authors
- REVIRIEGO VASALLO, PEDRO
- LARRABEITI LOPEZ, DAVID
Denial of service attack on cuckoo filter based networking systems
Articles
Overview
published in
- IEEE COMMUNICATIONS LETTERS Journal
publication date
- July 2020
start page
- 1428
end page
- 1432
issue
- 7
volume
- 24
Digital Object Identifier (DOI)
International Standard Serial Number (ISSN)
- 1089-7798
Electronic International Standard Serial Number (EISSN)
- 1558-2558
abstract
- Approximate membership check structures, such as Bloom filters or cuckoo filters, are widely used in Networking systems to speed up processing. Filters are beneficial as packets can be quickly examined to determine if further processing has to be done. This enables faster and more efficient processing that is needed to cope with the ever increasing traffic. Security is also becoming a critical issue for networked systems as we increasingly depend on them for most of our daily life tasks. Recently, the security of Bloom filters has been studied showing that depending on their implementation they may be vulnerable to attacks that degrade the false positive rate or that create false positives for certain elements. In this letter, the vulnerability of cuckoo filters is considered by first showing that an attacker can collapse the filter effectively disabling it by forcing insertion failures. This can be done with no knowledge of the implementation details. Then, in the second part of the letter, several techniques that could be used to mitigate such attacks are discussed.
Classification
keywords
- denial of service; security; cuckoo filters