Ao-Jan Su and

1
Thinning Akamai

• Ao-Jan Su and
• Aleksandar Kuzmanovic
• Department of EECS
• Northwestern University

USENIX/ACM SIGCOMM IMC 08
2
Motivation

• gt50 of online users would leave and never come
  back to a streaming site when streaming quality
  is bad (Akamais user study 07)

3
Akamais Streaming Architecture
Entry Points
Reflectors
Edge Servers
Can we degrade service to large-scale streaming
networks?
4
DNS-based Load Balancing

• DNS-based load balancing is used in both edge and
  reflector levels

Global Monitoring Infrastructure
update
feedback
DNS Server
Edge Server 1
Edge Server 2
New edge server IP
5
Web vs. Streaming

• Web
• Insensitive to bandwidth and latency
• Short-lived connections
• Server load quickly goes away
• Streaming
• Sensitive to bandwidth, jitter, and packet loss
• Long-lived connections
• Clients connect to a streaming server for
  minutes/hours

Is DNS-based load balancing resilient to DoS
attacks for streaming service?
6
Slow Load Balancing Experiment
7
Redirection Time Scales
Minimum redirection time is 20 seconds
Is minimum redirection time scale small enough
for streaming?
8
Slow Load Balancing Result
Edge server becomes overloaded
Throughput recovers
Start probing machines
DNS-based system is too slow to react to
overloaded conditions
DNS updated, stop probing machines
9
No-isolation Experiment
Live Video
Live Video
Live Video
Pay per View VoD Movie
Live Video
Live Video
10
Service Overlapping
25 of nodes observe overlap ratio gt 0.5
Would different streaming services interfere with
each other?
11
No-isolation Experiment (Live vs. VoD)
Edge server becomes overloaded
Edge server attempts to refill clients buffer
Start probing machines
DNS updated, stop probing machines
No-isolation makes it possible to DoS
Video-on-Demand service by live streaming
12
Reflector-level Experiments
Customers

• Issue How to attack reflectors?
• Challenge Information about reflectors not
  publicly available
• Approach Use edge servers as proxies
• Need mapping between edge servers and reflectors

• Facts
• Akamai gathers streams from different customers
  into channels
• Streams from the same region and the same channel
  map to the same reflector

13
Amplification Experiment
Big edge server clusters are vulnerable to
amplification attacks
Can we attack reflectors by using edge servers as
proxies?
14
Amplification Experiment
Service degradation at similar pace
It is possible to attack reflectors by using
edge servers as proxies
Bottleneck observed, stop probing machines
Start probing machines
Throughput recovery
15
Existing Countermeasures

• Stream replication
• Waste bandwidth
• Resource-based admission control
• Cant solve network or reflector bottlenecks
• Solving Puzzles
• Undermines Akamais service
• transparency

16
Our approaches

• Location-aware admission control

17
Our approaches (Cont.)

• Reducing system transparency
• Shielding administrative information
• Keep state at edge servers
• Shielding vincible IP addresses
• Virtual IP addresses
• Key issue
• Tradeoff between transparency and DoS resiliency

18
Conclusions

• Large-scale, DNS-based load balancing systems are
  known to be resilient to attacks. However, it is
  not exactly true in the case of streaming
• Identify vulnerabilities of DNS-based streaming
  service
• Slow load balancing
• No isolation
• Amplification attacks
• Provide countermeasures to raise the bar for
  attackers

19

• Thank you!

20
Backup Slides
21
Methodogy

• Protocol Windows Media Server (mms)
• Modify MiMMS software
• Setup
• Observers experimental machines
• Collect 1400 unique live streams
• assign 200 streams each to 7 experimental
  machines
• Bypass DNS redirections
• Directly connect to edge server
• Abort experiment immediately when we observe
  bottleneck conditions

22
Migration