English

EIP - Preventing DDoS with Ephemeral IP Identifiers Cryptographically Generated

Networking and Internet Architecture 2017-01-04 v2 Cryptography and Security

Abstract

Nowadays, denial of service (DoS) attacks represent a significant fraction of all attacks that take place in the Internet and their intensity is always growing. The main DoS attack methods consist of flooding their victims with bogus packets, queries or replies, so as to prevent them from fulfilling their roles. Preventing DoS attacks at network level would be simpler if end-to-end strong authentication in any packet exchange was mandatory. However, it is also likely that its mandatory adoption would introduce more harm than benefits. In this paper we present an end-point addressing scheme and a set of security procedures which satisfy most of network level DoS prevention requirements. Instead of being known by public stable IP addresses, hosts use ephemeral IP Identifiers cryptographically generated and bound to its usage context. Self-signed certificates and challenge-based protocols allow, without the need of any third parties, the implementation of defenses against DoS attacks. Communication in the open Internet while using these special IP addresses is supported by the so-called Map/Encap approaches, which in our point of view will be sooner or later required for the future Internet.

Keywords

Cite

@article{arxiv.1612.07065,
  title  = {EIP - Preventing DDoS with Ephemeral IP Identifiers Cryptographically Generated},
  author = {Ricardo Paula Martins and José Legatheaux Martins and Henrique João Domingos},
  journal= {arXiv preprint arXiv:1612.07065},
  year   = {2017}
}

Comments

16 pages, 3 figures

R2 v1 2026-06-22T17:30:37.271Z