• DocumentCode
    2899764
  • Title

    Towards a Denial-of-Service Resilient Design of Complex IPsec Overlays

  • Author

    Brinkmeier, Michael ; Rossberg, Michael ; Schaefer, Guenter

  • Author_Institution
    Tech. Univ. Ilmenau, Ilmenau, Germany
  • fYear
    2009
  • fDate
    14-18 June 2009
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    By monitoring the exchanged IPsec traffic an adversary can usually easily discover the layout of virtual private networks (VPNs). Of even worse extend is the disclosure if compromised IPsec gateways are considered, for example in remote environments. This revelation enables attackers to identify vital components and may allow him to compromise the availability of the overall infrastructure by launching well-targeted denial-of-service (DoS) attacks against them. In this article we present a formal model to analyze the resilience of VPN infrastructures against DoS attacks, to estimate the impact of compromised gateways, and to formalize the planning process of more resilient infrastructures.
  • Keywords
    IP networks; internetworking; telecommunication security; telecommunication traffic; virtual private networks; DoS attacks; IPsec gateways; IPsec overlays; IPsec traffic monitoring; denial-of-service resilient design; virtual private networks; Communications Society; Computer crime; IP networks; Network topology; Protection; Quality of service; Remote monitoring; Resilience; Telecommunication traffic; Virtual private networks;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communications, 2009. ICC '09. IEEE International Conference on
  • Conference_Location
    Dresden
  • ISSN
    1938-1883
  • Print_ISBN
    978-1-4244-3435-0
  • Electronic_ISBN
    1938-1883
  • Type

    conf

  • DOI
    10.1109/ICC.2009.5199533
  • Filename
    5199533
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2899764