Home
News
Researchers & Staff
Alumni
Teaching
Pictures
Talks
Projects
Publications
Thesis
Open Positions
How to find us
CN-Calendar
 

 
CN-Wiki
Institute of Computer Science

 
  

Counter-Flooding: DoS Protection for Public Key Handshakes in LANs

Author(s): Yves Igor Jerschow, Björn Scheuermann, Martin Mauve.
Title: Counter-Flooding: DoS Protection for Public Key Handshakes in LANs
Published: ICNS 2009: Proceedings of the Fifth International Conference on Networking and Services, Valencia, Spain, April 2009
Keyword(s):
Abstract: The majority of security protocols employ public key cryptography for authentication at least in the connection setup phase. However, verifying digital signatures is an expensive task compared to symmetric key operations and may become the target for Denial of Service (DoS) attacks, where the adversary floods the victim host with fake signature packets trying to overload it. In this paper we present counter-flooding, a new defense mechanism against DoS attacks which exploit the lack of initial address authenticity in LANs. A benign host having a signature packet addressed to a host which is currently under attack ensures the processing of its packet by flooding copies of this packet for a short period of time itself. The key idea is for the victim host to verify only a fixed number of signatures per time period without becoming overloaded and to select those packets for verification which have the largest number of duplicates. Under weak assumptions we prove that the packet from the benign host will be among them. We derive bounds for our counterflooding mechanism to succeed and perform experiments with Ethernet switches to study the bandwidth division between concurrent flows under overload conditions.
Note: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
Bib entry: [XML] [BibTeX]
Download: [PDF]

Herausgeber: Lehrstuhl für Rechnernetze
Impressum
webmaster-cn@cs.uni-duesseldorf.de 		24.05.13 23:04:48