TY - GEN
T1 - Lightweight opportunistic tunneling (LOT)
AU - Gilad, Yossi
AU - Herzberg, Amir
PY - 2009
Y1 - 2009
N2 - We present LOT, a lightweight 'plug and play' tunneling protocol installed (only) at edge gateways. Two communicating gateways A and B running LOT would automatically and securely establish efficient tunnel, encapsulating packets sent between them. This allows B to discard packets which use A's network addresses but were not sent via A (i.e. are spoofed) and vice verse. LOT is practical: it is easy to manage ('plug and play', no coordination between gateways), deployed incrementally and only at edge gateways (no change to core routers or hosts), and has negligible overhead in terms of bandwidth and processing, as we validate by experiments on a prototype implementation. LOT storage requirements are also modest. LOT can be used alone, providing protection against blind (spoofing) attackers, or to opportunistically setup IPsec tunnels, providing protection against Man In The Middle (MITM) attackers.
AB - We present LOT, a lightweight 'plug and play' tunneling protocol installed (only) at edge gateways. Two communicating gateways A and B running LOT would automatically and securely establish efficient tunnel, encapsulating packets sent between them. This allows B to discard packets which use A's network addresses but were not sent via A (i.e. are spoofed) and vice verse. LOT is practical: it is easy to manage ('plug and play', no coordination between gateways), deployed incrementally and only at edge gateways (no change to core routers or hosts), and has negligible overhead in terms of bandwidth and processing, as we validate by experiments on a prototype implementation. LOT storage requirements are also modest. LOT can be used alone, providing protection against blind (spoofing) attackers, or to opportunistically setup IPsec tunnels, providing protection against Man In The Middle (MITM) attackers.
UR - http://www.scopus.com/inward/record.url?scp=70350365519&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-04444-1_7
DO - 10.1007/978-3-642-04444-1_7
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:70350365519
SN - 3642044433
SN - 9783642044434
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 104
EP - 119
BT - Computer Security - ESORICS 2009 - 14th European Symposium on Research in Computer Security, Proceedings
T2 - 14th European Symposium on Research in Computer Security, ESORICS 2009
Y2 - 21 September 2009 through 23 September 2009
ER -