Algebraic geometric code based IP traceback

In this paper, we attempt to use algebraic-geometric codes to solve the polynomial reconstruction problem, which is the key step for the algebraic IP traceback over the Internet to defend against the DoS attacks. The detailed mathematical expression for the fullpath polynomial is given with analysis showing the deterministic characteristic, the backward compatibility, the low time and storage complexity and the incremental deployment of our scheme. Furthermore, how to reduce the overhead in the IP header is proposed and analyzed with details in this paper. The comparison of our scheme with other related work shows that our scheme can not only be implemented for today's routers (IPv4), but also be extended for future router's usage whenever the router IP address be enlarged (IPv6).

[1]  Micah Adler Tradeoffs in probabilistic packet marking for IP traceback , 2002, STOC '02.

[2]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[3]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometry codes , 1999, IEEE Trans. Inf. Theory.

[4]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[5]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[6]  Kurt Rothermel,et al.  Dynamic distance maps of the Internet , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[7]  Philip N. Klein,et al.  Using router stamping to identify the source of IP packets , 2000, CCS.

[8]  Stephen E. Deering,et al.  Path MTU discovery , 1990, RFC.

[9]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[10]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[11]  David K. Y. Yau,et al.  Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles , 2002, IEEE 2002 Tenth IEEE International Workshop on Quality of Service (Cat. No.02EX564).

[12]  Lee Garber,et al.  Denial-of-Service Attacks Rip the Internet , 2000, Computer.

[13]  Bill Cheswick,et al.  Mapping the Internet , 1999, Computer.

[14]  Robert Stone,et al.  CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.

[15]  Dawn Xiaodong Song,et al.  Pi: a path identification mechanism to defend against DDoS attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[16]  Victor K.-W. Wei,et al.  Simplified understanding and efficient decoding of a class of algebraic-geometric codes , 1994, IEEE Trans. Inf. Theory.

[17]  Brian Krebs,et al.  Attack On Internet Called Largest Ever , 2002 .

[18]  Mark Crovella,et al.  Server selection using dynamic path characterization in wide-area networks , 1997, Proceedings of INFOCOM '97.

[19]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[20]  T. R. N. Rao,et al.  Improved geometric Goppa codes. I. Basic theory , 1995, IEEE Trans. Inf. Theory.