Many
client-server systems on the Internet are susceptible to Denial of Service
(DoS) attacks. This thesis presents Beaver - a client-server
architecture that is robust against DoS attacks. Its main purpose is to protect
client-server communication from DoS attacks, especially from flooding it with
messages. Beaver employs two DoS-protection mechanisms: one for admission of new
client sessions, and another for protecting ongoing sessions. The former uses
dedicated admission servers (ADMs). The use of ADMs takes the admission load
off the server, so that the server is not concerned with DoS attacks on clients
trying to be admitted into the system. The latter is Φ-Hopper - a
two-party communication protocol that mitigates DoS attacks by filtering
packets. Φ-Hopper protects client-server communication sessions from DoS
attacks, but does not authenticate the communication by itself. Φ-Hopper
only provides dynamic filtering and rate-limiting facilities. Together, the
ADMs and Φ-Hopper are very effective against DoS attacks. At the first
stage, we design and implement a Φ-Hopper. Our implementation extends a
Linux kernel's IPSec implementation. IPSec (IP Security) is a suite of protocols for
securing Internet
Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream. The
implementation is followed by experiments, which investigate the influence of
attacking power on systems with and without our protection. Next, we design and
implement a rate-limiting mechanism also by extending Linux kernel's IPSec
implementation. Next, we design and implement the admission server. Finally, we
build the whole system by putting all parts together, and
by running experiments, we show that the system is robust even when DoS attacks
and compromised clients are present.
