Hop Integrity in the Internet introduces a new security defense, hop
integrity, that can be used against denial-of-service attacks in the
Internet. If a message that is part of a denial-of-service attack is
originated by an adversarial host in the Internet and if the message
header includes a wrong address for the originating host (in order to
hide the true source of the attack), then the message will be classified
as modified or replayed and will be discarded by the first router that
receives the message in the Internet.
A suite of protocols for providing hop integrity in the Internet is
discussed in great detail. In particular, each protocol in the suite is
specified and verified using an abstract and formal notation called the
Secure Protocol Notation. The protocols include:
- Secure address resolution
- Weak hop integrity
- Strong hop integrity using soft sequence numbers
- Strong hop integrity using hard sequence numbers
Other benefits of hop integrity extend to secure routing, mobile IP, and
IP multicast.