Title :
Towards a Denial-of-Service Resilient Design of Complex IPsec Overlays
Author :
Brinkmeier, Michael ; Rossberg, Michael ; Schaefer, Guenter
Author_Institution :
Tech. Univ. Ilmenau, Ilmenau, Germany
Abstract :
By monitoring the exchanged IPsec traffic an adversary can usually easily discover the layout of virtual private networks (VPNs). Of even worse extend is the disclosure if compromised IPsec gateways are considered, for example in remote environments. This revelation enables attackers to identify vital components and may allow him to compromise the availability of the overall infrastructure by launching well-targeted denial-of-service (DoS) attacks against them. In this article we present a formal model to analyze the resilience of VPN infrastructures against DoS attacks, to estimate the impact of compromised gateways, and to formalize the planning process of more resilient infrastructures.
Keywords :
IP networks; internetworking; telecommunication security; telecommunication traffic; virtual private networks; DoS attacks; IPsec gateways; IPsec overlays; IPsec traffic monitoring; denial-of-service resilient design; virtual private networks; Communications Society; Computer crime; IP networks; Network topology; Protection; Quality of service; Remote monitoring; Resilience; Telecommunication traffic; Virtual private networks;
Conference_Titel :
Communications, 2009. ICC '09. IEEE International Conference on
Conference_Location :
Dresden
Print_ISBN :
978-1-4244-3435-0
Electronic_ISBN :
1938-1883
DOI :
10.1109/ICC.2009.5199533
