Hop Integrity in the Internet introduces a new security defense, hop integrity, that can be used against denial-of-service attacks in the Internet. If a message that is part of a denial-of-service attack is originated by an adversarial host in the Internet and if the message header includes a wrong address for the originating host (in order to hide the true source of the attack), then the message will be classified as modified or replayed and will be discarded by the first router that receives the message in the Internet.
A suite of protocols for providing hop integrity in the Internet is discussed in great detail. In particular, each protocol in the suite is specified and verified using an abstract and formal notation called the Secure Protocol Notation. The protocols include:
- Secure address resolution
- Weak hop integrity
- Strong hop integrity using soft sequence numbers
- Strong hop integrity using hard sequence numbers
Other benefits of hop integrity extend to secure routing, mobile IP, and IP multicast.
A suite of protocols for providing hop integrity in the Internet is discussed in great detail. In particular, each protocol in the suite is specified and verified using an abstract and formal notation called the Secure Protocol Notation. The protocols include:
- Secure address resolution
- Weak hop integrity
- Strong hop integrity using soft sequence numbers
- Strong hop integrity using hard sequence numbers
Other benefits of hop integrity extend to secure routing, mobile IP, and IP multicast.