LIPS: Lightweight internet permit system for stopping unwanted packets

Changho Choi, Yingfei Dong, Zhi Li Zhang

Research output: Contribution to journalConference article

1 Scopus citations


In this paper, we propose a Lightweight Internet Permit System (LIPS) that provides a lightweight, scalable packet authentication mechanism for ensuring traffic-origin accountability. LIPS is a simple extension of IP, in which each packet carries an access permit issued by its destination host or gateway, and the destination verifies the access permit to determine if a packet is accepted or dropped. We will first present the design and the prototype implementation of LIPS on Linux 2.4 kernel. We then use analysis, simulations, and experiments to show how LIPS can effectively prevent protected critical servers and links from being flooded by unwanted packets with negligible overheads. We propose LIPS as an domain-to-domain approach to stop unwanted attacks, without requiring broad changes in backbone networks as other approaches. Therefore, LIPS is incrementally deployable in a large scale on common platforms with minor software patches.

Original languageEnglish (US)
Pages (from-to)178-190
Number of pages13
JournalLecture Notes in Computer Science
StatePublished - Sep 26 2005
Event4th International IFIP-TC6 Networking Conference: Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems, NETWORKING 2005 - Waterloo, Ont., Canada
Duration: May 2 2005May 6 2005


  • Denial of Service
  • IP Spoofing
  • Network Security
  • Unwanted Packets

Fingerprint Dive into the research topics of 'LIPS: Lightweight internet permit system for stopping unwanted packets'. Together they form a unique fingerprint.

  • Cite this