An Authentication Scheme to Defend Against UDP DrDoS Attacks in 5G Networks

5th generation wireless systems are coming. While we are excited about the delay-free high speeds 5G will bring, security problems are becoming more and more serious. Increasingly rampant Distributed Denial of service (DDoS) attacks, particularly Distributed Reflection Denial of Service (DrDoS) atta...

Full description

Saved in:
Bibliographic Details
Published inIEEE access Vol. 7; pp. 175970 - 175979
Main Authors Huang, Haiou, Hu, Liang, Chu, Jianfeng, Cheng, Xiaochun
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 2019
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
5G mobile communication
Authentication
Computer crime
Computing costs
Costs
Denial of service attacks
distributed reflection denial of service (DrDoS)
Filtering
IP networks
network time protocol (NTP)
Protocol (computers)
Protocols
Security
Servers
Systems stability
user datagram protocol (UDP)
Wireless networks
Online AccessGet full text

Cover

More Information
Summary:5th generation wireless systems are coming. While we are excited about the delay-free high speeds 5G will bring, security problems are becoming more and more serious. Increasingly rampant Distributed Denial of service (DDoS) attacks, particularly Distributed Reflection Denial of Service (DrDoS) attacks with User Datagram Protocols (UDPs) have developed into a global problem. This article presents a design, implementation, analysis, and experimental evaluation of an authentication scheme, a defense against UDP DrDoS attacks, by which attackers cleverly use rebound server farms to bounce a flood of packets to a target host. We call our solution IEWA because it combines the concepts of increasing expenses and weak authentication. In this paper, we apply IEWA to Network Time Protocol (NTP). First, we simulate and compare the original and improved protocols. Next, we verify the effectiveness of our proposed scheme. We show that our improved scheme is safer than the original scheme. Finally, we compare our solution with existing state-of-the-art schemes, using indicators such as communication overhead, server storage costs, client storage costs, computation costs of server and computation costs of client. We find that our scheme improves system stability and security, reduces communication overhead, server storage cost and computational costs. Our solution not only improves the NTP protocol to mitigate DrDoS attacks, but also strengthens other UDP protocols that are vulnerable to DrDoS attacks. Therefore, our solution can be used as a solution to UDP DrDoS attacks in 5G Networks.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2019.2957565