Joint work with Roger P. Karrer.

Distributed denial of service (DDoS) attacks are a big problem today. Here, typically a large number of trojaned computers together attack by sending traffic towards a traget. Some forms of attack aim at using up server resources, others aim at the network resources of the traget.

While the attack forms aiming at server resources can and should be dealt with at the end system, the attack variant aiming at the network resources should be handled where the focus of the attack is: the network itself.

Edge-based capabilities is our proposal to deal with the latter kind of attacks. It combines a network-based control element, which we call a gate with endpoint authentication. The gate is located at the network edge, i.e. where the very high bandwidth of the internet core drops to the much smaller bandwidth of the access network. The authentication is done using capabilities, typically a cryptographic key.

The name of the project stems from this combination of capabilities and edge-base control points.

For this work we were awarded the 3rd place of the 1st German award for IT security 2006. The ceremony took place on November 24, 2006 in Bochum at the Center for IT security. (Pictures of the ceremony).

Reports about our work and the award can be found online:

• Report at web site of Horst Görtz Foundation
• Report at web site of Deutsche Telekom AG (also in german)
• Report at Heise online
• Report at media|nrw