Communications of the ACM
Prototype Security Software Blocks Ddos Attacks
Auburn University researchers have developed a software filter that protects computers against distributed denial-of-service (DDoS) attacks without bogging down the computer's CPU and memory. The identity-based privacy-protected access control filter (IPCAF) also wards against session hijacking, dictionary attacks, and man-in-the-middle attacks.
Instead of warding against IP addresses, which can be faked by hijackers, IPCAF sends a user ID and password to computer users and the Web site they are attempting to access. Then the two parties create fake IDs and values for each packet so that each one is double-checked. Computers check the value in each packet and choose whether to accept it or not. Only then are more memory and CPU resources used to deal with them.
The researchers say that IPCAF also is useful because it does not rely on separate and expensive applications that bog down memory. Instead it uses servers and client machines without affecting computer use.
IPCAF uses hash-based message authentication code to create the value it will use to confirm every single packet, which saves CPU power, says Auburn's Chwan-Hwa "John" Wu. When testing IPCAF, Wu found that the computer network was only stalled by 30 nanoseconds during an attack through a 10-Gbit/second connection. "For humans, there is no difference," he says. Meanwhile, security teams can possibly track the source of the original attack.
From Network World
View Full Article
Abstracts Copyright © 2009 Information Inc., Bethesda, Maryland, USA 
No entries found