CHAPTER 5 IMPLEMENTATION OF WEB-ENABLED SECURED MODEL

Transcription

1 94 CHAPTER 5 IMPLEMENTATION OF WEB-ENABLED SECURED MODEL 5.1 INTRODUCTION The web-based simulator which has been developed can be used by the users to schedule the task with any algorithm or by their own algorithm. Back end Graphical window and statistics window code are available in the web and are easy to integrate. The end users should design a front end of the simulator and integrated with the output and can view the output waveform of scheduling algorithm. Since the backend files are downloaded from web, these can be subjected to DoS attacks. Malicious users can do DoS attacks on the back end files in the network. This section describes the secured model which was developed to prevent DoS attacks in a simulator. A Location hiding approach is followed to prevent DoS attacks in our web-based simulator. 5.2 PREVENTION OF DoS ATTACKS IN WEB-BASED SIMULATOR A denial-of-service attack (DoS attack) or distributed denial-ofservice attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service

2 95 from functioning efficiently or at all, temporarily or indefinitely. Propagators of DoS attacks typically target sites or services hosted on high-profile Web servers such as banks, credit card payment gateways, and even root nameservers. One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. DoS attacks are implemented by either forcing the targeted computer to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.one step ahead, DDoS does is capable of doing more harm. With this, attacker can use the victims system to infect other connected systems or send a spam. Attacker can find a weakness in the system and can inject a malware or software which can be remotely used by using this, now attacker can make the server a slave and send spams or get access to files using its permission. Thousands of system can be targeted from a single point. Srivatsa and Liu (2009) developed a hiding of location approach to prevent DoS attacks Web-Based Secured Model to Prevent DoS Attack The proposed secured model solves the problems involving target server attacks in network by using a location hiding concept. This model has three major components Server Location mask Embedded client system

3 96 Figure 5.1 shows the block diagram of security model to prevent DoS attack in embedded real-time simulator. Embedded client Location mask Location Key Routing Guard Inference Guard Location mask Server containing web simulator files Figure 5.1 Block diagram of web-secured model When a malicious user requests the file with the intention of corrupting the simulator file located in the server, the attacker has to know the server IP address in order to perform the DoS attack on the server. The malicious user gets the server containing simulator files IP address. The malicious user can flood it with unwanted messages thereby wasting the server bandwidth and other resources. If a legitimate user tries to access the simulator files from the server, he cannot be allowed to download the files thereby not allowing the legitimate user access the server Client side The embedded client consists of logging and request process. After logging inside, any file present in the server can be requested for download. Figure 5.2 shows the client side communication mechanism and Figure 5.3 shows the file transmission from server to the client.

4 97 Embedded Client User Request File Selection Request File Figure 5.2 Client side communication Figure 5.3 File transferred from server side to client side An embedded client requests the server for a file. The location mask which is residing between server and the embedded web client. The location mask generates the location key through which the requested file is transferred back from server to the client. The file has been requested as in Figure 5.4.

5 98 public CliApp1() { super(); initializecomponent(); // // TODO: Add any constructor code after initializecomponent call // this.setvisible(true); } jtextfield1.addactionlistener(new ActionListener() { public void actionperformed(actionevent e) { jtextfield1_actionperformed(e); } }); lblfile[0].addmouselistener(new java.awt.event.mouseadapter() { public void mouseclicked(java.awt.event.mouseevent evt) { JLabel lbl1=(jlabel)evt.getsource(); calldown(lbl1.gettext()); System.out.println(lbl1.getText()); //jlabel21mouseclicked(evt); } }); lblfile[1].addmouselistener(new java.awt.event.mouseadapter() { public void mouseclicked(java.awt.event.mouseevent evt) { JLabel lbl2=(jlabel)evt.getsource(); calldown(lbl2.gettext()); System.out.println(lbl2.getText()); //jlabel21mouseclicked(evt); } }); Figure 5.4 Sample client side code for requesting file

