LIPS: Lightweight internet permit system for stopping unwanted packets

Changho Choi, Yingfei Dong, Zhi Li Zhang

Research output: Contribution to journalConference articlepeer-review

1 Scopus citations

Abstract

In this paper, we propose a Lightweight Internet Permit System (LIPS) that provides a lightweight, scalable packet authentication mechanism for ensuring traffic-origin accountability. LIPS is a simple extension of IP, in which each packet carries an access permit issued by its destination host or gateway, and the destination verifies the access permit to determine if a packet is accepted or dropped. We will first present the design and the prototype implementation of LIPS on Linux 2.4 kernel. We then use analysis, simulations, and experiments to show how LIPS can effectively prevent protected critical servers and links from being flooded by unwanted packets with negligible overheads. We propose LIPS as an domain-to-domain approach to stop unwanted attacks, without requiring broad changes in backbone networks as other approaches. Therefore, LIPS is incrementally deployable in a large scale on common platforms with minor software patches.

Keywords

  • Denial of Service
  • IP Spoofing
  • Network Security
  • Unwanted Packets

Fingerprint

Dive into the research topics of 'LIPS: Lightweight internet permit system for stopping unwanted packets'. Together they form a unique fingerprint.

Cite this