About this book
Hop Integrity in the Internet introduces a new security defense, hop integrity, that can be used against denial-of-service attacks in the Internet. Hop integrity ensures that if a message, that is part of a denial-of-service attack, is originated by an adversarial host in the Internet and if the message header includes a wrong address for the originating host (in order to hide the true source of the attack), then the message will be classified as modified or replayed and will be discarded by the first router that receives the message in the Internet.
A suite of protocols for providing hop integrity in the Internet is discussed in great detail. In particular, each protocol in this suite is specified and verified using an abstract and formal notation, called the Secure Protocol Notation.
There are five protocols in this suite:
- A secure address resolution protocol
- A light-weight key update protocol
- A protocol for computing and verifying message digests
- An anti-replay protocol that uses soft sequence numbers
- An anti-replay protocol that uses hard sequence numbers
In addition, other benefits of hop integrity extend to secure routing, mobile IP, and IP multicast.
Hop Integrity in the Internet is primarily directed towards designers, reviewers, verifiers, and implementors of secure network protocols. Graduate students who are interested in network security and secure protocols will find this book invaluable.