On the use and performance of content distribution networks
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Designing overlay multicast networks for streaming
Proceedings of the fifteenth annual ACM symposium on Parallel algorithms and architectures
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Drafting behind Akamai (travelocity-based detouring)
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
iPlane: an information plane for distributed services
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Measuring load-balanced paths in the internet
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
ICNP '06 Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols
Phalanx: withstanding multimillion-node botnets
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Anycast-aware transport for content delivery networks
Proceedings of the 18th international conference on World wide web
MetaCDN: Harnessing 'Storage Clouds' for high performance content delivery
Journal of Network and Computer Applications
Content delivery networks: protection or threat?
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Measuring a commercial content delivery network
Proceedings of the 20th international conference on World wide web
Juno: A Middleware Platform for Supporting Delivery-Centric Applications
ACM Transactions on Internet Technology (TOIT)
Hi-index | 0.00 |
Global-scale Content Distribution Networks (CDNs), such as Akamai, distribute thousands of servers worldwide providing a highly reliable service to their customers. Not only has reliability been one of the main design goals for such systems - they are engineered to operate under severe and constantly changing number of server failures occurring at all times. Consequently, in addition to being resilient to component or network outages, CDNs are inherently considered resilient to denial-of-service (DoS) attacks as well. In this paper, we focus on Akamai's (audio and video) streaming service and demonstrate that the current system design is highly vulnerable to intentional service degradations. We show that (i) the discrepancy among streaming flows' lifetimes and DNS redirection timescales, (ii) the lack of isolation among customers and services, (e.g., video on demand vs. live streaming), (iii) a highly transparent system design, (iv) a strong bias in the stream popularity, and (v) minimal clients' tolerance for low-quality viewing experiences, are all factors that make intentional service degradations highly feasible. We demonstrate that it is possible to impact arbitrary customers' streams in arbitrary network regions: not only by targeting appropriate points at the streaming network's edge, but by effectively provoking resource bottlenecks at a much higher level in Akamai's multicast hierarchy. We provide countermeasures to help avoid such vulnerabilities and discuss how lessons learned from this research could be applied to improve DoS-resiliency of large-scale distributed and networked systems in general.