The case for in-network replay suppression

Taeho Lee, Christos Pappas, Adrian Perrig, Virgil Gligor, Yih Chun Hu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We make a case for packet-replay suppression at the network layer, a concept that has been generally neglected. Our contribution is twofold. First, we demonstrate a new attack, the router-reflection attack, that can be launched using compromised routers. In this attack, a compromised router degrades the connectivity of a remote Internet region just by replaying packets. The attack is feasible even if all packets are attributed to their sources, i.e., source authentication is in place, and our evaluation shows that the threat is pervasive-candidate routers for compromise are in the order of hundreds or thousands. Second, we design an in-network mechanism for replay suppression. We start by showing that designing such a mechanism poses unsolved challenges and simple adaptations of end-to-end solutions are not sufficient. Then, we devise, analyze, and implement a highly efficient protocol that suppresses replayed traffic at the network layer without global time synchronization. Our softwarerouter prototype can saturate a 10 Gbps link using only two CPU cores for packet processing.

Original languageEnglish (US)
Title of host publicationASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Pages862-873
Number of pages12
ISBN (Electronic)9781450349444
DOIs
StatePublished - Apr 2 2017
Event2017 ACM Asia Conference on Computer and Communications Security, ASIA CCS 2017 - Abu Dhabi, United Arab Emirates
Duration: Apr 2 2017Apr 6 2017

Publication series

NameASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security

Other

Other2017 ACM Asia Conference on Computer and Communications Security, ASIA CCS 2017
CountryUnited Arab Emirates
CityAbu Dhabi
Period4/2/174/6/17

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems
  • Software

Fingerprint Dive into the research topics of 'The case for in-network replay suppression'. Together they form a unique fingerprint.

  • Cite this

    Lee, T., Pappas, C., Perrig, A., Gligor, V., & Hu, Y. C. (2017). The case for in-network replay suppression. In ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security (pp. 862-873). (ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security). Association for Computing Machinery, Inc. https://doi.org/10.1145/3052973.3052988