Team for Research in
Ubiquitous Secure Technology

DefAT: Dependable Connection Setup for Network Capabilities
Soo Bum Lee, Virgil D. Gligor, Adrian Perrig

Citation
Soo Bum Lee, Virgil D. Gligor, Adrian Perrig. "DefAT: Dependable Connection Setup for Network Capabilities". Technical report, Carnegie Mellon University, CMU-CyLab-011-018, 2012.

Abstract
Network-layer capabilities offer strong protection against link flooding by authorizing individual flows with unforgeablecredentials (i.e., capabilities). However, the capabilitysetup channel is vulnerable to flooding attacks that prevent legitimate clients from acquiring capabilities; i.e., in Denial of Capability (DoC) attacks. Based on the observation that the distribution of attack sources in the current Internet is highly non-uniform, we provide a router-level scheme, named DefAT (Defense via Aggregating Traffic), that confines the effects of DoC attacks to specified locales or neighborhoods (e.g., one or more administrative domains of the Internet). DefAT provides precise access guarantees for capability schemes, even in the face of flooding attacks. The effectiveness of DefAT is shown in two ways. First, we illustrate the precise link-access guarantees provided by DefAT via ns2 simulations. Second, we show the effectiveness of DefAT in the current Internet via Interent-scale simulations using real Internet topologies and attack distribution.

Electronic downloads

Citation formats  
  • HTML
    Soo Bum Lee, Virgil D. Gligor, Adrian Perrig. <a
    href="http://www.truststc.org/pubs/845.html"
    ><i>DefAT: Dependable Connection Setup for Network
    Capabilities</i></a>, Technical report, 
    Carnegie Mellon University, CMU-CyLab-011-018, 2012.
  • Plain text
    Soo Bum Lee, Virgil D. Gligor, Adrian Perrig. "DefAT:
    Dependable Connection Setup for Network Capabilities".
    Technical report,  Carnegie Mellon University,
    CMU-CyLab-011-018, 2012.
  • BibTeX
    @techreport{LeeGligorPerrig12_DefATDependableConnectionSetupForNetworkCapabilities,
        author = {Soo Bum Lee and Virgil D. Gligor and Adrian Perrig},
        title = {DefAT: Dependable Connection Setup for Network
                  Capabilities},
        institution = {Carnegie Mellon University},
        number = {CMU-CyLab-011-018},
        year = {2012},
        abstract = {Network-layer capabilities offer strong protection
                  against link flooding by authorizing individual
                  flows with unforgeablecredentials (i.e.,
                  capabilities). However, the capabilitysetup
                  channel is vulnerable to flooding attacks that
                  prevent legitimate clients from acquiring
                  capabilities; i.e., in Denial of Capability (DoC)
                  attacks. Based on the observation that the
                  distribution of attack sources in the current
                  Internet is highly non-uniform, we provide a
                  router-level scheme, named DefAT (Defense via
                  Aggregating Traffic), that confines the effects of
                  DoC attacks to specified locales or neighborhoods
                  (e.g., one or more administrative domains of the
                  Internet). DefAT provides precise access
                  guarantees for capability schemes, even in the
                  face of flooding attacks. The effectiveness of
                  DefAT is shown in two ways. First, we illustrate
                  the precise link-access guarantees provided by
                  DefAT via ns2 simulations. Second, we show the
                  effectiveness of DefAT in the current Internet via
                  Interent-scale simulations using real Internet
                  topologies and attack distribution.},
        URL = {http://www.truststc.org/pubs/845.html}
    }
    

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.