Skip to main content
SpringerLink
Log in

A Secure TCP Connection Migration Protocol to Enable the Survivability of Client-Server Applications Under Malicious Attack

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

Transmission Control Protocol (TCP) connection migration has been previously proposed to allow for the mobility of servers. In this paper we revisit TCP connection migration for purposes of server survivability against malicious denial-of-service attacks. We present a protocol that allows an on-going TCP connection to be migrated from one server to another. This migration is performed in a secure manner such that the protocol itself cannot be exploited for malicious attacks. Further the migration can be performed even in the case where the original server is compromised. The protocol has been designed so as to allow interoperability with legacy TCP protocols. It is intended to be the transport layer foundations over which survivable applications can be built.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

REFERENCES

  1. US Census Bureau, News Release, February 2003.

  2. Makoto Yoshida, Makoto Kobayashi,and Haruo Yamaguchi, Customer control of network management from the service provider's perspective,IEEE Communications Magazine,pp.35-40,1990.

  3. Kraig R.Meyer and Dale S.Johnson ,Experience in network management:The Merit network operations center,in Integrated Network Management,II ,IFIP TC6/WG6.6, pp.301-310,1991.

  4. R. D. Pethia, Information Technology—Essential But Vulnerable: Internet Security Trends, Report, House Committee on Government Reform, November 2002.

  5. R. Power, Computer Security Issues and Trends, Technical Report 1, Computer Security Institute, Spring 2002.

    Google Scholar 

  6. J. Swartz, Firms' Hacking-related insurance costs soar. USA Today, 2003.

  7. I. Ray and S. Tideman, Secure TCP connection migration for survivability, in Proceedings of 3rd International Conference on Networking, Guadeloupe, French Carribean, February-March 2004.

  8. A. C. Snoeren and H. Balakrishnan, An end-to-end approach to host mobility, in Proceedings 6th ACM International Conference on Mobile Computing and Networking, Boston, MA, August 6-11 2000, pp. 155–166.

  9. A. C. Snoeren, D. G. Andersen, and H. Balakrishnan, Fine-grained failover using connection migration, in Proceedings of 3rd USENIX Symposium on Internet Technologies and Systems, San Francisco, CA, March 2001, pp. 221–232.

  10. A. C. Snoeren, H. Balakrishnan, and M. Kaashoek, Reconsidering internet mobility, in Proceedings of 8th USENIX Workshop on Hot Topics in Operating Systems, Elmau, Germany, May 20-23 2001, pp. 41–46.

  11. L. Alvisi, T. C. Bressoud, A. El-Khashab, K. Marzullo, and D. Zagorodnov, Wrapping server-side TCP to mask connection failures, in Proceedings of 20th Annual Joint Conference of the IEEE Computer and Communication Societies, Anchorage, AK, April 22-26 2001, pp. 329–337.

  12. F. Sultan, K. Srinivasan, D. Iyer, and L. Iftode, Migratory TCP: Highly Available Internet Services Using Connection Migration. Technical report DCS-TR-462, Rutgers University, December 2001.

  13. V. C. Zandy and B. P. Miller, Reliable network connections, in Proceedings of 8th ACM International Conference on Mobile Computing and Networking, Atlanta, GA, September 23-28 2002, pp. 95–106.

  14. V. Jacobson, R. Braden, and D. Borman, TCP Extensions for High Performance. Technical Report RFC 1323, IETF Network Working Group, 1992.

  15. Federal Information Processing Standards Publication 186. Digital Signature Standard (DSS), National Institute of Standards and Technology, May 1994.

  16. W. Diffie and M. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, Vol. 22, No. 6, pp. 644–654, 1976.

    Google Scholar 

  17. E. Rescorla, Diffie-Hellman key agreement method, Technical Report RFC 2631, IETF Network Working Group, 1999.

  18. W. Stalling, Cryptography and Network Security, Prentice Hall, 2003.

  19. Certicom Research, Recommended elliptic curve domain parameters. Technical Report, Certicom Research, September 2000.

  20. A. Shamir, How to share a secret, Communications of the ACM, Vol. 22, No. 11, pp. 612–613, 1979.

    Google Scholar 

  21. G. J. Simmons, An introduction to shared secret and/or shared control schemes and their applications, in G. J. Simmons (ed.) Contemporary Cryptology: The Science of Information Integrity, Wiley-IEEE Press, 1999.

  22. B. Schneier, Applied Cryptography, John Wiley & Sons, Inc., 1996.

  23. Federal Information Processing Standards, Publication 180-2 Announcing the Secure Hash Standard. Technical Report 180-2, National Institute of Standards and Technology, August 2002.

  24. J. Dike, A user-mode port of the linux kernel, in Proceedings of the 4th Annual Linux Showcase and Conference, Atlanta, GA, October 10-14 2001, 2000.

  25. J. Dike, User mode linux: Running linux on linux, Linux Magazine, Vol. 3, No. 4, pp. 1–8, 2001.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Colorado State University, 601 S Howes Street, Fort Collins, CO, 80523, USA. E-mail:

    Indrajit Ray

  2. Sandia National Laboratories, USA

    Sonja Tideman

Authors
  1. Indrajit Ray
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sonja Tideman
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Indrajit Ray.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ray, I., Tideman, S. A Secure TCP Connection Migration Protocol to Enable the Survivability of Client-Server Applications Under Malicious Attack. Journal of Network and Systems Management 12, 251–276 (2004). https://doi.org/10.1023/B:JONS.0000034216.28565.c7

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/B:JONS.0000034216.28565.c7

Search

Navigation