Denial of Service Attacks using Content Delivery Networks

No Thumbnail Available

URL

Journal Title

Journal ISSN

Volume Title

School of Science | Master's thesis

Date

2024-11-18

Department

Major/Subject

Security and Cloud Computing

Mcode

Degree programme

Master's Programme in Security and Cloud Computing

Language

en

Pages

54

Series

Abstract

Content Delivery Networks (CDNs) have become an essential part of web applications. CDNs are employed to improve website availability, and they have many additional benefits, one of which is to protect against Distributed Denial of Service (DDoS) attacks. However, the complexity added by introducing CDN as a middle layer in the internet infrastructure results in new vectors for Denial of Service (DoS) attacks. This thesis work investigates the security status of DoS attacks that take advantage of CDN infrastructure. Our work replicates known attacks and contributes open-source implementations, allowing CDN providers and clients to evaluate their vulnerability to these attacks. Moreover, this thesis introduces the CDN-Convex HTTP/2 attack, a novel pulsing attack that causes short-term network connection resource exhaustion. Additionally, this thesis has discovered a gap in the current literature, showing that it is not possible to simultaneously mitigate CDN-Convex and Pre-POST Slow HTTP attacks.

Description

Supervisor

Aura, Tuomas

Thesis advisor

Gligoroski, Danilo
Martin-Navarro, Jose Luis

Keywords

conten delivery network, denial of service, network security, slow attack, pulsing attack, amplification attack

Other note

Citation