Self-Routing Denial-of-Service Resistant Capabilities Using In-packet Bloom Filters
作者: Christian Esteve Rothenberg , Petri Jokela , Pekka Nikander , Mikko Sarela , Jukka Ylitalo
关键词:
摘要: In this paper, we propose and analyze an in-packet Bloom-filter-based source-routing architecture resistant to Distributed Denial-of-Service attacks. The approach is based on forwarding identifiers that act simultaneously as path designators, i.e. define which the packet should take, capabilities, effectively allowing nodes along enforce a security policy where only explicitly authorized packets are forwarded. compact representation small Bloom filter whose candidate elements (i.e. link names) dynamically computed at time using loosely synchronized time-based shared secret additional flow information (e.g., invariant contents). capabilities thus expirable flow-dependent, but do not require any per-flow network state or memory look-ups, have been traded-off for additional, though amenable, per-packet computation. Our preliminary analysis suggests self-routing can be effective building block towards DDoS-resistant architectures.
sci-hub.se 参考文章(23)
Sasu Tarkoma, Mikko Särelä, Teemu Rinta-Aho, RTFM: Publish/Subscribe Internetworking Architecture ,(2008)
David G. Andersen, Adrian Perrig, Dan Wendlandt, FastPass: Providing First-Packet Delivery ,(2006)
Hemant Gogineni, David A. Maltz, Zheng Cai, T. S. Eugene Ng, Hong Yan, Hui Zhang, Tesseract: a 4D network control plane networked systems design and implementation. pp. 27- 27 ,(2007)
Scott Shenker, Jennifer Rexford, Karthik Kalambur Lakshminarayanan, Ion Stoica, Routing as a Service ,(2006)
Arvind Krishnamurthy, Thomas Anderson, Colin Dixon, Phalanx: withstanding multimillion-node botnets networked systems design and implementation. pp. 45- 58 ,(2008)
Luis von Ahn, Manuel Blum, Nicholas J. Hopper, John Langford, CAPTCHA: using hard AI problems for security theory and application of cryptographic techniques. pp. 294- 311 ,(2003) , 10.1007/3-540-39200-9_18
Dan Boneh, Nick McKeown, Scott Shenker, Tal Garfinkel, Michael J. Freedman, Martin Casado, Aditya Akella, SANE: a protection architecture for enterprise networks usenix security symposium. pp. 10- ,(2006)
Bryan Parno, Adrian Perrig, Dave Andersen, SNAPP: stateless network-authenticated path pinning computer and communications security. pp. 168- 178 ,(2008) , 10.1145/1368310.1368336
Dorothy E. Denning, Giovanni Maria Sacco, Timestamps in key distribution protocols Communications of The ACM. ,vol. 24, pp. 533- 536 ,(1981) , 10.1145/358722.358740
Thomas Wollinger, Jorge Guajardo, Christof Paar, Security on FPGAs: State-of-the-art implementations and attacks ACM Transactions in Embedded Computing Systems. ,vol. 3, pp. 534- 574 ,(2004) , 10.1145/1015047.1015052