Securing QoS threats to RSVP messages and their countermeasures

Securing QoS threats to RSVP messages and their countermeasures

In this paper, we study one type of DoQoNS (denial of quality of network service) attacks: attacks directly on the resource reservation and setup protocol. Particularly, we have studied and analyzed the RSVP protocol. Two contributions are: first, we performed a security analysis on RSVP which demon...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Tsung-Li Wu, Wu, S.F., Zhi Fu, He Huang, Fengmin Gong
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Authentication
Degradation
Digital signatures
Intrusion detection
Performance analysis
Protection
Protocols
Quality of service
Security
Unicast
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper, we study one type of DoQoNS (denial of quality of network service) attacks: attacks directly on the resource reservation and setup protocol. Particularly, we have studied and analyzed the RSVP protocol. Two contributions are: first, we performed a security analysis on RSVP which demonstrates the key vulnerabilities of its distributed resource reservation and setup process. Second, we proposed a new secure RSVP protocol, SDS/CD (selective digital signature with conflict detection), which combines the strength of attack prevention and intrusion detection. SDS/CD resolves a fundamental issue in network security: how to protect the integrity, in an end-to-end fashion, of a target object that is mutable along the route path. As a result, we will show that SDS/CD can deal with many insider attacks that can not be handled by the current IETF/RSVP security solution: hop-by-hop authentication.
DOI:10.1109/IWQOS.1999.766479