Denial-of-Service Attacks in Bloom-Filter-Based Forwarding

Author

Antikainen, Markku ; Aura, Tuomas ; Sarela, Mikko

Author_Institution

Sch. of Sci., Aalto Univ., Espoo, Finland

Volume

22

Issue

5

fYear

2014

fDate

Oct. 2014

Firstpage

1463

Lastpage

1476

Abstract

Bloom-filter-based forwarding has been suggested to solve several fundamental problems in the current Internet, such as routing-table growth, multicast scalability issues, and denial-of-service (DoS) attacks by botnets. The proposed protocols are source-routed and include the delivery tree encoded as a Bloom filter in each packet. The network nodes forward packets based on this in-packet information without consulting routing tables and without storing per-flow state. We show that these protocols have critical vulnerabilities and make several false security assumptions. In particular, we present DoS attacks against broad classes of Bloom-filter-based protocols and conclude that the protocols are not ready for deployment on open networks. The results also help us understand the limitations and design options for Bloom-filter forwarding.

Keywords

Internet; computer network security; data structures; routing protocols; Bloom-filter-based forwarding; Bloom-filter-based protocols; DoS attack; Internet; botnets; delivery tree; denial-of-service attacks; in-packet information; routing-table growth; scalability issue; security assumptions; Computer crime; Network topology; Routing; Routing protocols; Topology; Multicast; network protocols; network-level security and protection;

fLanguage

English

Journal_Title

Networking, IEEE/ACM Transactions on

Publisher

ieee

ISSN

1063-6692

Type

jour

DOI

10.1109/TNET.2013.2281614

Filename

6616021