US House of Representatives Speaker Nancy Pelosi’s visit to Taiwan on Aug. 3 and 4 triggered a series of retaliatory countermeasures from China that included military, diplomatic, economic and information attacks. The biggest of these was an unprecedented large-scale military exercise that covered seven areas around the nation’s waters and lasted four days.
In terms of information warfare, it was originally thought that China would levy high-visibility disruptions and damage government information systems with pre-emptive backdoor programs. Fortunately, this wave of cyberattack seemed to aim only to blockade the network services of government agencies — a denial of service (DoS) attack — rather than to damage their underlying information techology systems. Although the services of several government Web sites, including the Presidential Office and the Ministry of National Defense, were temporarily interrupted, they were able to recover quickly. Overall, the damage from this wave of cyberattack was quite minor.
The scale of the DoS attack was not particularly excessive, either. According to publicly released reports, the Web sites of government offices collectively suffered about 15,000GB of cyberattack traffic throughout the day on Aug. 2, which is 23 times as much traffic as during the heaviest previous attack in a single day.
However, a 2020 study conducted by Amazon found that the average traffic volume of the highest-end DoS attacks it experienced that year was more than 100GB per second, or about 360,000GB in one hour. Therefore, if China were to militarily launch a DoS attack against the whole nation, the scale of the attack is expected to be at least 100 times larger than what it did this time.
Suppose a network service’s maximum processing capacity is 1,000 requests per second. When a DoS attacker sends requests to this service at a rate far exceeding its processing capacity, say 5,000 requests per second, the service would be too overwhelmed to respond properly to the attacker’s requests as well as those submitted by legitimate users. Specifically, the service would first place all incoming requests that it cannot handle into a buffer area, which would quickly get filled up. It would eventually have no choice but to drop all subsequent requests, thus denying them the service.
This means that when a network service comes under a DoS attack, the solution must include the capability to discern the attacker’s requests amid all incoming requests — and then discard the attack requests as soon as possible. That is, the key to mitigate a DoS attack is the ability to distinguish, in real time, between good requests — those from legitimate users — and bad requests — those from an attacker.
Modern DoS attacks are distributed, and referred to as distributed DoS (DDoS) attacks. Their attack packets come from a large number of Internet-attached computers, which might be virtual hosts rented from public cloud service providers, or devices recruited from a for-hire botnet. Because the attack hosts could come from anywhere, it is difficult to solely use the source IP addresses of incoming requests to distinguish between attack and non-attack packets.
The most effective countermeasure against DDoS attacks today is traffic cleaning. State-of-the-art traffic cleaning technology is able to analyze the packet content of incoming requests to pick out the attack packets that exploit known vulnerabilities of specific communication protocols.
However, even traffic cleaning is still relatively powerless against the most lethal form of DDoS attack, which mounts a brute-force attack by using a very large number of properly geographically located networked computers, each submitting normal requests at a normal rate.
Fortunately, for government, e-commerce and mobile application Web sites that serve the public or consumers, and where network services directly interact with human users, as long as one could confirm that there is a human user behind a specific IP address, then all requests coming from that IP address could be considered legitimate and not part of a DDoS attack.
Therefore, protecting user-facing Web sites from DDoS attack boils down to determining whether the source IP address of an incoming request is controlled by a human being — a legitimate user — or by a program — an attacker.
A standard way to distinguish between humans and programs is known as the Turing test, which uses problems that humans can easily solve but are beyond the capability of modern AI algorithms to determine. For example, during the login process of many Web sites, users are presented with (sometimes distorted) images and asked to identify the content using alphanumeric digits. Similar tests could be used to identify attack requests during a DDoS attack.
Some people have proposed leveraging the emerging Web 3.0 architecture to defuse DoS attacks. Presumably, the intention is to apply the idea of the blockchain-like distributed database architecture to the system design of a network service, so as to enhance its overall resilience to DoS attacks. The more network nodes to which a network service is spread on, the less likely any one node failure could bring down the service. Such an argument is more applicable to cyberattacks that use malicious programs to control and thus knockout the victim’s systems.
However, that is not the way DoS attacks work. Instead, DoS attacks aim to exhaust the victim’s network service computation and bandwidth resources. Taking a fixed resource and distributing it among multiple network nodes does not change the size of the resource. A well-known weakness of blockchain is that its decentralized architecture needs tight coordination among participating nodes — it therefore incurs significant computing and communication overheads, substantially detracting the overall system performance when compared to its centralized counterpart. As a result, using the Web 3.0 architecture to defeat DoS attacks has limited value and might well be counterproductive.
Chiueh Tzi-cker is a joint appointment professor in the Institute of Information Security at National Tsing Hua University.
Recently, China launched another diplomatic offensive against Taiwan, improperly linking its “one China principle” with UN General Assembly Resolution 2758 to constrain Taiwan’s diplomatic space. After Taiwan’s presidential election on Jan. 13, China persuaded Nauru to sever diplomatic ties with Taiwan. Nauru cited Resolution 2758 in its declaration of the diplomatic break. Subsequently, during the WHO Executive Board meeting that month, Beijing rallied countries including Venezuela, Zimbabwe, Belarus, Egypt, Nicaragua, Sri Lanka, Laos, Russia, Syria and Pakistan to reiterate the “one China principle” in their statements, and assert that “Resolution 2758 has settled the status of Taiwan” to hinder Taiwan’s
Singaporean Prime Minister Lee Hsien Loong’s (李顯龍) decision to step down after 19 years and hand power to his deputy, Lawrence Wong (黃循財), on May 15 was expected — though, perhaps, not so soon. Most political analysts had been eyeing an end-of-year handover, to ensure more time for Wong to study and shadow the role, ahead of general elections that must be called by November next year. Wong — who is currently both deputy prime minister and minister of finance — would need a combination of fresh ideas, wisdom and experience as he writes the nation’s next chapter. The world that
Can US dialogue and cooperation with the communist dictatorship in Beijing help avert a Taiwan Strait crisis? Or is US President Joe Biden playing into Chinese President Xi Jinping’s (習近平) hands? With America preoccupied with the wars in Europe and the Middle East, Biden is seeking better relations with Xi’s regime. The goal is to responsibly manage US-China competition and prevent unintended conflict, thereby hoping to create greater space for the two countries to work together in areas where their interests align. The existing wars have already stretched US military resources thin, and the last thing Biden wants is yet another war.
Since the Russian invasion of Ukraine in February 2022, people have been asking if Taiwan is the next Ukraine. At a G7 meeting of national leaders in January, Japanese Prime Minister Fumio Kishida warned that Taiwan “could be the next Ukraine” if Chinese aggression is not checked. NATO Secretary-General Jens Stoltenberg has said that if Russia is not defeated, then “today, it’s Ukraine, tomorrow it can be Taiwan.” China does not like this rhetoric. Its diplomats ask people to stop saying “Ukraine today, Taiwan tomorrow.” However, the rhetoric and stated ambition of Chinese President Xi Jinping (習近平) on Taiwan shows strong parallels with