Information Technology Reference
In-Depth Information
Authentication of Anycast Communication
Mohamed Al-Ibrahim
1
and Anton Cerny
2
1
Center for Advanced Computing, Computing Department
Macquaire University, Sydney , NSW 2109, Australia
ibrahim@ieee.org
2
Department of Mathematics and Computer Science
Kuwait University, P.O. Box 5969, Safat 13060, Kuwait
cerny@mcs.kuniv.edu.kw
Abstract.
Anycast is a communication mode in which the same address
is assigned to a group of servers and a request sent for a service is routed
to the “best” server. The measure of best could be the number of hops,
available bandwidth, load of the server, or any other measure. With
this scenario, any host could advertise itself as anycast server in order
to launch denial-of-service attack or provide false information. In this
paper, we solve this problem by proposing an authentication scheme for
anycast communication.
Keywords:
Anycast, authentication, proxy signature.
1
Introduction
The Internet is increasingly being viewed as providing services, and not just con-
nectivity. As this view became more prevalent, the important considerations in
the provision of such services is reliability and availability of the services to meet
the demands of a large number of users; this is often referred to as scalability of
the service. There are many approaches for improving the scalability of a service,
but the common one is to replicate the servers. Server replication is the key ap-
proach for maintaining user-perceived quality of service within a geographically
wide-spread network. This is empowered by the underlining network infrastruc-
ture known as
anycast communication
. The anycasting communication paradigm
is designed to support server replication by allowing applications to easily select
and communicate with the best server, according to some performance policy
criteria, in a group of content-equivalent servers.
With regard to the above description of anycast communication, the system
has the potential for a number of security threats. In general, there are at least
two security issues in anycasting, which are mainly related to authentication.
First, it is clear that malevolent hosts could volunteer to serve an anycast address
and divert anycast datagrams from legitimate servers to themselves. Second,
eavesdropping hosts could reply to anycast queries with inaccurate information.
Since there is no way to verify membership in an anycast address, there is no
way to detect that the eavesdropping host is not serving the anycast address to
