Metadata only
Datum
2022Typ
- Conference Paper
ETH Bibliographie
yes
Altmetrics
Abstract
In recent years, much progress has been made in the field of Internet bandwidth reservation systems. While early designs were neither secure nor scalable, newer proposals promise attack resilience and Internet-wide scalability by using cryptographic access tokens (capabilities) that represent permissions to send at a guaranteed rate. Once a capability-based bandwidth reservation is established, the corresponding traffic is protected from both naturally occurring congestion and distributed denialof-service attacks, with positive consequences on the end-to-end quality of service (QoS) of the communication. However, high network utilization ‒ possibly caused by adversaries ‒ can still preclude the initial unprotected establishment of capabilities. To prevent such denial-of-capability (DoC) attacks, we present DoCile, a framework for the protection of capability establishment on Internet paths, irrespective of network utilization. We believe that DoCile, deployed alongside a capability-based bandwidth reservation system, can be the foundation of the next generation of secure and scalable QoS protocols. Mehr anzeigen
Publikationsstatus
publishedExterne Links
Buchtitel
2022 IEEE/ACM 30th International Symposium on Quality of Service (IWQoS)Seiten / Artikelnummer
Verlag
IEEEKonferenz
Thema
Denial-of-Capability Attack; DDoS Resilience; Bandwidth ReservationOrganisationseinheit
03975 - Perrig, Adrian / Perrig, Adrian
ETH Bibliographie
yes
Altmetrics