A method for mitigating denial of service attacks on differentiated services networks
Braun, Matthew J.
Cote, Richard Scott
MetadataShow full item record
This thesis presents a method for countering Denial of Service (DoS) attacks in networks that provide Quality of Service (QoS) guarantees using Differentiated Service (DiffServ). This approach uses feedback from the DiffServ provider to initiate packet signing at the source. The signature allows the DiffServ provider to distinguish valid packets from malicious packets. This mechanism can also be used to provide key management for other digital signature methods, such as the Internet Protocol Authentication Header (IP AH). However, unlike other methods, our solution requires no encryption or cryptographic processing on a per-packet basis. Instead, it utilizes the sender's ability to alter its packet signatures faster than the attacker can duplicate the changes. This method also avoids the fragmentation and decreased throughput associated with increased packet size of IP AH through use of existing fields in the IP header. This method results in a significant reduction in valid packets that are dropped during a DoS attack. Thus, a DiffServ provider would be able to maintain QoS guarantees during an attack without incurring the overhead associated with cryptographic signatures. A C++ implementation of this DoS countermeasure for the ns2 network simulator and the experimental simulation scripts are included as appendices.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Apte, Aruna; Arruda, Corey; Clark, Austin; Landale, Karen (Emerald Publishing Limited, June 3, 20);Purpose – In an increasingly budget-constrained environment, the Department of Defense (DoD) must maximize the value of fiscal resources obligated on service contracts. Over half of DoD procurement spending between 2008 ...
Heil, Adam N. (Monterey, California: Naval Postgraduate School, 2016-06);This paper analyzes the U.S. military's choice to transition to the blended retirement system in 2018. All service members will be grandfathered into the current system but those with less than 12 years of service will be ...
Drummond, John. (Monterey, California: Naval Postgraduate School, 2002., 2002-06);The substantial complexity and strict requirements of distributed command and control systems creates an environment that places extreme demands upon system resources. Furthermore, inconsistent resource distribution also ...