New DoS Defense Method Based on Strong Designated Verifier Signatures

We present a novel technique for source authentication of a packet stream in a network, which intends to give guarantees that a specific network flow really comes from a claimed origin. This mechanism, named packet level authentication (PLA), can be an essential tool for addressing Denial of Service...

Descripción completa

Detalles Bibliográficos
Autores: de Almeida, Marcone Pereira, de Sousa Júnior, Rafael, García Villalba, Luis Javier, Kim, Tai-Hoon
Tipo de recurso: artículo
Fecha de publicación:2018
País:España
Institución:Universidad Complutense de Madrid (UCM)
Repositorio:Docta Complutense
Idioma:inglés
OAI Identifier:oai:docta.ucm.es:20.500.14352/19223
Acceso en línea:https://hdl.handle.net/20.500.14352/19223
Access Level:acceso abierto
Palabra clave:Denial of Service (DoS) attacks
packet level authentication
traffic identification
digital signatures
designated verifier signatures
Inteligencia artificial (Informática)
Seguridad informática
1203.04 Inteligencia Artificial
Descripción
Sumario:We present a novel technique for source authentication of a packet stream in a network, which intends to give guarantees that a specific network flow really comes from a claimed origin. This mechanism, named packet level authentication (PLA), can be an essential tool for addressing Denial of Service (DoS) attacks. Based on designated verifier signature schemes, our proposal is an appropriate and unprecedented solution applying digital signatures for DoS prevention. Our scheme does not rely on an expensive public-key infrastructure and makes use of light cryptography machinery that is suitable in the context of the Internet of Things (IoT). We analyze our proposed scheme as a defense measure considering known DoS attacks and present a formal proof of its resilience face to eventual adversaries. Furthermore, we compare our solution to already existent strategies, highlighting its advantages and drawbacks.