RotoRouter: Router support for endpoint-authorized decentralized traffic filtering to prevent DoS attacks | IEEE Conference Publication | IEEE Xplore

RotoRouter: Router support for endpoint-authorized decentralized traffic filtering to prevent DoS attacks


Abstract:

RotoRouter addresses Denial-of-Service (DoS) attacks on networks with a novel protocol and router implementation. Sets of RotoRouters cooperate in detecting and filtering...Show More

Abstract:

RotoRouter addresses Denial-of-Service (DoS) attacks on networks with a novel protocol and router implementation. Sets of RotoRouters cooperate in detecting and filtering out invalid network traffic before it reaches network endpoints; a new router-enforceable connection protocol queries destination endpoints to authorize traffic flows and uses per-packet digital signatures to distinguish allowed from disallowed connections. A RotoRouter prototype was implemented on a four-port 1000BASE-T NetFPGA-10G platform and supports 1024 simultaneous active connections using 74 BRAMs (less than one quarter of the available NetFPGA-10G BRAMs). It is able to sustain 800 Mbps per port throughputs for 1500B packets with less than 0.3/its latency, even during a DoS attack. With additional logic and memory resources, the required validation and switching operations scale to port speeds in excess of 10 Gbps and links with more than 10,000 active flows.
Date of Conference: 10-12 December 2014
Date Added to IEEE Xplore: 09 April 2015
ISBN Information:
Conference Location: Shanghai, China

References

References is not available for this document.