Securing the Control-plane Channel and Cache of Pull-based ID/LOC Protocols
Paul Almasan, Jordi Paillisse, Alberto Rodriguez-Natal, Pere, Barlet-Ros, Florin Coras, Vina Ermagan, Fabio Maino, Albert Cabellos-Aparicio
TL;DR
This paper identifies security vulnerabilities in pull-based ID/LOC protocols' control-plane channels and caches, demonstrating attacks and proposing a rate-limiting solution using Count-Min Sketch to enhance security.
Contribution
It introduces a novel security framework with a rate-limiting mechanism to protect control-plane channels and caches in pull-based ID/LOC protocols.
Findings
Identified three specific attacks on control-plane channels and caches.
Proposed a rate-limiting solution using Count-Min Sketch.
Demonstrated improved security against DoS and overflow attacks.
Abstract
Pull-based ID/LOC split protocols, such as LISP (RFC6830), retrieve mappings from a mapping system to encapsulate and forward packets. This is done by means of a control-plane channel. In this short paper we describe three attacks against this channel (Denial-of-Service and overflowing) as well as the against the local cache used to store such mappings. We also provide a solution against such attacks that implements a per-source rate-limiter using a Count-Min Sketch data-structure.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Data Storage Technologies · Peer-to-Peer Network Technologies · Network Packet Processing and Optimization