1. Protecting Web Services from
DDOS Attacks
T.Ponraj MCA,
Research Assistant ,
Pondicherry University ,
Puducherry.

2. Web services
• Software components that can be published,
located, and run over the Internet using Extensible
Markup Language (XML).
• A web service is a software application that works
over the internet.
• A web service is service-oriented application that
communicates over the web using messages
• The web service is also a software, with its own
class and methods .

3. Working of web service
 A request by the client application constitutes
construction and sending a SOAP request using
HTTP to the web server.
 For a web service to work, the computer has to be
connected to the internet.
 The web server hosts the class and its methods of a
web service, for a client computer to request and
use.
 Any client computer located any where in the world,
with an internet connection can request and use the
class and its methods of the web service.

4. Web Service Technologies
A web service is service-oriented application that
communicates over the web using messages.
 The Web
 XML
 SOA

5. Web Service Roles
Service provider :-
Who develops or supplies the service.
Service consumer (or) Requester :-
Who uses the service.
Service broker :-
Facilitates the advertising and discovery process.

6. Operation on web service
Register :-
The service provider registers the service with a
service broker.
Find :-
The service broker gives the service consumer
directions on how to find the service and its service
contract .
Bind :-
The service consumer uses the contract to bind the
client to the service, at which point the client and service
can communicate.

7. Web Service Standards
WSDL :-
WSDL provides a mechanism to describe a Web
service.
UDDI :-
UDDI provides a mechanism to advertise and
discover a Web service.
SOAP:-
SOAP provides a mechanism for clients and
services to communicate.

8. Functional SOA
FIND

9. Denial Of Service
 The prevention of authorized access to resources or the
delaying of time critical operations.
 Targets for a DoS attack include the communications
bandwidth, memory buffers, computational resources,
the network protocol or application processing logic of
the victim, or any systems on which the victim depends
for delivering service e.g. the domain name system
(DNS) or credit card payment service.

10. DOS in Web Services
• WS messages are expressed using the XML
technology, which itself contains DoS vulnerabilities,
these extend to WS applications.
• The loosely-coupled nature of WS applications means
that clients need access to application metadata in
order to invoke services.
• The authentication of each and every request can itself
be exploited by attackers due to the heavy processing
required by some authentication systems, especially
those based on public-key cryptography.

11. Literature Survey
• Paper # 1 : “Protecting Web Services from DDOS
attacks by SOAP message validation”
• Paper # 2 : “Defending Web Services against DOS
attacks using Client puzzles”
• Paper # 3 : “Validating DOS vulnerabilities in Web
Services”, Sep 2010.
• Paper # 4 : “JXTA & Web Services using Secret key
based Encryption”

12. Paper # 1 : SOAP Validation
 Attacks :-
1. Protocol Deviation Attack
2. Resource Exhaustion
 Result :-
 CheckWay Gateway
 Author :-
Nils Gruschka
Norbert Luttenberger
Christian-Albrecht's-University of Kiel

13. 1.1. Protocol Deviation Attacks
 Protocol Deviation Attacks exploit vulnerabilities in
implementations of protocol processing entities.
 In some cases a single packet that diverges from
the intended protocol flow can make the attacked
system crash.
 A well-known example is Ping of Death.

14. 1.2. Resource Exhaustion
 Resource Exhaustion attacks consume the
resources necessary to provide the service
(network bandwidth, memory and computation
resources).
 The simplest attack produces an extremly high
network traffic load to the system providing the
service.
 A well-known example is Dump Flooding.

15. 2.1 Results
 CheckWay Gateway is an XML validation engine,
which validates the SOAP message to the
appropriate schemas.
 If the validation is successful, the SOAP message
is forwarded.
 SOAP messages containing an ”unlimited” number
of elements do not match the (hardened) schema
and are rejected.

16. 2.1 CheckWay Web Service Firewall

17. Paper # 2 : Client Puzzles
 Attacks :-
1. Flooding Attack
2. Semantic Attack (or)
Heavy Cryptography Attack
 Result :-
 Client Puzzles
 Author :-
Suriadi Suriadi , Dougles Stebila ,
Andrew Clark And Hua Liu .
Queensland University of Technology ,
Australia.

18. 2.1. Flooding Attack
 This attack attempts to exhaust a server’s
resources by sending a large amount of
legitimate requests.
 An attack cannot be detected by relying on a
signature-based XML firewall.
 An attack is mitigated through some forms of
lower network layer packet analysis, such as IP
address analysis.

19. 2.2. Semantic Attack
 It is the heavy cryptographic processing attack in
which an attacker sends a payload with an
oversized WS-Security header containing many
cryptographic elements.
 The goal is to overload the server’s resources,
either through parsing a large security header or by
forcing the server to process the numerous
cryptographic directives.

20. 2.3. Result
• Client puzzles, also called proofs of work, can be used
to counter resource-depletion denial of service attacks.
• Before a server is willing to perform some
computationally expensive operation, it requires that
the client commit some of its own resources and solve
some moderately hard puzzle.
• The most commonly proposed type of client puzzle is a
hash-based computation-bound puzzle, in which a
client is required to find a partial preimage in a
cryptographic hash function.
H(C;NS;NC;X) = 0 … 0 || Y
d
H - Cryptography Hash Function , C - Client ,
NS - Server Nonce , CS - Client Nonce , X - Client Solution
d - Bits , Y - String .

