Counter-Flooding: DoS Protection for Public Key Handshakes in LANs
The majority of security protocols employ public key cryptography for authentication at least in the connection setup phase. However, verifying digital signatures is an expensive task compared to symmetric key operations and may become the target for Denial of Service (DoS) attacks, where the adversary floods the victim host with fake signature packets trying to overload it. In this paper, the authors present counter-flooding, a new defense mechanism against DoS attacks which exploit the lack of initial address authenticity in LANs. A benign host having a signature packet addressed to a host which is currently under attack ensures the processing of its packet by flooding copies of this packet for a short period of time itself.