Denial of Service Protection for Optimized and QoS-aware Handover Based on Localized Cookies

Quality of Service (QoS) mechanisms in networks supporting mobile Internet communications give rise to new threats: these mechanisms could be abused by malicious entities launching so-called Denial of Service (DoS) attacks. If the network can not efficiently check the credibility of a QoS-request during a handover process, malicious entities could flood the network with bogus QoSrequests; if the authentication check is performed by means of an AAA protocol before the access network commits its resources to the request, the authentication process may not only introduce a notable latency to the handover process, but also generate an extensive traffic which degrades the signaling capacity in the network when there are a considerable amount of malicious requests. In order to defend against these kinds of attacks and meet the low-latency micro-mobility handover requirement, we propose to have a preliminary authentication check with a cookie-based mechanism before processing the requests and performing authentication and authorization. The performance evaluation shows that the cookie-based mechanism is efficient in dealing with the identified issues.