Abstract
SPM (Spoofing Prevention Method) proposed a peer-to-peer anti-spoofing method which could effectively filter spoofed packets and support incremental deployment. However, mechanism of SPM key updating has some serious problems: (1) heavy management cost; (2) risk of becoming the target of DOS/DDOS attacks during the key updating; (3) limitation of the scale of the SPM union; (4) impossibility of tackling the threat of real-time packet sniffing. This paper proposes an Automatic Peer-to-Peer Anti-spoofing Method (APPA). APPA resolves the key management problem and could effectively prevent source address spoofing.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Moore, D., Voelker, G., Savage, S.: Inferring internet Denial-of-Service activity. In: Proc. USENIX Security Symposium, pp. 9–22 (2001)
CERT Advisory CA-, 01:Denial-of-service Development (January 2000), http://www.cert.org/advisories/CA-2000-01.html
Mazu, Networks. Enforcer (2002) http://www.mazunetworks.com/products
Cisco IOS.: Unicast reverse path forwarding (1999)
Anat, B.B., Hanoch, L.: Spoofing Prevention Method. In: Proceedings IEEE Infocomm (2005)
Baker, F., Savola, P.: Ingress Filtering for Multihomed Networks. RFC 3704 (March 2004)
Dawn, Xiao, D.S., Adrian, P.: Advanced and authenticated marking schemes for IP traceback. In: Proceedings IEEE Infocomm 2001 (April 2001)
Kihong, P., Heejo, L.: On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. Tech. Rep. CSD-00-013, Department of Computer Sciences. Purdue University (June 2000)
Micah, A.: Tradeoffs in probabilistic packet marking for IP traceback. In: Proceedings of 34th ACM Symposium on Theory of Computing (STOC), New York (2002)
Belenky, A., Ansari, N.: On IP Traceback. IEEE Communications Magazine 41(7) (July 2003)
Bellovin, S., Leech, M., Taylor, T.: Icmp traceback messages (February 2003), http://www.ietf.org/internet-drafts/draft-ietf-itrace-04.txt
Alex, C.S., Craig, P., Luis, A.S., Christine, E.J., Fabrice, T., Beverly, S., Stephen, K., Strayer, W.: Single-packet IP traceback. ACM/IEEE Transactions on Networking (December 2002)
Timothy, W.S., Christine, E.J., Fabrice, T., Regina, R.H.: SPIE-IPv6: Single IPv6 Packet Traceback, Local Computer Networks. In: 29th Annual, IEEE International Conference on (November 16-18, 2004), pp. 118–125 (2004)
Ferguson, P., Senie, D.: Network ingress filtering: Defeating denial of service attacks which employ ip source address spoofing (May 2000), RFC (2827)
Amin, S.O., Kang, M.S., Hong, C.S.: A Lightweight IP Traceback Mechanism on IPv6. In: Zhou, X., Sokolsky, O., Yan, L., Jung, E.-S., Shao, Z., Mu, Y., Lee, D.C., Kim, D., Jeong, Y.-S., Xu, C.-Z. (eds.) Emerging Directions in Embedded and Ubiquitous Computing. LNCS, vol. 4097, pp. 671–680. Springer, Heidelberg (2006)
Cheng, J., Wang, H.N., Kang, G.S.: Hop-count filtering: An effective defense against spoofed DDoS traffic. In: Proceedings of ACM CCS (2003)
Kent, S.: IP Authentication Header. RFC 4302 (December 2005)
Mathew, S., Jacob, K.P.: A New Fast Stream Cipher: MAJE4. IEEE INDICON 2005.
Stephen, K.P., Keith, W.M.: Random number generators: good ones are hard to find. Communications of the ACM archive 31(10) (October 1988)
Matsumoto, M., Nishimura, T.: Mersenne twister: A 623-dimensionally equidistributed uniform pseudo-random number generator. ACM Trans. Model. Comput. Simul. 8(1), 3–30 (1998)
George, M., Wai, W.T.: The 64-bit universal RNG, Letters in Statistics and Probability. 6(2), 183–187 (January 2004)
George, M.: The KISS generator, http://oldmill.uchicago.edu/~wilder/Code/random/Papers/Marsaglia_2003.html
Alberto, M., Mark, A., Sally, F.: Measuring the Evolution of Transport Protocols in the Internet. ACM Computer Communication Review, 35(2) (April 2005), http://www.icir.org/mallman/papers/tcp-evo-ccr05.ps
Li, X., Yang, X.W.: Efficient and Secure Source Authentication with Packet Passports. In: Proc. of USENIX SRUTI, San Jose, CA (2006)
Shannon, C.E.: Communication Theory of Secure Systems. Bell System Technical journal 28(4), 656–715 (1949)
Whitfield, D., Martin, E.H.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)
Li, F., Pei, C., Almeida, J., Broder, A.Z.: A scalable wide-area web cache sharing protocol. Technical Report 1361, Department of Computer Science. University of Wisconsin-Madison (1998)
Baptista, M.S.: Cryptography with chaos[J]. Physics Letters A, 50–54 (1998)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shen, Y., Bi, J., Wu, J., Liu, Q. (2007). The Automatic Peer-to-Peer Signature for Source Address Validation. In: Apolloni, B., Howlett, R.J., Jain, L. (eds) Knowledge-Based Intelligent Information and Engineering Systems. KES 2007. Lecture Notes in Computer Science(), vol 4692. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74819-9_105
Download citation
DOI: https://doi.org/10.1007/978-3-540-74819-9_105
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74817-5
Online ISBN: 978-3-540-74819-9
eBook Packages: Computer ScienceComputer Science (R0)