{"title":"一种基于链验证的轻量级可靠通信方法","authors":"Xuewei Feng, Jin Li","doi":"10.1109/ICSRS48664.2019.8987721","DOIUrl":null,"url":null,"abstract":"Compared with TCP, UDP is a lightweight transport layer protocol, providing concise and efficient services for the upper applications, e.g., DNS, DHCP, and SNMP. However, UDP is unreliable, Considerable exploits against UDP-based applications have been discovered in recent years, e.g., DNS cache poisoning, and traffic interception. The essence of these exploits is to inject a malicious UDP segment into the benign data stream, thus poisoning the upper application. After analyzing the typical threats to UDP protocol, we propose a reliable lightweight communication method in this paper, which can verify all segments in a UDP session and mitigate the injection of forged segments from a malicious attacker. The method strengthens the checksum mechanism in UDP protocol and introduces only a few modifications to the UDP specification of end-hosts, without any modification to network devices, i.e., routers or switches. The method preserves the strength of lightweight while improving the reliability of UDP. We implemented the method in Linux 4.14, and the experimental results show that it can mitigate the typical threat to UDP-based applications effectively, meanwhile compared with native UDP, performance loss introduced by our method is less than 2% on average.","PeriodicalId":430931,"journal":{"name":"2019 4th International Conference on System Reliability and Safety (ICSRS)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Reliable Lightweight Communication Method via Chain Verification\",\"authors\":\"Xuewei Feng, Jin Li\",\"doi\":\"10.1109/ICSRS48664.2019.8987721\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Compared with TCP, UDP is a lightweight transport layer protocol, providing concise and efficient services for the upper applications, e.g., DNS, DHCP, and SNMP. However, UDP is unreliable, Considerable exploits against UDP-based applications have been discovered in recent years, e.g., DNS cache poisoning, and traffic interception. The essence of these exploits is to inject a malicious UDP segment into the benign data stream, thus poisoning the upper application. After analyzing the typical threats to UDP protocol, we propose a reliable lightweight communication method in this paper, which can verify all segments in a UDP session and mitigate the injection of forged segments from a malicious attacker. The method strengthens the checksum mechanism in UDP protocol and introduces only a few modifications to the UDP specification of end-hosts, without any modification to network devices, i.e., routers or switches. The method preserves the strength of lightweight while improving the reliability of UDP. We implemented the method in Linux 4.14, and the experimental results show that it can mitigate the typical threat to UDP-based applications effectively, meanwhile compared with native UDP, performance loss introduced by our method is less than 2% on average.\",\"PeriodicalId\":430931,\"journal\":{\"name\":\"2019 4th International Conference on System Reliability and Safety (ICSRS)\",\"volume\":\"27 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 4th International Conference on System Reliability and Safety (ICSRS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSRS48664.2019.8987721\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 4th International Conference on System Reliability and Safety (ICSRS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSRS48664.2019.8987721","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Reliable Lightweight Communication Method via Chain Verification
Compared with TCP, UDP is a lightweight transport layer protocol, providing concise and efficient services for the upper applications, e.g., DNS, DHCP, and SNMP. However, UDP is unreliable, Considerable exploits against UDP-based applications have been discovered in recent years, e.g., DNS cache poisoning, and traffic interception. The essence of these exploits is to inject a malicious UDP segment into the benign data stream, thus poisoning the upper application. After analyzing the typical threats to UDP protocol, we propose a reliable lightweight communication method in this paper, which can verify all segments in a UDP session and mitigate the injection of forged segments from a malicious attacker. The method strengthens the checksum mechanism in UDP protocol and introduces only a few modifications to the UDP specification of end-hosts, without any modification to network devices, i.e., routers or switches. The method preserves the strength of lightweight while improving the reliability of UDP. We implemented the method in Linux 4.14, and the experimental results show that it can mitigate the typical threat to UDP-based applications effectively, meanwhile compared with native UDP, performance loss introduced by our method is less than 2% on average.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
