Denial of Service Protection for Optimized and QoS-aware Handover Based on Localized Cookies

Quality of Service (QoS) mechanisms in net- works supporting mobile Internet communications give rise to new threats: these mechanisms could be abused by malicious entities launching so-called Denial of Service (DoS) attacks. If the network can not efficiently check the credibility of a QoS-request during a handover process, malicious entities could flood the network with bogus QoS- requests; if the authentication check is performed by means of an AAA protocol before the access network commits its resources to the request, the authentication process may not only introduce a notable latency to the handover pro- cess, but also generate an extensive traffic which degrades the signaling capacity in the network when there are a con- siderable amount of malicious requests. In order to de- fend against these kinds of attacks and meet the low-latency micro-mobility handover requirement, we 1 propose to have a preliminary authentication check with a cookie-based mechanism before processing the requests and performing authentication and authorization. The performance evalu- ation shows that the cookie-based mechanism is efficient in dealing with the identified issues.