Passport: Secure and adoptable source authentication

5th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2008

Volumn , Issue , 2008, Pages 365-378

  Liu, Xin ^a   Li, Ang ^a   Yang, Xiaowei ^a   Wetherall, David ^b  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b UNIVERSITY OF WASHINGTON   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CRYPTOGRAPHY; SYSTEMS ANALYSIS;

AUTONOMOUS SYSTEMS; DENIAL OF SERVICE DEFENSE; DESIGN AND EVALUATIONS; INGRESS FILTERING; MICRO-BENCHMARKING; SECURITY ANALYSIS; SOURCE AUTHENTICATION; SYMMETRIC KEY CRYPTOGRAPHY;

DENIAL-OF-SERVICE ATTACK;

EID: 85083279650     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (51)

1. CAIDA Report. http://www.caida.org/analysis/AIX/plen_hist/, 2000.
2. K. Argyraki and D. Cheriton. Active Internet Traffic Filtering: Real-Time Response to Denial-of-Service Attacks. In USENIX, 2005.
3. F. Baker and P. Savola. Ingress Filtering for Multihomed Networks. RFC 3704, 2004.
4. A. B. Barr and H. Levy. Spoofing Prevention Method. In IEEE Infocom, 2005.
5. T. Bates, E. Chen, and R. Chandra. BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP). RFC 4456, 2006.
6. S. Bellovin. ICMP Traceback Messages, 2000. draft-bellovin-itrace-00.txt.
7. R. Beverly and S. Bauer. The Spoofer Project: Inferring the Extent of Source Address Filtering on the Internet. In USENIX SRUTI, 2005.
8. J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway. UMAC: Fast and Secure Message Authentication. In Advances in Cryptology - CRYPTO'99, 1999.
9. M. Casado, A. Akella, P. Cao, N. Provos, and S. Shenker. Cookies Along Trust-Boundaries (CAT): Accurate and Deployable Flood Protection. In USENIX SRUTI, 2006.
10. H. Chan, D. Dash, A. Perrig, and H. Zhang. Modeling Adoptability of Secure BGP Protocols. In ACM SIGCOMM, 2006.
11. Deterlab. http://www.deterlab.net/.
12. W. Diffie and M. E. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, 1976.
13. D.Magoni and J.J.Pansiot. Analysis of the Autonomous System Network Topology. ACM SIGCOMM CCR, 31(3), July 2001.
14. Z. Duan, X. Yuan, and J. Chandrashekar. Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates. In IEEE Infocom, 2006.
15. D. Estrin, J. C. Mogul, G. Tsudik., and K.Anand. Visa Protocols for Controlling Inter-Organization Datagram Flow. IEEE JSAC, 1989.
16. P. Ferguson and D. Senie. Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing. RFC 2827, May 2000.
17. A. Greenhalgh, M. Handley, and F. Huici. Using routing and tunneling to combat DoS attacks. In USENIX SRUTI, 2005.
18. M. Handley, E. Kohler, A. Ghosh, O. Hodson, and P. Radoslavov. Designing Extensible IP Router Software. In USENIX NSDI, 2005.
19. J. Hawkinson and T. Bates. Guidelines for creation, selection, and registration of an Autonomous System (AS). RFC 1930, 1996.
20. Helion Technology. AES Cores. http://www.heliontech.com/aes. htm, 2008.
21. C. Jin, H. Wang, and K. G. Shin. Hop-Count Filtering: An Effective Defense Against Spoofed DDoS Traffic. In ACM CCS, 2003.
22. E. Kohler, R. Morris, B. Chen, J. Jannotti, and M. F. Kaashoek. The Click Modular Router. ACM TOCS, 18(3), Aug. 2000.
23. T. Krovetz. UMAC: Message Authentication Code using Universal Hashing. RFC 4418, 2006.
