Using Conservation of Flow as a Security Mechanism in Network Protocols



Bibliographic Information


The law of conservation of flow, which states that an input must either be absorbed or sent on as an output (possibly with modification), is an attractive tool with which to analyze network protocols for security properties. One of its uses is to detect disruptive network elements that launch denial of service attacks by absorbing or discarding packets. Its use requires several assumptions about the protocols being analyzed. We examine the WATCHERS algorithm to detect misbehaving routers. We show that it uses conservation of flow without sufficient verification of its assumptions, and can consequently be defeated. We suggest improvements to make the use of conservation of flow valid

Copyright Notice

©2000 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author’s copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
The definitive version was published in the Proceedings of the 2000 IEEE Symposium on Security and Privacy, pp. 132–141 (May 2000).