Session management for accountability in distributed multimedia services

Internet-based multimedia applications (e.g., voice-over-IP, instant messaging, and video conferencing) are continuing to grow in importance as more people depend on such applications for personal and professional communications. Although performance is almost always a concern with multimedia systems that must satisfy quality-of-service (QoS) constraints, security is also a major requirement given the increasing criticality of such applications. For example, businesses might depend on Internet telephony to reach customers while governments might depend on video streaming to disseminate information. For distributed multimedia services, in addition to the traditional security properties (confidentiality, integrity, and availability), accountability is also important to complement perimeter defenses. Accounting for user actions within the system enables the development of higher-level security services.;This dissertation will present the Kantoku framework, which includes several different accounting mechanisms for different environments ranging from single servers to server clusters to computing clouds. Our framework focuses on distributed multimedia services deployed in such environments. In particular, we will show how our Kantoku framework can be used to address the problem of transaction state overload on multimedia servers.;The primary attack that we consider throughout this dissertation is a novel denial-of-service attack that intentionally induces transaction state overload at multimedia servers. We refer to this attack as a Ringing -based denial-of-service attack. Unlike many denial-of-service attacks that rely on an increase in the incoming traffic rate, a Ringing-based denial-of-service attack only requires an increase in the transaction durations while the incoming traffic rate does not change. Such attacks cannot be detected by protection mechanisms that monitor the network traffic for anomalies. After briefly explaining some background information on the Session Initiation Protocol, we characterize transaction state accumulation during a Ringing-based denial-of-service attack both mathematically and empirically through extensive experiments.;The first solution to preventing transaction state overload that we present is a family of early termination algorithms that selectively terminate transactions suspected of causing transaction state overload in multimedia servers. This protection mechanism relies on per-transaction accounting at a single server. The three algorithms that we developed are thoroughly evaluated in the context of Ringing-based denial-of-service attacks with experiments on a local testbed.;As an alternative to early termination, we also developed two admission control algorithms that selectively reject transaction requests from users suspected of consuming more than their fair share of transaction resources among a group of multimedia servers. This protection mechanism relies on per-client accounting across a cluster of multimedia servers. The two algorithms that we developed are thoroughly evaluated in the context of Ringing-based denial-of-service attacks with experiments on a local testbed.;For service-oriented environments, we developed a distributed accounting architecture to implement accountability for distributed multimedia services. Specifically, our accounting architecture considers per-client monitoring for accounting across a potentially large number of nodes that are geographically distributed across a wide area network, Using the distributed accounting architecture, we built a reputation-based trust management framework that allows distributed multimedia services to share and retrieve relevant trust information that can be applied to their server-side access control decisions in a customized fashion. We briefly explain how the Ringing-based denial-of-service attack problem can be reduced to a reputation-based trust management problem. We also evaluate the performance of the implementation of our trust management framework both in terms of throughput and latency.;This dissertation makes contributions in three major areas. The first area is the introduction and detailed analysis of the Ringing-based denial-of-service attack, which is a type of malicious transaction state overload that targets multimedia servers running the Session Initiation Protocol. The second area includes early termination and admission control algorithms for specifically mitigating the effects of Ringing-based denial-of-service attacks. The final area includes our distributed accounting architecture and the reputation-based trust management system that uses this accounting architecture. Although our accounting architecture and reputation-based trust management system are applicable to many general problems related to accountability, we consider how they can be applied to the problem of Ringing-based denial-of-service attacks.