[Main] [News] [Introduction] [Background] [Design goals] [Architecture] [Crypto]
[Performance] [Applications] [Download] [Publications] [Contact] [Links]

Packet Level Authentication (PLA): Applications

Protecting network infrastructure

With PLA every node can independently verify the authenticity of every packet. Packets which are modified, duplicated or delayed can be detected and discarded immediately before they can cause a significant damage to the rest of the network.

Since an information for calculating sender's public key is included in every packet, routers can block traffic from malicious nodes, preventing them from flooding the network.

Controlling incoming connections

A method for controlling incoming connections utilizing PLA is described here.

The main idea is to move the control of the connection from the initiator to the recipient of the connection. The recipient would explicitly authorize trusted initiators to create incoming connections to itself using certificates. Therefore, unnecessary connections will be blocked before they reach the recipient's access network and can consume its resources. Such a system would also protect the recipient and recipient's access network from denial of service attacks. In such system, PLA is necessary to ensure that the traffic to the recipient is really coming from trusted initiators.

Billing purposes

Timestamp and sequence number fields in the PLA header can be utilized for various billing purposes. Since the sequence number of the packet increases monotonically, it can be used for per-packet billing. If the sequence number is increased by the size of the packet, per-traffic billing would also be possible.

A timestamp which is present in the PLA header could be utilized to create time-dependent tariffs. For example, the operator could offer cheaper bandwidth at night time when overall traffic usage is low.

[TCS main] [Contact Info] [Personnel] [Research] [Publications] [Software] [Studies] [News Archive] [Links]
Latest update: 30 April 2008.