Master of Sciences, Case Western Reserve University, 2012, EECS - Computer and Information Sciences

In the current Internet architecture, traffic is commonly routed to its destination using DNS names that are mapped to IP addresses, yet there are no inherent means for receivers to attribute sources of traffic to senders or for receivers to authorize senders. These deficiencies leave the Internet and its connected hosts vulnerable to a wide range of attacks including denial-of-service and misrepresentation (spoofing, phishing, etc.) which continue to cause material damage. Rabinovich and Spatscheck have proposed a mechanism to combat these vulnerabilities by introducing attribution and authorization into the network using a transient addressing scheme to establish attribution through DNS, establish authorization at the host, and enforce authorization and attribution in the network. In this work, we develop and characterize a system for effecting in-network enforcement at the router, and we demonstrate that enforcement is possible on current commodity hardware at sustained throughput rates well above common Internet connection rates.

Committee: Michael Rabinovich PhD (Committee Chair); Z. Meral Ozsoyoglu PhD (Committee Member); Vincenzo Liberatore PhD (Committee Member) Subjects: Computer Science