On the Security of In-Packet Bloom-Filter Forwarding

Multicast protocols traditionally require that routers store information about the delivery trees. Recently, source-routed in-packet Bloom-filter (iBF) based multicast has been proposed as a remedy to this: instead of storing state in the network, the delivery tree is encoded in the packet itself using a Bloom filter. The packets are then forwarded based on the in-packet information instead of requiring that per-delivery tree state is stored in the network. It is believed that moving the state from the network to the packets makes Internet-wide multicast feasible. In-packet Bloom filter (iBF) forwarding has also been advocated as a secure forwarding solution. It is, for example, believed that the architecture makes it impossible to send traffic to a receiver who has not explicitly allowed traffic from the particular source. This has led to claims that iBF forwarding would be inherently secure to distributed denial of service attacks. The security of iBF forwarding, however, has not yet been studied and these claims have not yet been proven. This thesis takes the first steps in the security analysis of iBF forwarding. The goal is twofold: (1) to find out what information a malicious entity controlling a botnet can get about the network, and (2) to determine how this knowledge could be used to launch attacks against availability of some network node. The analysis is done using analytical methods and high level simulations. The main result of this thesis is to show that the security of iBF forwarding has been exaggerated in the literature: iBF forwarding does not have inherent protection against DDoS attacks. The thesis formulates attacks that allow an attacker controlling a botnet to send unsolicited traffic to the intended target. It is also shown that the security mechanisms proposed for iBF forwarding do not give full protection against these attacks. While this does not mean that iBF forwarding is fundamentally insecure, the found attacks reveal that there is a true need for further security research of iBF forwarding. Acknowledgements I am grateful to Tuomas Aura for providing the funding for this thesis. I sincerely hope that the investment turned out to be worth it. I want to thank both my supervisor Tuomas Aura and my instructor Mikko Särelä for all the time, advice, and feedback they gave me. Their guidance truly helped me in this process. Finally, I would like to thank Peter Sjödin whose comments helped improving the thesis. A x …