Title: Modelling and simulations for Identity-Based Privacy-Protected Access Control Filter (IPACF) capability to resist massive denial of service attacks

Authors: Chwan-Hwa 'John' Wu, Tong Liu, Chun-Ching 'Andy' Huang, J. David Irwin

Addresses: Department of Electrical and Computer Engineering, Auburn University, Auburn, AL 36849, USA. ' Department of Electrical and Computer Engineering, Auburn University, Auburn, AL 36849, USA. ' Department of Electrical and Computer Engineering, Auburn University, Auburn, AL 36849, USA. ' Department of Electrical and Computer Engineering, Auburn University, Auburn, AL 36849, USA

Abstract: Denial of Service (DoS)/Distributed DoS (DDoS) attack is an eminent threat to an Authentication Server (AS), which is used to guard access to firewalls, virtual private networks and resources connected by wired/wireless networks. In this paper, a new protocol called Identity-Based Privacy-Protected Access Control Filter (IPACF) is proposed to counter DoS/DDoS attacks. The IPACF is stateless for both user and AS since a user and responder must authenticate each other. The value and identity for authentication are changed in every frame. Thus, the privacy of both user and server is protected. The performance of the implementation is reported in this paper. In order to counter more DoS/DDoS attacks that issue fake requests, parallel processing technique is used to implement the AS. The performance comparison of dual server and single server is also reported. To study the capability of IPACF when facing massive DDoS attacks, simulations using OPNET for a network consisting of 1000 nodes with 10 Gbps pipe to the AS are carried out. The simulations show that the performance of AS has very little degradation in terms of packet latency and CPU utilisation for users. Queueing models are used to compare simulations and agreement between models and simulations is acceptable.

Keywords: network security; distributed DoS; DDoS; privacy; simulation; modelling; denial of service attacks; identity-based privacy-protected access control filter; IPACF; authentication servers; packet latency.

DOI: 10.1504/IJICS.2009.028813

International Journal of Information and Computer Security, 2009 Vol.3 No.2, pp.195 - 223

Available online: 03 Oct 2009 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article