Peer-to-peer name resolution protocol (PNRP) security infrastructure and method
First Claim
1. A method of inhibiting denial of service attacks based on node resource consumption in a peer-to-peer network, comprising:
- receiving the message at a node in the peer-to-peer network;
examining resource utilization at the node; and
rejecting processing of the message when examining the resource utilization at the node indicates that the node resource utilization is above a predetermined level.
1 Assignment
0 Petitions
Accused Products
Abstract
A security infrastructure and methods are presented that inhibit the ability of a malicious node from disrupting the normal operations of a peer-to-peer network. The methods of the invention allow both secure and insecure identities to be used by nodes by making them self-verifying. When necessary or opportunistic, ID ownership is validated by piggybacking the validation on existing messages. The probability of connecting initially to a malicious node is reduced by randomly selecting to which node to connect. Further, information from malicious nodes is identified and can be disregarded by maintaining information about prior communications that will require a future response. Denial of service attacks are inhibited by allowing the node to disregard requests when its resource utilization exceeds a predetermined limit. The ability for a malicious node to remove a valid node is reduced by requiring that revocation certificates be signed by the node to be removed.
-
Citations
20 Claims
-
1. A method of inhibiting denial of service attacks based on node resource consumption in a peer-to-peer network, comprising:
-
receiving the message at a node in the peer-to-peer network;
examining resource utilization at the node; and
rejecting processing of the message when examining the resource utilization at the node indicates that the node resource utilization is above a predetermined level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of inhibiting denial of service attacks based on node bandwidth consumption in a peer-to-peer network comprising:
-
receiving a request for cache synchronization at a first node in the peer-to-peer network from a second node in the peer-to-peer network;
examining a metric; and
rejecting processing of the request for cache synchronization when examining the metric indicates that the number of cache synchronizations performed between the first node and the second node exceeds a predetermined maximum. - View Dependent Claims (10)
-
-
11. A computer-readable medium having computer-executable instructions inhibiting denial of service attacks based on node resource consumption in a peer-to-peer network, the computer-executable instructions comprising instructions for:
-
receiving the message at a node in the peer-to-peer network;
examining a node resource utilization; and
rejecting processing of the message when examining the node resource utilization indicates that the node resource utilization is above a predetermined level. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification