Abstract
The traditional mechanisms to traverse Network Address Translators (NAT) do not scale well to battery powered mobile-hosts: the majority of Internet users today. Private Realm Gateway (PRGW) aims to replace NATs at network edges and overcome the drawbacks of the NAT traversal mechanisms. The solution does not require changes in end-hosts or protocols, and hosts in the private realm can remain globally reachable without polling. PRGW handles incoming connections based on domain resolution of the served hosts. Incoming DNS queries create connection state in PRGW for subsequent packet forwarding. The connection state provides means for access control on the Internet-originated flows. This paper analyses the security of PRGW and introduces mechanisms that protect the served hosts and networks against Internet-borne attacks, in particular: address spoofing and Distributed Denial of Service (DDoS). The paper contributes to establish PRGW as an incrementally deployable network function that offers light-weight NAT traversal and protects the private realm against the inherent Internet threats.
| Original language | English |
|---|---|
| Title of host publication | 2016 IFIP Networking Conference (IFIP Networking) and Workshops, IFIP Networking 2016 |
| Publisher | IEEE |
| Pages | 243-251 |
| Number of pages | 9 |
| ISBN (Electronic) | 9783901882838 |
| DOIs | |
| Publication status | Published - 21 Jun 2016 |
| MoE publication type | A4 Conference publication |
| Event | IFIP Networking - Vienna, Austria Duration: 17 May 2016 → 19 May 2016 |
Conference
| Conference | IFIP Networking |
|---|---|
| Abbreviated title | NETWORKING |
| Country/Territory | Austria |
| City | Vienna |
| Period | 17/05/2016 → 19/05/2016 |
Keywords
- DDoS
- Denial of Service
- DNS
- Gateway
- Internet threats
- NAT
- NAT Traversal
- Network
- PRGW
- Security