Mitigation of Unsolicited Traffic across Domains with Host Identities and Puzzles

Komu, Miika; Tarkoma, Sasu; Lukyanenko, Andrey

doi:10.1007/978-3-642-27937-9_3

Miika Komu¹⁸,
Sasu Tarkoma¹⁹ &
Andrey Lukyanenko¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7127))

Included in the following conference series:

Nordic Conference on Secure IT Systems

797 Accesses

Abstract

In this paper, we present a general host identity-based technique for mitigating unsolicited traffic across different domains. We propose to tackle unwanted traffic by using a cross-layer technique based on the Host Identity Protocol (HIP). HIP authenticates traffic between two communicating end-points and its computational puzzle introduces a cost to misbehaving hosts. We present a theoretical framework for investigating scalability and effectiveness of the proposal, and also describe practical experiences with a HIP implementation. We focus on email spam prevention as our use case and how to integrate HIP into SMTP server software. The analytical investigation indicates that this mechanism may be used to effectively throttle spam by selecting a reasonably complex puzzle.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Aura, T., Nikander, P., Leiwo, J.: Dos-Resistant Authentication with Client Puzzles. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 170–177. Springer, Heidelberg (2001)
Chapter Google Scholar
Back, A.: Hashcash (May 1997), http://www.cypherspace.org/hashcash/
Beal, J., Shepard, T.: Deamplification of DoS Attacks via Puzzles (October 2004), http://web.mit.edu/jakebeal/www/Unpublished/puzzle.pdf
Dwork, C., Naor, M.: Pricing via Processing or Combatting Junk Mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)
Chapter Google Scholar
Eggert, L., Laganier, J.: Host Identity Protocol (HIP) Rendezvous Extension. IETF (April 2008), Experimental RFC
Google Scholar
Goodman, J., Rounthwaite, R.: SmartProof. Microsoft (2005), http://research.microsoft.com/en-us/um/people/joshuago/smartproof.pdf
Jokela, P., Moskowitz, R., Nikander, P.: RFC5202: Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP) Internet Engineering Task Force (April 2008), http://www.ietf.org/rfc/rfc5202.txt
Keränen, A., Camarillo, G., Mäenpää, J.: Host Identity Protocol-Based Overlay Networking Environment (HIP BONE) Instance Specification for REsource LOcation And Discovery (RELOAD). Internet Engineering Task Force (July 2010) (internet draft, work in progress)
Google Scholar
Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.: RFC5201: Host Identity Protocol. Internet Engineering Task Force (April 2008); Experimental RFC
Google Scholar
Nikander, P., Henderson, T., Vogt, C., Arkko, J.: End-Host Mobility and Multihoming with the Host Identity Protocol. Internet Engineering Task Force (April 2008); Experimental RFC
Google Scholar
Nikander, P., Laganier, J.: Host Identity Protocol (HIP) Domain Name System (DNS) Extension. IETF (April 2008); Experimental RFC
Google Scholar
Pathak, A., Komu, M., Gurtov, A.: Host Identity Protocol for Linux. Linux Journal (November 2009), http://www.linuxjournal.com/article/9129
Tritilanunt, S., Boyd, C., Foo, E., Nieto, J.M.G.: Examining the DoS Resistance of HIP. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 616–625. Springer, Heidelberg (2006)
Chapter Google Scholar
Tschofenig, H., Shanmugam, M., Muenz, F.: Using SRTP transport format with HIP. Internet Engineering Task Force (August 2006); expired Internet draft
Google Scholar

Download references

Author information

Authors and Affiliations

Aalto University, Finland
Miika Komu & Andrey Lukyanenko
University of Helsinki, Finland
Sasu Tarkoma

Authors

Miika Komu
View author publications
You can also search for this author in PubMed Google Scholar
Sasu Tarkoma
View author publications
You can also search for this author in PubMed Google Scholar
Andrey Lukyanenko
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

School of Science and Technology, Aalto University, Konemiehentie 2, 02150, Espoo, Finland
Tuomas Aura
Department of Information and Computer Science, Aalto University, Konemiehentie 2, 02150, Aalto, Finland
Kimmo Järvinen & Kaisa Nyberg &

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Komu, M., Tarkoma, S., Lukyanenko, A. (2012). Mitigation of Unsolicited Traffic across Domains with Host Identities and Puzzles. In: Aura, T., Järvinen, K., Nyberg, K. (eds) Information Security Technology for Applications. NordSec 2010. Lecture Notes in Computer Science, vol 7127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27937-9_3

Download citation

DOI: https://doi.org/10.1007/978-3-642-27937-9_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27936-2
Online ISBN: 978-3-642-27937-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics