Abstract: In recent years, there are raising interests in using path identifiers (PIDs) as inter-domain routing objects. However, the PIDs used in existing approaches are static, which made it easy for attackers to launch distributed denial-of service (DDoS) flooding attacks. To address this issue, in this paper, we present the design, implementation, and evaluation of D-PID, In that framework that uses PIDs negotiated between neighbouring domains as inter-domain routing objects. In DPID, the PID of an inter-domain path connecting two domains is kept top secret and changes dynamically. In this paper we describe in detail how neighbouring domains negotiate PIDs, how to maintain ongoing communications when PIDs change. We build a 42-node prototype comprised by six domains to verify D-PIDís beneficial and conduct broad simulations to evaluate its effectiveness and cost. The results from both simulations and experiments show that D-PID can effectively prevent DDoS attacks.

Keywords: Inter-domain routing, security, distributed denial-of- service (DDoS) attacks, path identifiers.