PBS: Signaling Architecture for Network Traffic Authorization

Se Gi Hong; Henning G. Schulzrinne; Swen Weiland

PBS: Signaling Architecture for Network Traffic Authorization
Hong, Se Gi
Schulzrinne, Henning G.
Weiland, Swen
Technical reports
Computer Science
Permanent URL:
Columbia University Computer Science Technical Reports
Part Number:
Department of Computer Science, Columbia University
Publisher Location:
New York
We present a signaling architecture for network traffic authorization, Permission-Based Sending (PBS). This architecture aims to prevent Denial-of-Service (DoS) attacks and other forms of unauthorized traffic. Towards this goal, PBS takes a hybrid approach: a proactive approach of explicit permissions and a reactive approach of monitoring and countering attacks. On-path signaling is used to configure the permission state stored in routers for a data flow. The signaling approach enables easy installation and management of the permission state, and its use of soft-state improves robustness of the system. For secure permission state setup, PBS provides security for signaling in two ways: signaling messages are encrypted end-to-end using public key encryption and TLS provides hop-by-hop encryption of signaling paths. In addition, PBS uses IPsec for data packet authentication. Our analysis and performance evaluation show that PBS is an effective and scalable solution for preventing various kinds of attack scenarios, including Byzantine attacks.
Computer science
Item views:
text | xml
Suggested Citation:
Se Gi Hong, Henning G. Schulzrinne, Swen Weiland, 2009, PBS: Signaling Architecture for Network Traffic Authorization, Columbia University Academic Commons, http://hdl.handle.net/10022/AC:P:9317.

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries | Terms of Use | Copyright