Realizing a source authentic internet

Toby Ehrenkranz, Jun Li, Patrick McDaniel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations


An innate deficiency of the Internet is its susceptibility to IP spoofing. Whereas a router uses a forwarding table to determine where it should send a packet, previous research has found that a router can similarly employ an incoming table to verify where a packet should come from, thereby detecting IP spoofing. Based on a previous protocol for building incoming tables, SAVE, this paper introduces new mechanisms that not only address a critical deficiency of SAVE when it is incrementally deployed (incoming table entries becoming obsolete), but can also push the filtering of spoofing packets towards the SAVE router that is closest to spoofers. With these new mechanisms, and under the assumption of incremental deployment, we further discuss the security of SAVE, evaluate its efficacy, accuracy, and overhead, and look into its deployment incentives. Our results show incoming-table-based IP spoofing detection is a feasible and effective solution.

Original languageEnglish (US)
Title of host publicationSecurity and Privacy in Communication Networks - 6th Iternational ICST Conference, SecureComm 2010, Proceedings
Number of pages18
StatePublished - 2010
Event6th International Conference on Security and Privacy in Communication Networks, SecureComm 2010 - Singapore, Singapore
Duration: Sep 7 2010Sep 9 2010

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering
Volume50 LNICST
ISSN (Print)1867-8211


Other6th International Conference on Security and Privacy in Communication Networks, SecureComm 2010

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications


Dive into the research topics of 'Realizing a source authentic internet'. Together they form a unique fingerprint.

Cite this