• DocumentCode
    1603862
  • Title

    Counter-Flooding: DoS Protection for Public Key Handshakes in LANs

  • Author

    Jerschow, Yves Igor ; Scheuermann, Björn ; Mauve, Martin

  • Author_Institution
    Inst. of Comput. Sci., Heinrich Heine Univ., Dusseldorf
  • fYear
    2009
  • Firstpage
    376
  • Lastpage
    382
  • Abstract
    The majority of security protocols employ public key cryptography for authentication at least in the connection setup phase. However, verifying digital signatures is an expensive task compared to symmetric key operations and may become the target for Denial of Service (DoS) attacks, where the adversary floods the victim host with fake signature packets trying to overload it. In this paper we present counter-flooding, a new defense mechanism against DoS attacks which exploit the lack of initial address authenticity in LANs. A benign host having a signature packet addressed to a host which is currently under attack ensures the processing of its packet by flooding copies of this packet for a short period of time itself. The key idea is for the victim host to verify only a fixed number of signatures per time period without becoming overloaded and to select those packets for verification which have the largest number of duplicates. Under weak assumptions we prove that the packet from the benign host will be among them. We derive bounds for our counter-flooding mechanism to succeed and perform experiments with Ethernet switches to study the bandwidth division between concurrent flows under overload conditions.
  • Keywords
    cryptographic protocols; digital signatures; local area networks; public key cryptography; telecommunication security; DoS protection; LAN; authentication; counter-flooding defense mechanism; denial-of-service attack; digital signature; public key cryptography; public key handshake; security protocol; symmetric key operation; Authentication; Computer crime; Cryptographic protocols; Digital signatures; Ethernet networks; Protection; Public key; Public key cryptography; Security; Switches; DoS countermeasures; authentication; local area networks; public key cryptography;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Networking and Services, 2009. ICNS '09. Fifth International Conference on
  • Conference_Location
    Valencia
  • Print_ISBN
    978-1-4244-3688-0
  • Electronic_ISBN
    978-0-7695-3586-9
  • Type

    conf

  • DOI
    10.1109/ICNS.2009.88
  • Filename
    4976789