Hop integrity: a defense against denial-of-service attacks
A computer network is said to provide hop integrity iff the following three conditions hold for every pair of adjacent routers p and q in the network. First, p does not forward any message to q if q has not been up and reachable. Second, when q receives a message m supposedly from p, then q can check that m was not modified after it was sent. Third, when q receives a message m supposedly from p, then q can check that m was not a replay of an old message sent by p. In this dissertation, we propose three protocols that can be added to the routers in a computer network so that the network can provide hop integrity, and thus overcome most denial-of-service attacks. These three protocols are the secure address resolution protocol, the weak hop integrity protocol, and the strong hop integrity protocol. The secure address resolution protocol includes an inviteaccept protocol and a request-reply protocol, and requires a secure server connected to the Ethernet. The weak hop integrity protocol includes a secret exchange protocol and an integrity check protocol. The strong hop integrity protocol combines a soft sequence number protocol with the weak hop integrity protocol. We also present an alternative way to achieve strong hop integrity with hard sequence numbers. All the protocols are stateless, require small overhead, and do not constrain the network protocol in the routers in any way.