High-Performance Capabilities for 1-Hop Containment of Network Attacks

Capabilities-based networks present a fundamental shift in the security design of network architectures. Instead of permitting the transmission of packets from any source to any destination, routers deny forwarding by default. For a successful transmission, packets need to positively identify themselves and their permissions to the router. A major challenge for a high-performance implementation of such a network is an efficient design of the credentials that are carried in the packet and the verification procedure on the router. We present a capabilities system that uses packet credentials based on Bloom filters. The credentials are of fixed length (independent of the number of routers that are traversed by the packet) and can be verified by routers with a few simple operations. This high-performance design of capabilities makes it feasible that traffic is verified on every router in the network, and most attack traffic can be contained within a single hop. We present an analysis of our design and a practical protocol implementation that can effectively limit unauthorized traffic with only a small per-packet overhead.