Modelling and simulations for Identity-Based Privacy-Protected Access Control Filter (IPACF) capability to resist massive denial of service attacks Online publication date: Sat, 03-Oct-2009
by Chwan-Hwa 'John' Wu, Tong Liu, Chun-Ching 'Andy' Huang, J. David Irwin
International Journal of Information and Computer Security (IJICS), Vol. 3, No. 2, 2009
Abstract: Denial of Service (DoS)/Distributed DoS (DDoS) attack is an eminent threat to an Authentication Server (AS), which is used to guard access to firewalls, virtual private networks and resources connected by wired/wireless networks. In this paper, a new protocol called Identity-Based Privacy-Protected Access Control Filter (IPACF) is proposed to counter DoS/DDoS attacks. The IPACF is stateless for both user and AS since a user and responder must authenticate each other. The value and identity for authentication are changed in every frame. Thus, the privacy of both user and server is protected.
The performance of the implementation is reported in this paper. In order to counter more DoS/DDoS attacks that issue fake requests, parallel processing technique is used to implement the AS. The performance comparison of dual server and single server is also reported. To study the capability of IPACF when facing massive DDoS attacks, simulations using OPNET for a network consisting of 1000 nodes with 10 Gbps pipe to the AS are carried out. The simulations show that the performance of AS has very little degradation in terms of packet latency and CPU utilisation for users. Queueing models are used to compare simulations and agreement between models and simulations is acceptable.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Information and Computer Security (IJICS):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook