Reviewer: Sailesh Kumar
Date: 11-3-2005
How would you rate this paper, relative to others we have read? top 25%, but not top 10%
How would you rate your kowledge of the topic of this paper? familiar, but not expert
What problem or issue does the paper address? Why is it important?
This paper is trying the address the prevalent issue of DDOS attacks in today's Internet. The proposed architecture is claimed to be incrementally deployable and at the same time quite effective in limiting the impact of full range of DOS attacts types. The simulations which were performed using modified Linux kerlens running on Gigabit links suggets the effectiveness of the proposed scheme. Limiting DDOS attacks is quite important in todays internet considering the rate of DOS attacks and its impact. In fact the importance of this problem has led to several proposals, and authors have done a good job of introducing most of them and also analyzing them relative to their proposed TVA architecture.
What are the main contributions of the paper and why are they important?
The main contribution of this paper is more detailed design and analysis of the earlier capabilities based DOS-limiting scheme (proposed by the same authors). In this paper, their improved design can address a broader set of possible attacks and at the same time requires little modification in the existing network infrastructure. In fact the significant modifications are required only at the trust boundaries, like network access points, and links connecting different ISPs. However, authors also claims that such modifications are required at the congested links, which seems little ambiguous because congested links in a complex network are not static.
How significant are these contributions relative to previous work?
The TVA DOS-limiting architecture makes significant improvements over earlier proposals because it uses capabilities, which cuts to the heart of the DOS problem because they allow destinations to decide which packets they want to receive. As far as earlier work goes, most of them can be categorized as some form of packet filters implemented at either the access points or at various routers. However, implementation of effective filters are not trivial, in fact such filters can drop the legitimate traffic as well. Furthermore, attackers can forge packet headers such that the filters won't be able to discriminate between them and legitimate traffic. Another thread of DOS limiting architecture uses some sort of authentication methos where hosts are authenticated before they are allowed to send traffic. However, unless an automated and fast authentication method is devised, such proposals will fall on their face considering the dynamics and reach of todays Internet. TVA in one form can be viewed as an automated authentticating method, which is quite dynamic.
Give detailed comments justifying your view of the paper.
This papers extends the idea of capabilities based network architecture proposed earlier by the same authors. Capabilities are some kind of signature which is carried by every packet except the first request packet. Every packet other than the first request packet must carry the authenticated capability (provided by the receiver) to get through the network. Authors have also proposed and designed the packet headers to carry this information. Then in order to limit the possibility of request packet flooding, authors proposes that request packets can be rate limited at every node (or at least the access point) because in general request traffic is less than 2.5% of the total traffic. The idea seems to be quite effective, however, there are some concerns which I am listing below. 1. Implementation of TVA clearly requires modification in the existing network and routers. Infact, modifications are also needed at the end host software stack. 2. Then there are concerns about legacy traffic. Authors assume that legacy traffic will be given the least priority which in my opinion doesn't make a lot of sense. 3. The scenario of changing routes hasn't been effectively addressed by the authors. 4. The simulation environment in which TVA is prototyped seems to be quite naive. Linux boxed running on commodity hardware were used as the network (both hosts and routers).