Reducing the Impact of DoS Attacks on Endpoint IP Security

N
NPSEC
2006
2006 2nd IEEE Workshop on Secure Network Protocols
Abstract - Reducing the Impact of DoS Attacks on Endpoint IP Security

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Joseph Touch Articles by Yi-hua Yang

2006 2nd IEEE Workshop on Secure Network Protocols

Fess Parker's Doubletree, Santa Barbara, CA, USA

November 12-November 12

ISBN: 1-4244-0773-7

	ASCII Text	x
	Joseph Touch, Yi-hua Yang, "Reducing the Impact of DoS Attacks on Endpoint IP Security," IEEE Workshop on Secure Network Protocols, pp. 6-11, 2006 2nd IEEE Workshop on Secure Network Protocols, 2006.

	BibTex	x
	@article{ 10.1109/npsec.2006.320340, author = {Joseph Touch and Yi-hua Yang}, title = {Reducing the Impact of DoS Attacks on Endpoint IP Security}, journal ={IEEE Workshop on Secure Network Protocols}, volume = {0}, year = {2006}, isbn = {1-4244-0773-7}, pages = {6-11}, doi = {http://doi.ieeecomputersociety.org/10.1109/npsec.2006.320340}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - IEEE Workshop on Secure Network Protocols TI - Reducing the Impact of DoS Attacks on Endpoint IP Security SN - 1-4244-0773-7 SP6 EP11 A1 - Joseph Touch, A1 - Yi-hua Yang, PY - 2006 KW - null VL - 0 JA - IEEE Workshop on Secure Network Protocols ER -

Joseph Touch, Senior Member, IEEE, USC's Information Sciences Institute, Marina del Rey, CA, 90292 USA, 310-448-9151; e-mail: touch@isi.edu

Yi-hua Yang, USC's Information Sciences Institute, Marina del Rey, CA, 90292 USA, 310-448-9151; e-mail: yeyang@isi.edu

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/npsec.2006.320340

IP security is designed to protect hosts from attack, but can itself provide a way to overwhelm the resources of a host. One such denial of service (DoS) attack involves sending incorrectly signed packets to a host, which then consumes substantial CPU resources to reject unwanted traffic. This paper examines the impact of such attacks, and provides a preliminary exploration of ways to reduce their impact. Measurements of the impact of DoS attack traffic on x86-based hosts in FreeBSD indicate that a single DoS attacker can reduce throughput by half. This impact can be reduced to approximately 20% by layering low-effort nonce validation on IPsec's more CPU-intensive cryptographic algorithms, but the choice of algorithm does not have as large an effect. This work suggests that effective DoS resistance requires an hierarchical defense using both nonces and strong cryptography at the endpoints.

Citation:

Joseph Touch, Yi-hua Yang, "Reducing the Impact of DoS Attacks on Endpoint IP Security," npsec, pp.6-11, 2006 2nd IEEE Workshop on Secure Network Protocols, 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.