FastPass: Providing First-Packet Delivery
作者: David G. Andersen , Adrian Perrig , Dan Wendlandt
DOI:
关键词: Software 、 Communication source 、 Network packet 、 Flooding (computer networking) 、 Public-key cryptography 、 Architecture 、 Cryptography 、 Computer science 、 Computer network
摘要: This paper introduces FastPass, an architecture that thwarts flooding attacks by providing destinations with total control over their upstream network capacity. FastPass explores extreme design point, complete resistance to directed attacks. builds upon prior work on capabilities and addresses the oft-noted problem in such schemes, a sender must first get one packet through no protection against DoS. provides cryptographic availability tokens senders routers verify before expiditing delivery. We present two variants of tokens. The uses light-weight public key cryptography is practical high-speed modest hardware additions. second symmetric hashchaining scheme easily implemented software. In sharp contrast systems, our evaluation shows hosts using can quickly communicate regardless size attack nodes.
参考文章(28)
S Shenker, H Balakrishnan, Michael Walfish, D Karger, DoS: Fighting fire with fire ,(2005)
Charles Lynn, Karen Seo, Stephen T. Kent, Joanne Mikkelson, Secure Border Gateway Protocol (S-BGP) — Real World Performance and Deployment Issues network and distributed system security symposium. ,(2000)
Ciaran Mclvor, Maire McLoone, John V McCanny, None, Fast Montgomery modular multiplication and RSA cryptographic processor architectures asilomar conference on signals, systems and computers. ,vol. 1, pp. 379- 384 ,(2003) , 10.1109/ACSSC.2003.1291939
Steven Michael Bellovin, John Ioannidis, Implementing Pushback : Router-Based Defense Against DDoS Attacks network and distributed system security symposium. ,(2002) , 10.7916/D8R78MXV
David G. Andersen, Mayday: distributed filtering for internet services usenix symposium on internet technologies and systems. pp. 3- 3 ,(2003)
Bruce S. Davie, Yakov Rekhter, Mpls: Technology and Applications ,(2000)
Luis von Ahn, Manuel Blum, Nicholas J. Hopper, John Langford, CAPTCHA: using hard AI problems for security theory and application of cryptographic techniques. pp. 294- 311 ,(2003) , 10.1007/3-540-39200-9_18
Alfred J Menezes, Paul C van Oorschot, Scott A Vanstone, Handbook of Applied Cryptography ,(1996)
John Black, Phillip Rogaway, Thomas Shrimpton, Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV Advances in Cryptology — CRYPTO 2002. pp. 320- 335 ,(2002) , 10.1007/3-540-45708-9_21
Wu-chang Feng, E. Kaiser, Wu-chi Feng, A. Luu, Design and implementation of network puzzles international conference on computer communications. ,vol. 4, pp. 2372- 2382 ,(2005) , 10.1109/INFCOM.2005.1498523