Attacking the Hash Table based Data Structures of Flow Monitors
نویسندگان
چکیده
Aggregation modules within flow-based network monitoring tools make use of fast lookup methods to be able to quickly assign received packets to their corresponding flows. In software-based aggregators, hash tables are usually used for this task, as these offer constant lookup times under optimal conditions. The hash functions used for mapping flow keys to hash values need to be chosen carefully to ensure optimal utilization of the hash table. If attackers are able to create collisions, the hash table degenerates to linked lists with worst-case lookup times of O(n) and greatly reduce the performance of the aggregation modules. In this report, we analyze the aggregation modules of software-based flow meters Vermont and nProbe. We evaluate the resilience strength of used hash functions by theoretical analysis and confirm the results by performing real attacks.
منابع مشابه
Modular Enforcement of Information Flow Policies in Data Structures
Standard implementations of common data structures such as hash tables can leak information, e.g. the operation history, to attackers with later access to a machine’s memory. This leakage is particularly damaging whenever the history of operations performed on a data structure must remain secret, such as in voting machines. We show how unique representation—the requirement that a data structure...
متن کاملDependent Types for Enforcement of Information Flow Policies in Data Structures
Information flow policies specify how sensitive information should be contained in a system, while information erasure policies specify when such information should be removed from the system entirely. An insight of recent work is that erasure can be understood as an information flow concept: to erase is to place bounds on the information flowing from the erased data to the rest of the system. ...
متن کاملAn Improved Hash Function Based on the Tillich-Zémor Hash Function
Using the idea behind the Tillich-Zémor hash function, we propose a new hash function. Our hash function is parallelizable and its collision resistance is implied by a hardness assumption on a mathematical problem. Also, it is secure against the known attacks. It is the most secure variant of the Tillich-Zémor hash function until now.
متن کاملبهبود بهروزرسانی پایگاه داده تحلیلی نیمهآنی
Near-real time data warehouse gives the end users the essential information to achieve appropriate decisions. Whatever the data are fresher in it, the decision would have a better result either. To achieve a fresh and up-to-date data, the changes happened in the side of source must be added to the data warehouse with little delay. For this reason, they should be transformed in to the data wareh...
متن کاملFlow Monitoring in High-Speed Networks using Two Dimensional Hash Tables
Flow monitoring is a required task for a variety of networking applications including fair scheduling and intrusion/anomaly detection. However, due to the complexities of implementing efficient flow monitoring hardware, most routers do not implement hardware-based flow monitoring. Existing flow monitoring techniques are implemented in software, which cannot be utilized for realtime monitoring i...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009