These are abstracts of papers published by the ARQOS project.
In this paper, we study the first type of DoQoNS (Denial of Quality of Network Service) atacks: attacks directly on the resource reservation and setup protocol. In particular, we have studied and analyzed the RSVP protocol. Two important research contributions are presented: First, we performed a security analysis on RSVP which demonstrates the key vulnerabilities of its distributed resource reservation and setup process. Second, we proposed a new secure RSVP protocol, SDS/CD (Selective Digital Signature with Conflict Detection) for RSVP, which combines the strength of attack prevention and intrusion detection. SDS/CD resolved a fundamental issue in network security: how to protect the integrity, in an End-to-End fashion, of a target object that is mutable along the route path. As a result, we will show that SDS/CD can deal with many insider attacks that can not be handled by the current IETF/FSVP security solution: hop-by-hop authentication.
last updated 4-April-2001