Security and Privacy in Communication Networks. 6th Iternational ICST Conference, SecureComm 2010, Singapore, September 7-9, 2010. Proceedings

Research Article

Realizing a Source Authentic Internet

Download
403 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-16161-2_13,
        author={Toby Ehrenkranz and Jun Li and Patrick McDaniel},
        title={Realizing a Source Authentic Internet},
        proceedings={Security and Privacy in Communication Networks. 6th Iternational ICST Conference, SecureComm 2010, Singapore, September 7-9, 2010. Proceedings},
        proceedings_a={SECURECOMM},
        year={2012},
        month={5},
        keywords={IP spoofing IP source address IP spoofing detection incoming table pushback},
        doi={10.1007/978-3-642-16161-2_13}
    }
    
  • Toby Ehrenkranz
    Jun Li
    Patrick McDaniel
    Year: 2012
    Realizing a Source Authentic Internet
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-642-16161-2_13
Toby Ehrenkranz1,*, Jun Li1,*, Patrick McDaniel2,*
  • 1: University of Oregon
  • 2: Pennsylvania State University
*Contact email: tehrenkr@cs.uoregon.edu, lijun@cs.uoregon.edu, mcdaniel@cse.psu.edu

Abstract

An innate deficiency of the Internet is its susceptibility to IP spoofing. Whereas a router uses a forwarding table to determine where it should send a packet, previous research has found that a router can similarly employ an incoming table to verify where a packet should come from, thereby detecting IP spoofing. Based on a previous protocol for building incoming tables, SAVE, this paper introduces new mechanisms that not only address a critical deficiency of SAVE when it is incrementally deployed (incoming table entries becoming obsolete), but can also push the filtering of spoofing packets towards the SAVE router that is closest to spoofers. With these new mechanisms, and under the assumption of incremental deployment, we further discuss the security of SAVE, evaluate its efficacy, accuracy, and overhead, and look into its deployment incentives. Our results show incoming-table-based IP spoofing detection is a feasible and effective solution.