Abstract
The current architecture of the Internet where anyone can send anything to anybody presents many problems. The recipient of the connection might be using a mobile access network and thus unwanted incoming connections could produce a high cost to the recipient. In addition, denial of service attacks are easy to launch. As a solution to this problem, we propose the Recipient Controlled Session Management Protocol where all incoming connections are denied by the default and the recipient of the connection can choose using certificates what incoming connections are allowed. The recipient can also revoke rights for making an incoming connection at any time.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adkins, D., Lakshminarayanan, K., Perrig, A., Stoica, I.: Towards a more functional and secure network infrastructure. Technical Report UCB/CSD-03-1232, Computer Science Division (EECS), University of California, Berkely, USA (2003)
Anderson, T., Roscoe, T., Wetherall, D.: Preventing Internet Denial-of-Service with Capabilities. In: ACM SIGCOMM Computer Communications Review, pp. 39–44 (2004)
Candolin, C.: Securing Military Decision Making In a Network-centric Environment. Doctoral dissertation, Espoo (2005)
Gaubatz, G., Kaps, J., Öztürk, E., Sunar, B.: State of the Art in Ultra-Low Power Public Key Cryptography for Wireless Sensor Networks. In: proceedings of the third International Conference on Pervasive Computing and Communications Workshops, Hawaii, USA (March 2005)
Goodman, J., Chandrakasan, A.: An Energy-Efficient Reconfigurable Public-Key Cryptography Processor. IEEE Journal of Solid-State Circuits 36(11), 1808–1820 (2001)
Gribble, S.D., Brewer, E.A., Hellerstein, J.M., Culler, D.: Scalable, Distributed Data Structures for Internet Service Construction. In: Proceedings of the 4th Symposium on Operating System Design and Implementation (OSDI 2000), pp. 319–332 (2000)
Hildrum, K., Kubiatowicz, J.D., Rao, S., Zhao, B.Y.: Distributed Object Location in a Dynamic Network. In: Proceedings of the 14th ACM Symposium on Parallel Algorithms and Architectures (SPAA 2002), pp. 41–52 (2002)
Johnson, D., Perkins, C., Arkko, J.: Mobility Support in IPv6. The Internet Society, Network Working Group, Request for Comments: 3775 (2004)
Kobliz, N.: Elliptic Curve Cryptosystems. Mathematics of Computation 48, 203–209 (1987)
Lunberg, J.: Packet level authentication protocol implementation. In: Military Ad Hoc Networks, vol. 1(19), Helsinki (2004)
Lutz, J., Hasan, A.: High Performance FPGA based Elliptic Curve Cryptographic Co-Processor. In: Proceedings of the International Conference on Information Technology: Coding and Computing, ITCC 2004, Las Vegas, USA (April 2004)
Miller, V.: Use of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, Springer, Heidelberg (1986)
Moskowitz, R., Nikander, P.: Host Identity Protocol. Internet draft, work in progress (June 2006)
Nikander, P., Arkko, J., Ohlman, B.: Host Identity Indirection Infrastructure (Hi3). In: proceedings of the Second Swedish National Computer Networking Workshop, Karlstad, Sweden (November 2004)
Packet level authentication [online] [Accessed 10 October 2006], Available from: http://www.tcs.hut.fi/Software/PLA/
Rosenberg, J., et al.: SIP: Session Initiation Protocol. The Internet Society, Network Working Group, Request for Comments: 3261 (2002)
Satoh, A., Takano, K.: A Scalable Dual-Field Elliptic Curve Cryptographic Processor. IEEE Transactions on Computers 52(4), 449–460 (2003)
Stoica, I., Adkins, D., Zhuang, S., Shenker, S., Sunara, S.: Internet Indirection Infrastructure. In: Proceedings of ACM SIGCOMM 2002, Pittsburgh, USA (August 2002)
Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H.: Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications. In: Proceedings of the ACM SIGCOMM 2001, pp. 149–160 (2001)
Yaar, A., Perrig, A., Song, D.: SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks. In: proceedings of the 2004 IEEE Symposium on Security and Privacy, Oakland, USA (May 2004)
Ylitalo, J., Nikander, P.: BLIND: A Complete Identity Protection Framework for End-points. In: proceedings of the Twelfth International Workshop on Security Protocols, Cambridge, UK (April 2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lagutin, D., Kari, H.H. (2007). Controlling Incoming Connections Using Certificates and Distributed Hash Tables. In: Koucheryavy, Y., Harju, J., Sayenko, A. (eds) Next Generation Teletraffic and Wired/Wireless Advanced Networking. NEW2AN 2007. Lecture Notes in Computer Science, vol 4712. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74833-5_38
Download citation
DOI: https://doi.org/10.1007/978-3-540-74833-5_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74832-8
Online ISBN: 978-3-540-74833-5
eBook Packages: Computer ScienceComputer Science (R0)