21. The client puzzle protocol
Server
Client
Service request R
Request puzzle
Result puzzle
O.K. Buffer

22. Paper # 3 : Validating DOS
 Attacks :-
1. Deeply-Nested XML
2. WSDL Flooding
3. Heavy Cryptographic Processing
4. Malformed External Schema
Referencing
 Result :-
 SNMP
 MIB
 Author :-
Suriadi Suriadi , Andrew Clark And
Desmond Schmidt .
Queensland University of Technology ,
Australia.

23. 3.1. Deeply – Nested XML
 This type of attack exploits the SOAP format,
which allows the embedding of excessively nested
XML in the message body.
 The SOAP message is then sent to a WSprovider.
 The goal is to force the XML parser within the
service to exhaust the memory resources of the
host system by processing numerous deeply-
nested documents, and so cause a denial of
service.

24. 3.2. WSDL Flooding
 WSDL specifications are in most cases publicly
accessible, access is often unauthenticated.
 As a result, a brute force DoS attack could be
initiated by sending a large number of WSDL
requests.

25. 3.3. Heavy Cryptographic Processing
 The SOAP message also allows for multiple
signature blocks to be included within a SOAP
header.
 Therefore, an attacker could craft a SOAP message
containing only one <wsse:Security> header block,
but with a large number of <ds:Signature> elements.
 To process every <ds:Signature> element, resulting
in CPU exhaustion, since the signature verification
process involves heavy public key cryptographic
processing. A similar attack also targets message
encryption.

26. 3.4.Malformed external Schema Referencing
 The syntax of an XML schema specification allows a
document to reference an externally defined XML
namespace.
 An XML parser may then attempt to contact the
referenced location to obtain the schema.
 This attribute of XML processing can result in various
types of DoS. One type of attack references a
malformed schema.
 In another type of attack a malicious provider may
point to a bogus schema location that instead causes
the parser to retrieve a large or malicious payload.

27. 3.5. Results
• The Network Interface Card may be saturated
with traffic and the available CPU and memory
resources may be very limited.
Two interface cards :-
 Attack Network
 Monitoring Network
• The monitoring network carries no attack traffic,
only monitoring requests, it is available for
measuring the performance of the target
machine.
• The monitoring technology used was the Simple
Network Management Protocol (SNMP).

28. Experimental DOS Testbed

29. Paper # 4 : Secret Key based
Encryption
 Aim :-
To develop a distributed service discovery
mechanism.
 Result :-
 RSA
 AES
 Author :-
Sabiha Hossain , Upama Kabir ,
Shaila Rahman And Aloke Kumar Saha .
University Of Asia pacific (UAP) ,
Dhaka, Bangladesh .

30. 4.1 Abstract
 JXTA is a P2P (Peer-to-Peer) Semantic Web application.
 The aim of this thesis will be to develop a distributed
service discovery mechanism.
 JXTA's P2P provides perfect solution for Web Service
discovery and Algorithm for Web Service Security.
 An implementation using an algorithm for web service
security by using RSA Cryptographic Library and AES
Encryption technology.
 It focuses on peer-to-peer as a method to combine Web
Services and mobile ad hoc networks and to use JXTA
as peer-to-peer platform.

31. 4.2 JXTA Protocols
• JXTA technology is a set of protocols.
• Each protocol is defined by one or more messages
exchanged among participants of the protocol.
• Each message has a pre-defined format.
• It is akin to TCP/IP.
• Peer Discovery Protocol
• Peer Resolver Protocol
• Peer Information Protocol
• Peer Membership Protocol
• Pipe Binding Protocol
• Endpoint Routing Protocol

32. 4.3. JXTA Architecture

33. 4.4. Service Invocation from a JXTA
Network
Client Application Service
Encrypted Decrypt &
JAX-WS Authenticate JAX-WS
User Info User Info
pipe
Pipe
JXTA
JXTA
JXTA Message
SOAP

34. 4.5. Web Service Security
• RSA Encryption :-
Ron Rivest, Adi Shamir, and Len Adleman
developed the public key encryption scheme that
is now known as RSA .
• AES :-
The Advanced Encryption Standard (AES) is a
symmetric-key encryption standard adopted by
the U.S. government.

35. 4.6. Encryption Decryption Procedure
 Client
• RSA Signing Private Key
• RSA Exchange Public
 Server
• RSA Signing Public Key
• RSA Exchange Private Key
 Secure Login (Single Sign on or Secure Login).

36. References
• “Defending Web Services Against Denial of Service Attacks Using
Client Puzzles” Suriadi Suriadi, Douglas Stebila, Andrew Clark, and
Hua Liu. Information Security Institute, Queensland University of
Technology Brisbane, Queensland, Australia.
• “Validating Denial of Service Vulnerabilities in Web Services” Suriadi
Suriadi, Andrew Clark, and Desmond Schmidt .Information Security
Institute Queensland University of Technology Brisbane,
Queensland, Australia.
• “JXTA & Web Services Using Secret Key Based Encryption” Sabiha
Hossain, Upama Kabir, Shaila Rahman and Aloke Kumar Saha.
• “Protecting Web Services from DDOS attacks by SOAP message
validation” Nils Gruschka ,Norbert Luttenberger, Christian-
Albrecht's-University of Kiel.
• “Web Service Security Management Using Semantic Web
Techniques” Diego Zuquim Guimarães Garcia , Maria Beatriz Felgar
de Toledo , University of Campinas ,POB 6176 – Postal Code
13.084-971 ,Campinas, SP, Brazil.

37. Thank You