Proxy-network based overlays have been proposed to pro-tect Internet Applications against Denial-of-Service attacks by hiding an application's location. We study how a proxy network's topology influences the effectiveness of location-hiding. We present two theorems which quantitatively char-acterize when proxy networks are robust against attacks (at-tackers ' impact can be quickly and completely removed), and when they are vulnerable to attacks (attackers ' im-pact cannot be completely removed). Using these theorems, we study a range of proxy network topologies, and iden-tify those topologies favorable for location-hiding and resist-ing Denial-of-Service attacks. We have found that popular overlay network topologies such as Chord , which has been suggested for location-hiding, is in fact not a favorable topology for such purposes; we have also shown that CAN , a less popular overlay network, can be a good topol-ogy for location-hiding. Our theoretical results provide a set of sound design principles on proxy networks used for location-hiding. 1
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.