Securing the Control-plane Channel and Cache of Pull-based ID/LOC Protocols
Abstract
Pull-based ID/LOC split protocols, such as LISP (RFC6830), retrieve mappings from a mapping system to encapsulate and forward packets. This is done by means of a control-plane channel. In this short paper we describe three attacks against this channel (Denial-of-Service and overflowing) as well as the against the local cache used to store such mappings. We also provide a solution against such attacks that implements a per-source rate-limiter using a Count-Min Sketch data-structure.
0
Turn this paper into a lesson
ArcXiv compiles a structured reading guide from this paper's metadata: plain-English importance, contributions, prerequisite concepts, which sections to read first, flashcards, and a quiz. Grounded in the abstract, never invented.