Attackers, Packets, and Puzzles: On Denial-of-Service Prevention in Local Area Networks

In this thesis, we tackle the problem of securing communication in Local Area Networks (LANs) and making it resistant against Denial-of-Service (DoS) attacks. The main vulnerability in wired and wireless LANs is the lack of initial address authenticity. It enables an attacker to take on different identities and to inject faked packets bearing a foreign or a bogus sender address. For this reason existing DoS countermeasures developed to mitigate attacks in the Internet have drawbacks when being applied in LANs. Our first contribution is the Cryptographic Link Layer (CLL)—a comprehensive security protocol that provides authentication and confidentiality between neighboring hosts from the link layer upwards. CLL employs public-key cryptography to identify all hosts in the Ethernet LAN based on their IP/MAC address pairs. Unicast IP traffic is safeguarded by means of a block cipher and a message authentication code. CLL extends ARP and DHCP handshakes with authentication to protect these protocols against various kinds of attacks. Beginning with an ARP handshake, two hosts exchange certificates and cryptographic parameters, authenticate each other, and negotiate symmetric keys to establish a security association. CLL has been implemented on both Windows and Linux and achieves a very competitive performance. Verifying digital signatures in the handshake phase of CLL and of other security protocols that rely on public-key cryptography is a very expensive task compared to symmetric-key operations. Thus, it may become a target for DoS attacks where the adversary floods a victim host with faked signature packets trying to overload it. We introduce a countermeasure against DoS flooding attacks on public-key handshakes in LANs, called counter-flooding. A benign host trying to initiate an authentication handshake to a victim system that suffers from a flooding attack reacts to this aggression by flooding itself multiple copies of its signature packet for a short period. The key idea is for the victim host to verify only a fixed number of signatures per time period without becoming overloaded and to select those packets for verification that have the largest number of duplicates. We provide bounds for counter-flooding to succeed and show experimentally that in switched Ethernet a reasonable fair bandwidth division between concurrent flows is usually ensured.