Lightweight opportunistic tunneling (LOT)

Yossi Gilad*, Amir Herzberg

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Scopus citations

Abstract

We present LOT, a lightweight 'plug and play' tunneling protocol installed (only) at edge gateways. Two communicating gateways A and B running LOT would automatically and securely establish efficient tunnel, encapsulating packets sent between them. This allows B to discard packets which use A's network addresses but were not sent via A (i.e. are spoofed) and vice verse. LOT is practical: it is easy to manage ('plug and play', no coordination between gateways), deployed incrementally and only at edge gateways (no change to core routers or hosts), and has negligible overhead in terms of bandwidth and processing, as we validate by experiments on a prototype implementation. LOT storage requirements are also modest. LOT can be used alone, providing protection against blind (spoofing) attackers, or to opportunistically setup IPsec tunnels, providing protection against Man In The Middle (MITM) attackers.

Original languageAmerican English
Title of host publicationComputer Security - ESORICS 2009 - 14th European Symposium on Research in Computer Security, Proceedings
Pages104-119
Number of pages16
DOIs
StatePublished - 2009
Externally publishedYes
Event14th European Symposium on Research in Computer Security, ESORICS 2009 - Saint-Malo, France
Duration: 21 Sep 200923 Sep 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5789 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference14th European Symposium on Research in Computer Security, ESORICS 2009
Country/TerritoryFrance
CitySaint-Malo
Period21/09/0923/09/09

Fingerprint

Dive into the research topics of 'Lightweight opportunistic tunneling (LOT)'. Together they form a unique fingerprint.

Cite this