Title :
Design of secure Diffserv ingress edge routers
Author :
Yang Xiao ; Guangzhi Qu ; Kiseon Kim
Author_Institution :
Inst. of Inf. & Sci., Beijing Jiaotong Univ., Beijing, China
Abstract :
Classical Differentiated Service (DiffServ) routers have not considered the security problem in their designs, generally, they have no ability to countering Denial of Service (DoS ) attacks because of their simple system structures. DoS attacks against DiffServ clients are more targeted and require less attack bandwidth than current attacks for classical DiffServ routers due to the per-client and per-class bandwidth limitations, since they must be imposed to ensure QoS guarantees. To solve the problem, in this paper, we present the design of new ingress DiffServ edge router(IDER) for defeating DoS attacks on DiffServ clients. The classifier and access control model of ingress DiffServ edge routers(IDERs) secure the Quality of Service (QoS) by policing traffics and limiting the data rate and access number of traffics, and distinguish the traffics with higher priorities from malicious traffics. The algorithms of secure TCP AQM and UDP AQM are derived from two fluid models. The network behaviors of proposed secure IDERs have been simulated by several to two fluid models with the traffic policing.
Keywords :
IP networks; computer network security; quality of service; telecommunication congestion control; transport protocols; Differentiated Service routers; DoS attacks; QoS guarantees; UDP AQM; bandwidth limitations; denial of service; edge routers; ingress DiffServ edge router; quality of service; secure Diffserv; secure TCP AQM; congestion control; control protocol; edge routers; hybrid traffics; network security; stability;
Conference_Titel :
Wireless, Mobile and Multimedia Networks (ICWMNN 2010), IET 3rd International Conference on
Conference_Location :
Beijing
DOI :
10.1049/cp.2010.0617
