Enabling z-Filter updates for self-routing denial-of-service resistant capabilities

Abstract

Secure in-packet Bloom filters is an approach used to securely forward source routing packets with small forwarding tables making the forwarding fabric resistant to unauthorized traffic. This resistance can be achieved by dynamically computing the link identifiers on the base of the packet content such as path in-out interfaces and keys of forwarding nodes using a cryptographic function. In this paper we extend a recent work to secure the data plane (i.e. forwarding layer) in Information-Centric Networks (ICN) for long lived flows and analyze the scalability of the Topology Manager function in terms of z-Filters creation and the number of required z-Filter updates.