|
 ABSTRACT
Global-scale Content Distribution Networks (CDNs), such as Akamai, distribute thousands of servers worldwide providing a highly reliable service to their customers. Not only has reliability been one of the main design goals for such systems - they are engineered to operate under severe and constantly changing number of server failures occurring at all times. Consequently, in addition to being resilient to component or network outages, CDNs are inherently considered resilient to denial-of-service (DoS) attacks as well. In this paper, we focus on Akamai's (audio and video) streaming service and demonstrate that the current system design is highly vulnerable to intentional service degradations. We show that (i) the discrepancy among streaming flows' lifetimes and DNS redirection timescales, (ii) the lack of isolation among customers and services, (e.g., video on demand vs. live streaming), (iii) a highly transparent system design, (iv) a strong bias in the stream popularity, and (v) minimal clients' tolerance for low-quality viewing experiences, are all factors that make intentional service degradations highly feasible. We demonstrate that it is possible to impact arbitrary customers' streams in arbitrary network regions: not only by targeting appropriate points at the streaming network's edge, but by effectively provoking resource bottlenecks at a much higher level in Akamai's multicast hierarchy. We provide countermeasures to help avoid such vulnerabilities and discuss how lessons learned from this research could be applied to improve DoS-resiliency of large-scale distributed and networked systems in general.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
|
| |
2
|
|
| |
3
|
Akamai. http://www.akamai.com.
|
| |
4
|
End System Multicast. http://esm.cs.cmu.edu/.
|
| |
5
|
Joost. http://www.joost.com/.
|
| |
6
|
MiMMS. http://savannah.nongnu.org/projects/mimms.
|
| |
7
|
Rinera Networks. http://www.rinera.com/.
|
| |
8
|
URL Snooper. http://www.donationcoder.com/Software/Mouser/urlsnooper/index.html.
|
| |
9
|
YouTube. http://www.youtube.com/.
|
| |
10
|
Zattoo. http://zattoo.com/.
|
| |
11
|
Akamai Technologies. Akamai Media Delivery. http://www.akamai.com/html/solutions/media_delivery.html.
|
| |
12
|
Akamai Technologies. How ""Akamaization" "Works, 2000. http://www.akamai.com/html/about/press/releases/2000/press_061300.html.
|
| |
13
|
Akamai Technologies. Akamai study uncovers critical link between video quality and audience retention, revenue opportunities, 2007. http://www.akamai.com/html/about/press/releases/2007/press_080707.html.
|
 |
14
|
Konstantin Andreev , Bruce M. Maggs , Adam Meyerson , Ramesh K. Sitaraman, Designing overlay multicast networks for streaming, Proceedings of the fifteenth annual ACM symposium on Parallel algorithms and architectures, June 07-09, 2003, San Diego, California, USA
[doi> 10.1145/777412.777437]
|
| |
15
|
|
| |
16
|
Cisco Systems, Inc. Configuring server load balancing. http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfsflb.htm.
|
| |
17
|
Cisco Systems, Inc. How does load balancing work? http://www.cisco.com/warp/public/105/46.html.
|
| |
18
|
|
| |
19
|
Ellacoya Networks. Web traffic overtakes peer-to-peer (p2p) as largest percentage of bandwidth on the network, June 2007. http://www.ellacoya.com/news/pdf/2007/NXTcommEllacoyaMediaAlert.pdf.
|
| |
20
|
Christos Gkantsidis , Thomas Karagiannis , Milan VojnoviC, Planet scale software updates, Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, September 11-15, 2006, Pisa, Italy
|
| |
21
|
|
| |
22
|
L. Kontothanassis, R. Sitaraman, J. Wein, D. Hong, R. Kleinberg, B. Mancuso, D. Shaw, and D. Stodolsky. A Transport Layer for Live Streaming in a Content Delivery Network. Proceedings of the IEEE, 92(9):1408--1419, 2004.
|
| |
23
|
|
| |
24
|
J. Liu, S. G. Rao, B. Li, and H. Zhang. Opportunities and Challenges of Peer-to-Peer Internet Video Broadcast. In Proceedings of the IEEE Special Issue on Recent Advances in Distributed Multimedia Communications, 2007.
|
| |
25
|
Harsha Madhyastha , Tomas Isdal , Michael Piatek , Colin Dixon , Thomas Anderson , Arvind Krishnamurthy , Arun Venkataramani, iPlane: an information plane for distributed services, Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, p.26-26, November 06-08, 2006, Seattle, WA
|
| |
26
|
Kunwadee Sripanidkulchai , Aditya Ganjam , Bruce Maggs , Hui Zhang, The feasibility of supporting large-scale live streaming applications with dynamic application end-points, Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, August 30-September 03, 2004, Portland, Oregon, USA
|
| |
27
|
Ao-Jan Su , David R. Choffnes , Aleksandar Kuzmanovic , Fabián E. Bustamante, Drafting behind Akamai (travelocity-based detouring), Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, September 11-15, 2006, Pisa, Italy
|
| |
28
|
|
| |
29
|
Y. Zhang, Z. Mao, and J. Wang. Low-rate tcp-targeted dos attack disrupts internet routing. In Proceedings of ISOC NDSS '07, San Diego, CA, Feb. 2007.
|
CITED BY 2
|
|
Zakaria Al-Qudah , Seungjoon Lee , Michael Rabinovich , Oliver Spatscheck , Jacobus Van der Merwe, Anycast-aware transport for content delivery networks, Proceedings of the 18th international conference on World wide web, April 20-24, 2009, Madrid, Spain
|
|
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
C.4