On the vulnerability of hardware hash tables to sophisticated attacks

Authors:
Udi Ben-Porat;Anat Bremler-Barr;Hanoch Levy;Bernhard Plattner
Affiliations:
Computer Engineering and Networks Laboratory, ETH Zurich, Switzerland;Computer Science Dept., Interdisciplinary Center, Herzliya, Israel;Computer Science Dept., Tel-Aviv University, Tel-Aviv, Israel;Computer Engineering and Networks Laboratory, ETH Zurich, Switzerland
Venue:
IFIP'12 Proceedings of the 11th international IFIP TC 6 conference on Networking - Volume Part I
Year:
2012

Citing 11
Cited 1

Scalable high speed IP routing lookups

SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Space Efficient Hash Tables with Worst Case Constant Access Time

STACS '03 Proceedings of the 20th Annual Symposium on Theoretical Aspects of Computer Science
Cuckoo hashing

Journal of Algorithms
Building a better NetFlow

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Fast hash table lookup using extended bloom filter: an aid to network processing

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Backtracking Algorithmic Complexity Attacks against a NIDS

ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Denial of service via algorithmic complexity attacks

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
More Robust Hashing: Cuckoo Hashing with a Stash

ESA '08 Proceedings of the 16th annual European symposium on Algorithms
An Analysis of Random-Walk Cuckoo Hashing

APPROX '09 / RANDOM '09 Proceedings of the 12th International Workshop and 13th International Workshop on Approximation, Randomization, and Combinatorial Optimization. Algorithms and Techniques
Massively Parallel Cuckoo Pattern Matching Applied for NIDS/NIPS

DELTA '10 Proceedings of the 2010 Fifth IEEE International Symposium on Electronic Design, Test & Applications
The power of one move: hashing schemes for hardware

IEEE/ACM Transactions on Networking (TON)

Backscatter from the data plane - Threats to stability and security in information-centric network infrastructure

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Peacock and Cuckoo hashing schemes are currently the most studied hash implementations for hardware network systems (such as NIDS, Firewalls, etc.). In this work we evaluate their vulnerability to sophisticated complexity Denial of Service (DoS) attacks. We show that an attacker can use insertion of carefully selected keys to hit the Peacock and Cuckoo hashing schemes at their weakest points. For the Peacock Hashing, we show that after the attacker fills up only a fraction (typically 5%−10%) of the buckets, the table completely loses its ability to handle collisions, causing the discard rate (of new keys) to increase dramatically (100−1,800 times higher). For the Cuckoo Hashing, we show an attack that can impose on the system an excessive number of memory accesses and degrade its performance. We analyze the vulnerability of the system as a function of the critical parameters and provide simulations results as well.