Examining Key Mobility Resources through Denial of Service Attacks on proposed Global Name Resolution Services

Abstract

The problem we address in this thesis is to uncover the design elements in a network architecture design that may open it up to denial of service (DoS) attacks and to expose the tradeoffs in mitigating those DoS opportunities. We take as our candidate network architecture design the Future Internet Architecture project MobilityFirst. MobilityFirst's overarching goal, driven by increasingly available wireless communication, is the support of mobility in an Internet architecture. At its core, MobilityFirst separates identification from location, as distinct from the current Internet architecture, and postulates the existence of globally unique, flat identifiers. In order to support mobility in this context, it also postulates a global name resolution service (GNRS). In this thesis we examine three alternative designs for the GNRS and the opportunities they expose for DoS attacks. We consider each one in depth analytically. As an example, we then study one particular attack in depth and are forced to conclude that approaches to mitigating this attack would have significant negative impact on the support of mobility thus exposing the dilemma in such system design tradeoffs.