24. K. Lakshminarayanan, D. Adkins, A. Perrig, and I. Stoica. Taming IP Packet Flooding Attacks. In Proc. HotNets-II, 2003.
25. A. K. Lenstra and E. R. Verheul. Selecting Cryptographic Key Sizes. Lecture Notes in Computer Science, 1751:446-265, 2000.
26. J. Li, J. Mirkovic, M. Wang, P. Reiher, and L. Zhang. SAVE: Source Address Validity Enforcement. In IEEE INFOCOM, 2002.
27. X. Liu, X. Yang, D. Wetherall, and T. Anderson. Efficient and Secure Source Authentication with Packet Passports. In USENIX SRUTI, 2006.
28. Z. M. Mao, J. Rexford, J. Wang, and R. Katz. Towards an Accurate AS-Level Traceroute Tool. In ACM SIGCOMM, 2003.
29. K. Nichols, S. Blake, F. Baker, and D. Black. Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers. RFC 2474, 1998.
30. E. Nordmark. Stateless IP/ICMP Translation Algorithm (SIIT). RFC 2765, 2000.
31. K. Park and H. Lee. On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets. In ACM SIGCOMM, 2001.
32. B. Patel and J. Crowcroft. Ticket Based Service Access for the Mobile User. In ACM MobiCom, 1997.
33. R. Perlman. Network Layer Protocols with Byzantine Robustness. MIT Ph.D. Thesis, 1988.
34. A. Perrig, R. Canetti, D. Song, and J. D. Tygar. Efficient and Secure Source Authentication for Multicast. In NDSS, 2001.
35. B. Raghavan and A. C. Snoeren. A System for Authenticated Policy-Compliant Routing. In ACM SIGCOMM, 2004.
36. Y. Rekhter, T. Li, and S. Hares. A Border Gateway Protocol 4 (BGP-4). RFC 4271, 2006.
37. RouteViews Project. http://www.routeviews.org/.
38. S. Savage, D. Wetherall, A. Karlin, and T. Anderson. Practical Network Support for IP Traceback. In ACM SIGCOMM, 2000.
39. F. Scalzo. Anatomy of recent DNS reflector attacks from the victim and reflector points of view. Nanog37 Presentation, June 2006.
40. A. Snoeren, C. Partridge, L. Sanchez, C. Jones, F. Tchakountio, S. Kent, and W. Strayer. Hash-Based IP Traceback. In ACM SIGCOMM, 2001.
41. D. Song and A. Perrig. Advance and Authenticated Marking Schemes for IP Traceback. In Proc. IEEE Infocom, 2001.
42. R. Thomas. ISP Security BOF, NANOG 28. http://www.nanog.org/mtg-0306/pdf/thomas.pdf, 2003.
43. D. Wendlandt, D. G. Andersen, and A. Perrig. FastPass: Providing First-Packet Delivery. Technical report, CMU-CyLab, 2006.
44. J. Winick and S. Jamin. Inet-3.0: Internet Topology Generator. Technical Report CSE-TR-456-02, University of Michigan, 2002.
45. A. Yaar, A. Perrig, and D. Song. Pi: A Path Identification Mechanism to Defend Against DDoS Attacks. In IEEE Symposium on Security and Privacy, 2003.
46. A. Yaar, A. Perrig, and D. Song. SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks. In IEEE Symposium on Security and Privacy, 2004.
47. A. Yaar, A. Perrig, and D. Song. FIT: Fast Internet Traceback. In Proc. of IEEE Infocom, 2005.
48. A. Yaar, A. Perrig, and D. Song. StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense. IEEE JSAC, 2006.
49. X. Yang, D. Wetherall, and T. Anderson. A DoS-Limiting Network Architecture. In ACM SIGCOMM, 2005.
50. K. Zetter. Cisco Security Hole a Whopper. http://www.wired.com/politics/security/news/2005/07/68328, 2005.
51. X. Zhao, D. Pei, L. Wang, D. Massey, A. Mankin, S. F. Wu, and L. Zhang. An Analysis of BGP Multiple Origin AS (MOAS) Conflicts. In ACM IMW, 2001.