FONet : A Federated Overlay Network for DoS Defense in the Internet (A Position Paper)
نویسندگان
چکیده
We propose a novel service architecture to provide DoS resistant communication services in the Internet. The architecture consists of a large scale federated overlay network with DoS protected tunnels established between overlay nodes. Individual overlay nodes are deployed and maintained by the domains hosting them. The overlay network as a whole is shared by all participating domains. This architecture is designed to be secure against DoS attacks and can provide different levels of DoS protection as value-added communication services on a large scale.
منابع مشابه
FONet: A Federated Overlay Network for DoS Defense in the Internet
Despite years of research and industrial interest towards preventing them, Denial of Service (DoS) attacks continue to pose a significant threat to the health and utility of the Internet. Over the years, several DoS defense approaches have been proposed by the research community. Broadly classified, these methods can be either reactive methods or proactive methods. Reactive methods are usually ...
متن کاملTolerating Denial-of-Service Attacks Using Overlay Networks - Impact of Overlay Network Topology
Proxy-network based overlays have been proposed to protect Internet Applications against Denial-of-Service (DoS) attacks by hiding an application’s location. We study how a proxy network’s topology influences the effectiveness of location-hiding. We provide a general analysis of system dynamics under attack, and study how the speed of attack, speed of defense, and proxy network topology affect ...
متن کاملAID: A global anti-DoS service
Distributed denial of service (DDoS) has long been an open security problem of the Internet. Most proposed solutions require the upgrade of routers across the Internet, which is extremely difficult to realize, considering that the Internet consists of a very large number of autonomous systems with routers from different vendors deployed over decades. A promising alternative strategy is to avoid...
متن کاملFriends or Rivals: Insights from Integrating HIP and i3
The Host Identity Protocol (HIP) uses cryptographic host identities to provide secure and efficient end-to-end communication without requiring a distributed key authority. However, HIP hosts can be vulnerable to DoS attacks and require some infrastructure to support simultaneous mobility of end points. The Internet Indirection Infrastructure (i3) overlay network can be used to provide these des...
متن کاملMaelstrom: Churn as Shelter
Structured overlays are an important and powerful class of overlay networks that has emerged in recent years. They are typically targeted at peer-to-peer deployments involving millions of user-managed machines on the Internet. In this paper we address routing-table poisoning attacks against structured overlays, in which adversaries attempt to intercept traffic and control the system by convinci...
متن کامل