Paper 2005/298

Keeping Denial-of-Service Attackers in the Dark

Gal Badishi, Amir Herzberg, and Idit Keidar

Abstract

We consider the problem of overcoming (Distributed) Denial of Service (DoS) attacks by realistic adversaries that have knowledge of their attack's successfulness, e.g., by observing service performance degradation, or by eavesdropping on messages or parts thereof. A solution for this problem in a high-speed network environment necessitates lightweight mechanisms for differentiating between valid traffic and the attacker's packets. The main challenge in presenting such a solution is to exploit existing packet filtering mechanisms in a way that allows fast processing of packets, but is complex enough so that the attacker cannot efficiently craft packets that pass the filters. We show a protocol that mitigates DoS attacks by adversaries that can eavesdrop and (with some delay) adapt their attacks accordingly. The protocol uses only available, efficient packet filtering mechanisms based mainly on (addresses and) port numbers. Our protocol avoids the use of fixed ports, and instead performs `pseudo-random port hopping'. We model the underlying packet-filtering services and define measures for the capabilities of the adversary and for the success rate of the protocol. Using these, we provide a novel rigorous analysis of the impact of DoS on an end-to-end protocol, and show that our protocol provides effective DoS prevention for realistic attack and deployment scenarios.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. This is (submitted) journal version; for conference version see Proc. of DISC 2005
Contact author(s)
herzbea @ cs biu ac il
History
2005-09-01: received
Short URL
https://ia.cr/2005/298
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2005/298,
      author = {Gal Badishi and Amir Herzberg and Idit Keidar},
      title = {Keeping Denial-of-Service Attackers in the Dark},
      howpublished = {Cryptology ePrint Archive, Paper 2005/298},
      year = {2005},
      note = {\url{https://eprint.iacr.org/2005/298}},
      url = {https://eprint.iacr.org/2005/298}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.