On the resistance of overlay networks against bandwidth exhaustion attacks

In order to perform private communication over public networks, such as the Internet, several different kinds of virtual overlay networks emerged. Examples are the well known Virtual Private Networks (VPN), Darknets, and anonymizing networks like Tor. All of these networks are designed to provide data delivery that is confidential, authentic and integrity protected. Nonetheless, for a secure operation also the availability must be taken into account, especially as these structures turn into vital targets for Denial-of-Service (DoS) attacks. Within this article we present metrics to rate different network topologies with regard to their resistance against botnets, whose available attack bandwidth is not a limiting factor. The presented metrics consider random, greedy, and optimally operating attackers, and are used to derive several properties that very resilient overlay topologies must have. In particular high girth and a low constant node degree were identified and validated by simulations. Franz Girlich Ilmenau University of Technology Tel.: +49-3677-694157 Fax: +49-3677-694540 E-mail: [email protected] Michael Rossberg Ilmenau University of Technology E-mail: [email protected] Guenter Schaefer Ilmenau University of Technology E-mail: [email protected]