The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Mahesh Tripunitara - Purdue CERIAS

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

Thwarting Denial of Service Attacks against Communication Protocols with Backward Compatible Changes: A Case Study

Nov 19, 1999

Download: Video Icon MP4 Video Size: 220.6MB  
Watch on Youtube Watch on YouTube

Abstract

We will discuss a novel approach to building safeguards against denial of service attacks against communication protocols. Our approach involves changes to the relevant communication protocol subject to the following constraint: the protocol that results from the change must be backward compatible with the unchanged protocol. That is, an entity that employs the changed protocol must be able to communicate with an entity that employs the unchanged version.
We will look at a specific problem in this context. The problem involves a class of denial of service attacks against IP. The class is called ARP (Address Resolution Protocol) cache poisoning and involves an attacker introducing a spurious IP to Ethernet mapping in a victim's ARP cache. We will discuss the solution and some implementation aspects of it. Apart from being backward compatible, our solution has two favourable properties: it is implemented as middleware, and is asynchronous.

About the Speaker

Mahesh Tripunitara is a PhD student of computer science at Purdue, a member of CERIAS and an advisee of Prof. Gene Spafford. At dawn, he commutes 85 miles to campus, during the day, he dreams of graduation, and during the night he snoozes at his desk. He performed part of this work during a 9-month exile at AT&T Labs, 2500 miles away. Portions of this work will be presented at the upcoming Annual Computer Security Applications Conference (ACSAC\'99).


Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!