6 Location Mask The location mask gets the request from the client and processes the client request. The location mask is used in between the client and the server. The purpose of this location mask is to hide the location of the server to everyone who accesses the file to download. The DoS attack has been avoided with the help of location hiding concept. Figure 5.5 shows location mask communication between the server and the client. Receiving Request Processing Request Requesting File Figure 5.5 Location mask communications The location mask has three major components 1. Location key 2. Routing guard 3. Inference guard. Location Key The location key is present in the location mask. The work of the location key is to get the file request from the client application and to check whether the simulator file is available on the server. Based on the availability of file in requested server, it generates 128 bit location key as shown in Figure 5.6.

7 100 Figure 5.6 Generation of location key Routing Guard The routing guard is present in the location mask. This routing guard receives the 128 bit location key. Then the request is forwarded to the server which contains the requested file. Then the location mask sends the file to the client application. Inference Guard Location inference attacks refer to those attacks wherein an adversary attempts to infer the location of a file using indirect techniques that exploit file metadata information such as file access frequency, file size and so forth. There are various ways to carry out the inference attacks, they are by lookup frequency and compromise of host based systems. The work of inference guard is to prevent the attacks in the system. The location mask has been configured by the Java program as shown in Figure 5.7.

8 101 public LocationGuard() { super(); initializecomponent(); // // TODO: Add any constructor code after initializecomponent call // this.setvisible(true); try { FileInputStream fis=new FileInputStream("FileServer1.txt"); while((ch=fis.read())!=-1) flser1+=(char)ch; flser1.trim(); FileInputStream fis1=new FileInputStream("ClientAddress.txt"); while((ch=fis1.read())!=-1) cliadd+=(char)ch; cliadd.trim(); allrec=new ServerSocket(7000); rcv=new ServerSocket(9000); sndfl=new Socket(flSer1,8000); DataOutputStream DoS=new DataOutputStream(sndFl.getOutputStream()); DoS.writeUTF(top); jlabel7.settext("transferred request to Server"); Figure 5.7 (Continued)

9 102 //JOptionPane.showMessageDialog(this,""); DataOutputStream DoS1=new DataOutputStream(resp.getOutputStream()); //JOptionPane.showMessageDialog(this,"sended"); DoS1.writeUTF(recd); jlabel7.settext("response sent to Client"); } Figure 5.7 Sample server side code Server The server is the owner of the simulator file. This server gets the request from the client through the location mask. Then the server checks with the file and sends the file to the location mask. Thus the file is downloaded into the client application. The location of the server containing simulator files is hidden from the clients and hackers by the location mask to avoid DoS. The server side communication is shown in Figure 5.8 and the file transfer is shown in Figure 5.9. Receiving Request from Routing Guard Checking File Availability Sending requested File Figure 5.8 Server side communication

10 103 Figure 5.9 Server transferring the file to client The client system requests the file from the server. The request is received by the location mask which hides the location of the actual server containing simulator files from the requesting client. The location mask generates the 128 bit location key and forwards the request to the server. When it receives the requested file from the server, it forwards the requested simulator file to the client system. By this way the actual location of the server is hidden from the client system thereby preventing DoS attacks from the client systems. This system was tested with thirty systems connected via a LAN networking and malicious user from the system is made to attack the server which contained simulator file. The implementation scenario of location mask is shown in Figure The location mask hid the location of the system in which the desired simulator file is residing from the client system thereby preventing DOS attacks

11 104 Server simulator files Location Mask Client system LAN / WAN Client system Client system Client system Figure 5.10 Implementation scenario of location mask in a Web Network 5.3 CONCLUSION This chapter explains using of location hiding approach to protect the server containing real time simulator files from DoS attacks. This websecured model receives the request from the client and transmits the simulator file to the client thereby hiding the server file location. This model is implemented with the proposed web-based simulator and this model protected the simulator files present in the server.