Abstract
In this paper, we propose a Lightweight Internet Permit System (LIPS) that provides a lightweight, scalable packet authentication mechanism for ensuring traffic-origin accountability. LIPS is a simple extension of IP, in which each packet carries an access permit issued by its destination host or gateway, and the destination verifies the access permit to determine if a packet is accepted or dropped. We will first present the design and the prototype implementation of LIPS on Linux 2.4 kernel. We then use analysis, simulations, and experiments to show how LIPS can effectively prevent protected critical servers and links from being flooded by unwanted packets with negligible overheads. We propose LIPS as an domain-to-domain approach to stop unwanted attacks, without requiring broad changes in backbone networks as other approaches. Therefore, LIPS is incrementally deployable in a large scale on common platforms with minor software patches.
Original language | English (US) |
---|---|
Pages (from-to) | 178-190 |
Number of pages | 13 |
Journal | Lecture Notes in Computer Science |
Volume | 3462 |
DOIs | |
State | Published - 2005 |
Event | 4th International IFIP-TC6 Networking Conference: Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems, NETWORKING 2005 - Waterloo, Ont., Canada Duration: May 2 2005 → May 6 2005 |
Keywords
- Denial of Service
- IP Spoofing
- Network Security
- Unwanted Packets