Abstract
Capability-based systems that use explicit authorization (permission) for flows have been proposed in order to prevent Denial-of-Service (DoS) attacks. Even though the performance analyses of these systems show that they are efficient in preventing the attacks, they suffer from the difficulty of obtaining permission, incompatibility with current network architecture, and attacks that circumvent the permission rules. We propose a signaling architecture for network traffic authorization, called Permission-Based-Sending (PBS), aiming to prevent DoS attacks. PBS uses the concept similar to existing capability-based systems in the manner that the sender should get authorization (permission) from a receiver for flows. However, PBS introduces new and practical approaches to overcome the deficiencies of those systems. On-path signaling enables easy installation and management of the permission state. Working on current network protocols supports compatibility and allows PBS to be deployed in existing networks. In addition, a monitoring mechanism provides a second line of defense against attacks. Our analysis and performance evaluation show that PBS is an effective and scalable solution to prevent several kinds of attacks, and improves the resilience of the system against network failure by using soft-state mechanisms.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
