Towards Loop-Free Forwarding of Anonymous Internet Datagrams that Enforce Provenance

TL;DR

This paper introduces PEAR, a novel approach for anonymous Internet datagram forwarding that enhances privacy, prevents looping, and mitigates DDoS attacks by enforcing provenance and eliminating reliance on source addresses.

Contribution

PEAR provides a new forwarding method that ensures datagram anonymity, enforces provenance, and prevents loops even with routing-table inconsistencies, improving security and privacy.

Findings

PEAR effectively prevents datagram loops in the Internet.

The approach reduces vulnerability to DDoS attacks.

PEAR enhances privacy by enabling anonymous forwarding.

Abstract

The way in which addressing and forwarding are implemented in the Internet constitutes one of its biggest privacy and security challenges. The fact that source addresses in Internet datagrams cannot be trusted makes the IP Internet inherently vulnerable to DoS and DDoS attacks. The Internet forwarding plane is open to attacks to the privacy of datagram sources, because source addresses in Internet datagrams have global scope. The fact an Internet datagrams are forwarded based solely on the destination addresses stated in datagram headers and the next hops stored in the forwarding information bases (FIB) of relaying routers allows Internet datagrams to traverse loops, which wastes resources and leaves the Internet open to further attacks. We introduce PEAR (Provenance Enforcement through Addressing and Routing), a new approach for addressing and forwarding of Internet datagrams that enables anonymous forwarding of Internet datagrams, eliminates many of the existing DDoS attacks on the IP Internet, and prevents Internet datagrams from looping, even in the presence of routing-table loops.