Skip to main content
SpringerLink
Log in

The Automatic Peer-to-Peer Signature for Source Address Validation

  • Conference paper
Book cover Knowledge-Based Intelligent Information and Engineering Systems (KES 2007)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 4692))

  • 1422 Accesses

Abstract

SPM (Spoofing Prevention Method) proposed a peer-to-peer anti-spoofing method which could effectively filter spoofed packets and support incremental deployment. However, mechanism of SPM key updating has some serious problems: (1) heavy management cost; (2) risk of becoming the target of DOS/DDOS attacks during the key updating; (3) limitation of the scale of the SPM union; (4) impossibility of tackling the threat of real-time packet sniffing. This paper proposes an Automatic Peer-to-Peer Anti-spoofing Method (APPA). APPA resolves the key management problem and could effectively prevent source address spoofing.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Moore, D., Voelker, G., Savage, S.: Inferring internet Denial-of-Service activity. In: Proc. USENIX Security Symposium, pp. 9–22 (2001)

    Google Scholar 

  2. CERT Advisory CA-, 01:Denial-of-service Development (January 2000), http://www.cert.org/advisories/CA-2000-01.html

  3. Mazu, Networks. Enforcer (2002) http://www.mazunetworks.com/products

  4. Cisco IOS.: Unicast reverse path forwarding (1999)

    Google Scholar 

  5. Anat, B.B., Hanoch, L.: Spoofing Prevention Method. In: Proceedings IEEE Infocomm (2005)

    Google Scholar 

  6. Baker, F., Savola, P.: Ingress Filtering for Multihomed Networks. RFC 3704 (March 2004)

    Google Scholar 

  7. Dawn, Xiao, D.S., Adrian, P.: Advanced and authenticated marking schemes for IP traceback. In: Proceedings IEEE Infocomm 2001 (April 2001)

    Google Scholar 

  8. Kihong, P., Heejo, L.: On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. Tech. Rep. CSD-00-013, Department of Computer Sciences. Purdue University (June 2000)

    Google Scholar 

  9. Micah, A.: Tradeoffs in probabilistic packet marking for IP traceback. In: Proceedings of 34th ACM Symposium on Theory of Computing (STOC), New York (2002)

    Google Scholar 

  10. Belenky, A., Ansari, N.: On IP Traceback. IEEE Communications Magazine 41(7) (July 2003)

    Google Scholar 

  11. Bellovin, S., Leech, M., Taylor, T.: Icmp traceback messages (February 2003), http://www.ietf.org/internet-drafts/draft-ietf-itrace-04.txt

  12. Alex, C.S., Craig, P., Luis, A.S., Christine, E.J., Fabrice, T., Beverly, S., Stephen, K., Strayer, W.: Single-packet IP traceback. ACM/IEEE Transactions on Networking (December 2002)

    Google Scholar 

  13. Timothy, W.S., Christine, E.J., Fabrice, T., Regina, R.H.: SPIE-IPv6: Single IPv6 Packet Traceback, Local Computer Networks. In: 29th Annual, IEEE International Conference on (November 16-18, 2004), pp. 118–125 (2004)

    Google Scholar 

  14. Ferguson, P., Senie, D.: Network ingress filtering: Defeating denial of service attacks which employ ip source address spoofing (May 2000), RFC (2827)

    Google Scholar 

  15. Amin, S.O., Kang, M.S., Hong, C.S.: A Lightweight IP Traceback Mechanism on IPv6. In: Zhou, X., Sokolsky, O., Yan, L., Jung, E.-S., Shao, Z., Mu, Y., Lee, D.C., Kim, D., Jeong, Y.-S., Xu, C.-Z. (eds.) Emerging Directions in Embedded and Ubiquitous Computing. LNCS, vol. 4097, pp. 671–680. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  16. Cheng, J., Wang, H.N., Kang, G.S.: Hop-count filtering: An effective defense against spoofed DDoS traffic. In: Proceedings of ACM CCS (2003)

    Google Scholar 

  17. Kent, S.: IP Authentication Header. RFC 4302 (December 2005)

    Google Scholar 

  18. Mathew, S., Jacob, K.P.: A New Fast Stream Cipher: MAJE4. IEEE INDICON 2005.

    Google Scholar 

  19. Stephen, K.P., Keith, W.M.: Random number generators: good ones are hard to find. Communications of the ACM archive 31(10) (October 1988)

    Google Scholar 

  20. Matsumoto, M., Nishimura, T.: Mersenne twister: A 623-dimensionally equidistributed uniform pseudo-random number generator. ACM Trans. Model. Comput. Simul. 8(1), 3–30 (1998)

    Article  MATH  Google Scholar 

  21. George, M., Wai, W.T.: The 64-bit universal RNG, Letters in Statistics and Probability.  6(2), 183–187 (January 2004)

    Google Scholar 

  22. George, M.: The KISS generator, http://oldmill.uchicago.edu/~wilder/Code/random/Papers/Marsaglia_2003.html

  23. Alberto, M., Mark, A., Sally, F.: Measuring the Evolution of Transport Protocols in the Internet. ACM Computer Communication Review, 35(2) (April 2005), http://www.icir.org/mallman/papers/tcp-evo-ccr05.ps

  24. Li, X., Yang, X.W.: Efficient and Secure Source Authentication with Packet Passports. In: Proc. of USENIX SRUTI, San Jose, CA (2006)

    Google Scholar 

  25. Shannon, C.E.: Communication Theory of Secure Systems. Bell System Technical journal 28(4), 656–715 (1949)

    Google Scholar 

  26. Whitfield, D., Martin, E.H.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)

    Article  MATH  Google Scholar 

  27. Li, F., Pei, C., Almeida, J., Broder, A.Z.: A scalable wide-area web cache sharing protocol. Technical Report 1361, Department of Computer Science. University of Wisconsin-Madison (1998)

    Google Scholar 

  28. Baptista, M.S.: Cryptography with chaos[J]. Physics Letters A, 50–54 (1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Network Research Center, Tsinghua University, Beijing 100084, China

    Yan Shen, Jun Bi, Jianping Wu & Qiang Liu

Authors
  1. Yan Shen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jun Bi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianping Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Qiang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Bruno Apolloni Robert J. Howlett Lakhmi Jain

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Shen, Y., Bi, J., Wu, J., Liu, Q. (2007). The Automatic Peer-to-Peer Signature for Source Address Validation. In: Apolloni, B., Howlett, R.J., Jain, L. (eds) Knowledge-Based Intelligent Information and Engineering Systems. KES 2007. Lecture Notes in Computer Science(), vol 4692. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74819-9_105

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74819-9_105

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74817-5

  • Online ISBN: 978-3-540-74819-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation