Download Now Free registration required
Network-layer capabilities offer strong protection against link flooding by authorizing individual flows with unforgeable credentials (i.e., capabilities). However, the capability setup channel is vulnerable to flooding attacks that prevent legitimate clients from acquiring capabilities; i.e., in Denial of Capability (DoC) attacks. Based on the observation that the distribution of attack sources in the current Internet is highly non-uniform, the authors provide a router-level scheme that confines the effects of DoC attacks to specified locales or neighborhoods (e.g., one or more administrative domains of the internet). Their scheme provides precise access guarantees for capability schemes, even in the face of flooding attacks. The effectiveness of their scheme is evaluated by ns2 simulations under different attack scenarios.
- Format: PDF
- Size: 0 KB