Short Term Certificate Management During Distributed Denial of ServiceAttacks

US 20170331854A1
Filed: 05/11/2016
Published: 11/16/2017
Est. Priority Date: 05/11/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying, by a processor, a distributed denial of service attack on a network;

executing, by the processor, a script to request a short term certificate in response to the distributed denial of service attack;

receiving the short term certificate generated by a certificate server; and

generating, by the processor, an instruction to redirect traffic using the short term certificate and associated private key,wherein malicious traffic involved in the distributed denial of service attack is filtered by a protection service in response to the short term certificate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a distributed denial of service attack on a network is identified. In response to the distributed denial of service attack, a script to request a short term certificate is executed. The short term certificate is generated by a certificate server and received either directly or indirectly from the certificate server. An instruction to redirect traffic using the short term certificate and private key is sent to a distributed denial of service attack protection service that is operable to filter or otherwise mitigate malicious traffic involved in the distributed denial of service attack.

20 Citations

View as Search Results

20 Claims

1. A method comprising:
- identifying, by a processor, a distributed denial of service attack on a network;
  
  executing, by the processor, a script to request a short term certificate in response to the distributed denial of service attack;
  
  receiving the short term certificate generated by a certificate server; and
  
  generating, by the processor, an instruction to redirect traffic using the short term certificate and associated private key,wherein malicious traffic involved in the distributed denial of service attack is filtered by a protection service in response to the short term certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the distributed denial of service attack is identified by an on premise security device coupled with the network.
  - 3. The method of claim 1, wherein the distributed denial of service attack is identified by a security device in a service provider network.
  - 4. The method of claim 1, further comprising:
    - advertising a gateway protocol message including an address for the protection service.
  - 5. The method of claim 4, further comprising:
    - advertising a gateway protocol message including an address for the network after the distributed denial of service attack.
  - 6. The method of claim 1, further comprising:
    - sending a request to revoke the short term certificate to the certificate server.
  - 7. The method of claim 1, wherein further comprising:
    - updating a transport layer security record under domain name service (DNS) based authentication of named entities (DANE) according to the short term certificate.
  - 8. The method of claim 1, wherein the script to request the short term certificate includes an expiration time period for the short term certificate.
  - 9. The method of claim 1, further comprising:
    - establishing a secure channel between the protection service and the network.

10. A method comprising:
- receiving a protection message indicative of a distributed denial of service attack on a network;
  
  receiving a short term certificate and private key for a protected device coupled with the network, wherein the short term certificate is generated in response to the distributed denial of service attack;
  
  intercepting, by a processor, traffic for the network using the short term certificate; and
  
  filtering, by the processor, malicious traffic involved in the distributed denial of service attack in response to the short term certificate.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, wherein the distributed denial of service attack is identified by an on premise security device coupled with the network.
  - 12. The method of claim 10, wherein the distributed denial of service attack is identified by a security device in a service provider network.
  - 13. The method of claim 10, further comprising:
    - advertising a gateway protocol message including an address for the protection service.
  - 14. The method of claim 13, further comprising:
    - advertising a gateway protocol message including an address for the network after the distributed denial of service attack.
  - 15. The method of claim 10, further comprising:
    - generating an instruction to revoke the short term certificate to the certificate server.
  - 16. The method of claim 10, wherein the short term certificate expires in less than one day.
  - 17. The method of claim 10, wherein the short term certificated is issued from an automated script.

18. An apparatus comprising:
- a processor; and
  
  a memory comprising one or more instructions executable by the processor to perform;
  
  identify a distributed denial of service attack on a network;
  
  execute the processor, a script to request a short term certificate in response to the distributed denial of service attack;
  
  receive the short term certificate generated by a certificate server; and
  
  generate an instruction to a protection service to service traffic using the short term certificate and private key,wherein malicious traffic involved in the distributed denial of service attack is filtered by the protection service in response to the short term certificate.
- View Dependent Claims (19)
- - 19. The apparatus of claim 18, wherein the distributed denial of service attack is identified by an on premise security device coupled with the network or by a security device in a service provider network.

20. An apparatus comprising:
- a communication interface configured to receive a short term certificate for a public key and private key for a protected device coupled with the network, wherein the short term certificate and private key is generated in response to the distributed denial of service attack;
  
  a DDoS protection controller configured to identify traffic for the network using the short term certificate and private key, and filter malicious traffic involved in the distributed denial of service attack in response to the short term certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Reddy, Tirumaleswar, Wing, Daniel, Patil, Prashanth

Granted Patent

US 10,104,119 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/0823   using certificates cryptogr...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1458   Denial of Service

H04L 63/168   above the transport layer

H04L 65/1104   Session initiation protocol...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 69/329   in the application layer [O...

H04L 9/0861   Generation of secret inform...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3263   involving certificates, e.g...

Short Term Certificate Management During Distributed Denial of ServiceAttacks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Short Term Certificate Management During Distributed Denial of ServiceAttacks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others