PISKES: Pervasive Internet-Scale Key Establishment System

Thu 07Dec2017

Benjamin Rothenberger, ETH Zurich

From 12.00 until 13.30

At CNB/F/110 (Lunch) + CNB/F/100.9 (Seminar), ETH Zurich

Universitätstrasse 6, 8092 Zurich


IP address spoofing allows large-scale Distributed Denial of Service (DDoS) reflection attacks. In these attacks, an adversary sends the initial packet of a communication protocol to a reflector, without performing a full handshake. An efficient first-packet authentication system can mitigate such attacks. This work presents the design, implementation, analysis, and experimental evaluation of PISKES, an efficient first-packet authentication system, that scales to Internet-wide deployment and is based on symmetric cryptography for authentication and verification. In PISKES, latency-critical operations are moved to the client side, whereas a victim server can efficiently verify source authenticity. We show the effectiveness and scalability of our system through a prototype implementation that is able to verify a packet within 85 ns. 

Download Event to Calendar