Lightweight Opportunistic Tunneling (LOT)

  • Yossi Gilad
  • Amir Herzberg
Conference paper

DOI: 10.1007/978-3-642-04444-1_7

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5789)
Cite this paper as:
Gilad Y., Herzberg A. (2009) Lightweight Opportunistic Tunneling (LOT). In: Backes M., Ning P. (eds) Computer Security – ESORICS 2009. ESORICS 2009. Lecture Notes in Computer Science, vol 5789. Springer, Berlin, Heidelberg

Abstract

We present LOT, a lightweight ’plug and play’ tunneling protocol installed (only) at edge gateways. Two communicating gateways A and B running LOT would automatically and securely establish efficient tunnel, encapsulating packets sent between them. This allows B to discard packets which use A’s network addresses but were not sent via A (i.e. are spoofed) and vice verse.

LOT is practical: it is easy to manage (‘plug and play’, no coordination between gateways), deployed incrementally and only at edge gateways (no change to core routers or hosts), and has negligible overhead in terms of bandwidth and processing, as we validate by experiments on a prototype implementation. LOT storage requirements are also modest. LOT can be used alone, providing protection against blind (spoofing) attackers, or to opportunistically setup IPsec tunnels, providing protection against Man In The Middle (MITM) attackers.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Yossi Gilad
    • 1
  • Amir Herzberg
    • 1
  1. 1.Computer Science DepartmentBar Ilan UniversityRamat GanIsrael

Personalised recommendations