Inter-Domain Routing Validator Based Spoofing Defence System

IP spoofing remains a problem today in the Internet. In this paper, a new system called Inter-Domain Routing Validator Based Spoofing Defence System (SDS) for filtering spoofed IP packets is proposed. SDS uses efficient symmetric key message authentication code (UMAC) as its tag to verify that a source IP address is valid. Different ASes border routers obtain a shared key via the Inter-Domain Routing Validator (IRV) servers which will manage the secret keys and exchange keys among different ASes via security communication channel. SDS is efficient, secure and easy to cooperate with other defence mechanisms.

[1]  S. M. Bellovin,et al.  Security problems in the TCP/IP protocol suite , 1989, CCRV.

[2]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[3]  Jon Postel,et al.  Internet Protocol , 1981, RFC.

[4]  Dawn Xiaodong Song,et al.  StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense , 2006, IEEE Journal on Selected Areas in Communications.

[5]  Sandra L. Murphy,et al.  BGP Security Vulnerabilities Analysis , 2006, RFC.

[6]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[7]  Patrick D. McDaniel,et al.  Working around BGP: An Incremental Approach to Improving Security and Accuracy in Interdomain Routing , 2003, NDSS.

[8]  Jun Li,et al.  On the state of IP spoofing defense , 2009, TOIT.

[9]  Xin Liu,et al.  Passport: Secure and Adoptable Source Authentication , 2008, NSDI.

[10]  Anat Bremler-Barr,et al.  Spoofing prevention method , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[11]  Hussein T. Mouftah,et al.  Mitigating IP Spoofing by Validating BGP Routes Updates , 2009 .

[12]  Ted Krovetz,et al.  UMAC: Message Authentication Code using Universal Hashing , 2006, RFC.