Abstract
A computer network is said to provide hop integrity iff when any router p in the network receives a message m supposedly from an adjacent router q, then p can check that m was indeed sent by q, was not modified after it was sent, and was not a replay of an old message sent from q to p. In this paper, we describe three protocols that can be added to the routers in a computer network so that the network can provide hop integrity, and thus overcome most denial-of-service attacks. These three protocols are a secret exchange protocol, a weak integrity protocol, and a strong integrity protocol. All three protocols are stateless, require small overhead, and do not constrain the network protocol in the routers in any way.
Original language | English (US) |
---|---|
Pages (from-to) | 308-319 |
Number of pages | 12 |
Journal | IEEE/ACM Transactions on Networking |
Volume | 10 |
Issue number | 3 |
DOIs | |
State | Published - Jun 2002 |
Externally published | Yes |
Keywords
- Authentication
- Denial-of-service attack
- Internet
- Message modification
- Message replay
- Network protocol
- Router
- SYN attack
- Security
- Smurf attack
ASJC Scopus subject areas
- Software
- Computer Science Applications
- Computer Networks and Communications
- Electrical and Electronic Engineering