Resistance against brute-force attacks on stateless forwarding in information centric networking

TL;DR

This paper introduces a new stateless forwarding method for ICN that enhances security against brute-force attacks by enabling nodes to verify packet authorization, significantly reducing DDoS risks.

Contribution

A novel forwarding approach that combines Bloom filter-based forwarding with stateless verification to prevent brute-force attacks in ICN.

Findings

The proposed method is highly resistant to brute-force attacks.

Analytical probability analysis confirms robustness of the approach.

Maintains the efficiency benefits of Bloom filter forwarding.

Abstract

Line Speed Publish/Subscribe Inter-networking (LIPSIN) is one of the proposed forwarding mechanisms in Information Centric Networking (ICN). It is a stateless source-routing approach based on Bloom filters. However, it has been shown that LIPSIN is vulnerable to brute-force attacks which may lead to distributed denial-of-service (DDoS) attacks and unsolicited messages. In this work, we propose a new forwarding approach that maintains the advantages of Bloom filter based forwarding while allowing forwarding nodes to statelessly verify if packets have been previously authorized, thus preventing attacks on the forwarding mechanism. Analysis of the probability of attack, derived analytically, demonstrates that the technique is highly-resistant to brute-force attacks.