Securing QoS threats to RSVP messages and their countermeasures

In this paper, we study one type of DoQoNS (denial of quality of network service) attacks: attacks directly on the resource reservation and setup protocol. Particularly, we have studied and analyzed the RSVP protocol. Two contributions are: first, we performed a security analysis on RSVP which demonstrates the key vulnerabilities of its distributed resource reservation and setup process. Second, we proposed a new secure RSVP protocol, SDS/CD (selective digital signature with conflict detection), which combines the strength of attack prevention and intrusion detection. SDS/CD resolves a fundamental issue in network security: how to protect the integrity, in an end-to-end fashion, of a target object that is mutable along the route path. As a result, we will show that SDS/CD can deal with many insider attacks that can not be handled by the current IETF/RSVP security solution: hop-by-hop authentication.

[1]  Scott Shenker,et al.  Specification of Guaranteed Quality of Service , 1997, RFC.

[2]  Gene Tsudik,et al.  Reducing the cost of security in link-state routing , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.

[3]  Lixia Zhang,et al.  Resource ReSerVation Protocol (RSVP) - Version 1 Functional Specification , 1997, RFC.

[4]  Zheng Wang,et al.  An Architecture for Differentiated Services , 1998, RFC.

[5]  B. Ohlman,et al.  A Framework for Differentiated Services , 1998 .

[6]  Karl N. Levitt,et al.  Protecting routing infrastructures from denial of service using cooperative intrusion detection , 1998, NSPW '97.

[7]  Srinivasan Keshav,et al.  A Framework for Differentiated Services , 1999 .

[8]  Mohit Talwar,et al.  RSVP Killer Reservations , 1999 .

[9]  Sandra L. Murphy,et al.  Digital signature protection of the OSPF routing protocol , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[10]  David L. Black,et al.  An Architecture for Differentiated Service , 1998 .

[11]  P. Metzger,et al.  Network Working Group , 2000 .

[12]  Fred Baker,et al.  RSVP Cryptographic Authentication , 2000, RFC.

[13]  Roch Guérin,et al.  A Framework for Policy-based Admission Control , 2000, RFC.