TY - GEN
T1 - Realizing a source authentic internet
AU - Ehrenkranz, Toby
AU - Li, Jun
AU - McDaniel, Patrick
N1 - Funding Information:
This material is based upon work supported by the USA National Science Foundation under Grant No. 0520326. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.
PY - 2010
Y1 - 2010
N2 - An innate deficiency of the Internet is its susceptibility to IP spoofing. Whereas a router uses a forwarding table to determine where it should send a packet, previous research has found that a router can similarly employ an incoming table to verify where a packet should come from, thereby detecting IP spoofing. Based on a previous protocol for building incoming tables, SAVE, this paper introduces new mechanisms that not only address a critical deficiency of SAVE when it is incrementally deployed (incoming table entries becoming obsolete), but can also push the filtering of spoofing packets towards the SAVE router that is closest to spoofers. With these new mechanisms, and under the assumption of incremental deployment, we further discuss the security of SAVE, evaluate its efficacy, accuracy, and overhead, and look into its deployment incentives. Our results show incoming-table-based IP spoofing detection is a feasible and effective solution.
AB - An innate deficiency of the Internet is its susceptibility to IP spoofing. Whereas a router uses a forwarding table to determine where it should send a packet, previous research has found that a router can similarly employ an incoming table to verify where a packet should come from, thereby detecting IP spoofing. Based on a previous protocol for building incoming tables, SAVE, this paper introduces new mechanisms that not only address a critical deficiency of SAVE when it is incrementally deployed (incoming table entries becoming obsolete), but can also push the filtering of spoofing packets towards the SAVE router that is closest to spoofers. With these new mechanisms, and under the assumption of incremental deployment, we further discuss the security of SAVE, evaluate its efficacy, accuracy, and overhead, and look into its deployment incentives. Our results show incoming-table-based IP spoofing detection is a feasible and effective solution.
UR - http://www.scopus.com/inward/record.url?scp=84885886660&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84885886660&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-16161-2_13
DO - 10.1007/978-3-642-16161-2_13
M3 - Conference contribution
AN - SCOPUS:84885886660
SN - 364216160X
SN - 9783642161605
T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering
SP - 217
EP - 234
BT - Security and Privacy in Communication Networks - 6th Iternational ICST Conference, SecureComm 2010, Proceedings
T2 - 6th International Conference on Security and Privacy in Communication Networks, SecureComm 2010
Y2 - 7 September 2010 through 9 September 2010
ER -