Resistance against brute-force attacks on stateless forwarding in information centric networking
This addresses security issues in networking protocols for researchers and practitioners, but it is incremental as it builds on existing Bloom filter methods.
The paper tackles the vulnerability of LIPSIN, a Bloom filter-based stateless forwarding mechanism in Information Centric Networking, to brute-force attacks that can cause DDoS and unsolicited messages, by proposing a new approach that allows stateless verification to prevent such attacks, with analysis showing high resistance to brute-force attacks.
Line Speed Publish/Subscribe Inter-networking (LIPSIN) is one of the proposed forwarding mechanisms in Information Centric Networking (ICN). It is a stateless source-routing approach based on Bloom filters. However, it has been shown that LIPSIN is vulnerable to brute-force attacks which may lead to distributed denial-of-service (DDoS) attacks and unsolicited messages. In this work, we propose a new forwarding approach that maintains the advantages of Bloom filter based forwarding while allowing forwarding nodes to statelessly verify if packets have been previously authorized, thus preventing attacks on the forwarding mechanism. Analysis of the probability of attack, derived analytically, demonstrates that the technique is highly-resistant to brute-force attacks.