Efficient and secure source authentication with packet passports

2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet, SRUTI 2006

Volumn , Issue , 2006, Pages 7-13

  Liu, Xin ^a   Yang, Xiaowei ^a   Wetherall, David ^b   Anderson, Thomas ^b  

^a Irvine   (United States)

^b University of Washington   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COLLATERAL DAMAGE; CONTROL MESSAGES; DENIAL OF SERVICE; HIGH-SPEED ROUTERS; PACKET CONTENTS; PASSPORT SYSTEMS; PRELIMINARY ANALYSIS; SOURCE AUTHENTICATION;

DENIAL-OF-SERVICE ATTACK;

EID: 38049148364     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (33)

1. UMAC implementation. http://www.cs.ucdavis.edu/∼rogaway/umac/.
2. Caida report. http://www.caida.org/analysis/AIX/plenhist/, February 2000.
3. B.-B. A. and L. H. Spoofing prevention method. In Proc. IEEE Infocom, 2005.
4. K. Argyraki and D. Cheriton. Active Internet Traffic Filtering: Real-Time Response to Denial-of-Service Attacks. In USENIX 2005, 2005.
5. DDoS attacks still pose threat to Internet. BizReport, 11/4/03.
6. D. Boneh and M. Franklin. Identity based encryption from the weil pairing. SIAM J. of Computing, 32(3):586-615, 2003.
7. M. Caesar, D. Caldwell, N. Feamster, J. Rexford, and A. S. andJacobus van der Merwe. Design and implementation of a routing control platform. In Proc. of NSDI, 2005.
8. Extortion via DDoS on the rise. Network World, 5/16/05.
9. W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644-654, 1976.
10. D.Magoni and J.J.Pansiot. Analysis of the autonomous system network topology. Computer Communications Review, 31(3):26-37, July 2001.
11. D. Estrin, J. C. Mogul, G. Tsudik., and K.Anand. Visa protocols for controlling inter-organization datagram flow. IEEE Journal on Selected Areas in Communication, 7(4):486-498, May 1989.
12. L. Fan, P. Cao, J. Almeida, and A. Z. Broder. Summary cache: A scalable wide-area web cache sharing protocol. Technical Report 1361, Department of Computer Science, University of Wisconsin-Madison, 1998.
13. P. Ferguson and D. Senie. Network Ingress Filtering: Defeating Denial of Service Attacks that Employ IP Source Address Spoofing. Internet RFC 2827, 2000.
14. S. Gibson. The strange tale of the attacks against grc.com. http://grc.com/dos/grcdos.htm, 2005.
15. A. Greenhalgh, M. Handley, and F. Huici. Using routing and tunneling to combat DoS attacks. In Proc. of USENIX SRUTI, 2005.
16. C. Jin, H. Wang, and K. G. Shin. Hop-count filtering: an effective defense against spoofed ddos traffic. In CCS'03: Proceedings of the 10th ACM conference on Computer and communications security, pages 30-41, 2003.
17. S. Kent, C. Lynn, and K. Seo. Secure border gateway protocol (s-bgp). IEEE Journal on Selected Areas in Communications, 2000.
18. H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-hashing for message authentication. Internet RFC 2104, 1997.
19. T. Krovetz. UMAC: Message authentication code using universal hashing. Internet RFC 4418, 2006.
20. R. Lemos. A year later, DDoS attacks still a major web threat. http://news.com.com/A+year+later,+DDoS+attacks+still+a+major+Web+threat/2009-1001 3-252187.html, Feb. 2001.
21. J. Li, J. Mirkovic, M. Wang, P. Reiher, and L. Zhang. SAVE: Source address validity enforcement. In Proc. of INFOCOM, 2002.
22. K. Miller. Three practical ways to improve your network. In Proc. of USENIX LISA, 2003.
23. D. Moore, G. Voelker, and S. Savage. Inferring Internet Denial of Service Activity. In Usenix Security Symposium, Aug. 2001.
24. K. Park and H. Lee. On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets. In ACM SIGCOMM, 2001.
25. B. Patel and J. Crowcroft. Ticket based service access for the mobile user. In Proceedings of MobiCom'97, pages 223-233, 1997.
26. R. Perlman. Network Layer Protocols with Byzantine Robustness. MIT Ph.D. Thesis, 1988.
27. A. Snoeren, C. Partridge, L. Sanchez, C. Jones, F. Tchakountio, S. Kent, and W. Strayer. Hash-Based IP Traceback. In ACM SIGCOMM, 2001.
28. D. Song and A. Perrig. Advance and Authenticated Marking Schemes for IP Traceback. In Proc. IEEE Infocom, 2001.
29. R. White. Securing bgp through secure origin bgp. The Internet Protocol Journal, 2003.
30. A. Yaar, A. Perrig, and D. Song. Pi: A Path Identification Mechanism to Defend Against DDoS Attacks. In IEEE Symposium on Security and Privacy, 2003.
31. A. Yaar, A. Perrig, and D. Song. SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks. In IEEE Symposium on Security and Privacy, 2004.
32. X. Yang, D. Wetherall, and T. Anderson. A DoS-Limiting Network Architecture. In ACM SIGCOMM, Philadelphia, PA, Aug. 2005.
33. H. Yu, J. Rexford, and E. Felten. A distributed reputation approach to cooperative internet routing protection. In Proceedings of Workshop on Secure Network Protocols, 2005.