Publications

Disclaimer:

IEEE Copyright Notice

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

ACM Copyright Notice

These are the authors' versions of the work. The copyright is with ACM. They are posted here by permission of ACM for your personal use. Not for redistribution. See individual publication details for information on the publication of the definitive versions.

Springer-Verlag LNCS Copyright Notice

The copyright of these contributions has been transferred to Springer-Verlag Berlin Heidelberg New York. The copyright transfer covers the exclusive right to reproduce and distribute the contribution, including reprints, translations, photographic reproductions, microform, electronic form (offline, online), or any other reproductions of similar nature. Online available from Springer-Verlag LNCS series.

Work that appeared before the 1st of September 2003 was published while the authors were with the Lehrstuhl Praktische Informatik IV at the University of Mannheim.

Counter-Flooding: DoS Protection for Public Key Handshakes in LANs

Author(s): Yves Igor Jerschow, Björn Scheuermann, Martin Mauve.
Title: Counter-Flooding: DoS Protection for Public Key Handshakes in LANs
Published: ICNS 2009: Proceedings of the Fifth International Conference on Networking and Services, Valencia, Spain, April 2009
Keyword(s):
Abstract: The majority of security protocols employpublic key cryptography for authentication at least inthe connection setup phase. However, verifying digitalsignatures is an expensive task compared to symmetrickey operations and may become the target for Denialof Service (DoS) attacks, where the adversary floods thevictim host with fake signature packets trying to overloadit. In this paper we present counter-flooding, a new defensemechanism against DoS attacks which exploit the lackof initial address authenticity in LANs. A benign hosthaving a signature packet addressed to a host which iscurrently under attack ensures the processing of its packetby flooding copies of this packet for a short period of timeitself. The key idea is for the victim host to verify only afixed number of signatures per time period without becomingoverloaded and to select those packets for verificationwhich have the largest number of duplicates. Under weakassumptions we prove that the packet from the benign hostwill be among them. We derive bounds for our counterfloodingmechanism to succeed and perform experimentswith Ethernet switches to study the bandwidth divisionbetween concurrent flows under overload conditions.
Note: This material is presented to ensure timely dissemination of scholarly and technicalwork. Copyright and all rights therein are retained by authors or by other copyrightholders. All persons copying this information are expected to adhere to the terms andconstraints invoked by each author's copyright. In most cases, these works may not bereposted without the explicit permission of the copyright holder.
Bib entry: [XML] [BibTeX]
Download: [PDF]
Responsible for the content: E-MailWE Informatik