Passport: Secure and Adoptable Source Authentication

We present the design and evaluation of Passport, a system that allows source addresses to be validated within the network. Passport uses efficient, symmetric-key cryptography to place tokens on packets that allow each autonomous system (AS) along the network path to independently verify that a source address is valid. It leverages the routing system to efficiently distribute the symmetric keys used for verification, and is incrementally deployable without upgrading hosts. We have implemented Passport with Click and XORP and evaluated the design via micro-benchmarking, experiments on the Deterlab, security analysis, and adoptability modeling. We find that Passport is plausible for gigabit links, and can mitigate reflector attacks even without separate denial-of-service defenses. Our adoptability modeling shows that Passport provides stronger security and deployment incentives than alternatives such as ingress filtering. This is because the ISPs that adopt it protect their own addresses from being spoofed at each other's networks even when the over-all deployment is small.

[1]  Jon Crowcroft,et al.  Ticket based service access for the mobile user , 1997, MobiCom '97.

[2]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[3]  Dawn Xiaodong Song,et al.  StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense , 2006, IEEE Journal on Selected Areas in Communications.

[4]  Pavlin Radoslavov,et al.  Designing extensible IP router software , 2005, NSDI.

[5]  Adrian Perrig,et al.  Modeling adoptability of secure BGP protocols , 2006, SIGMETRICS '06/Performance '06.

[6]  Alex C. Snoeren,et al.  Hash-based IP traceback , 2001, SIGCOMM '01.

[7]  Alex C. Snoeren,et al.  A system for authenticated policy-compliant routing , 2004, SIGCOMM '04.

[8]  Mark Handley,et al.  Using Routing and Tunneling to Combat DoS Attacks , 2005, SRUTI.

[9]  David R. Cheriton,et al.  Active Internet Traffic Filtering: Real-time Response to Denial of Service Attacks , 2003, ArXiv.

[10]  Jun Li,et al.  SAVE: source address validity enforcement protocol , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[11]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[12]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[13]  Radia J. Perlman,et al.  Network layer protocols with Byzantine robustness , 1988 .

[14]  Susan Hares,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[15]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[16]  Sugih Jamin,et al.  Inet-3.0: Internet Topology Generator , 2002 .

[17]  Martín Casado,et al.  Cookies Along Trust-Boundaries (CAT): Accurate and Deployable Flood Protection , 2006, SRUTI.

[18]  Ted Krovetz,et al.  UMAC: Message Authentication Code using Universal Hashing , 2006, RFC.

[19]  Dawn Xiaodong Song,et al.  Pi: a path identification mechanism to defend against DDoS attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[20]  Ran Canetti,et al.  Efficient and Secure Source Authentication for Multicast , 2001, NDSS.

[21]  Ion Stoica,et al.  Taming IP packet flooding attacks , 2004, Comput. Commun. Rev..

[22]  Anat Bremler-Barr,et al.  Spoofing prevention method , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[23]  Erik Nordmark,et al.  Stateless IP/ICMP Translation Algorithm (SIIT) , 2000, RFC.

[24]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[25]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[26]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[27]  Robert Beverly,et al.  The spoofer project: inferring the extent of source address filtering on the internet , 2005 .

[28]  Tony Bates,et al.  Guidelines for creation, selection, and registration of an Autonomous System (AS) , 1996, RFC.

[29]  Eddie Kohler,et al.  The Click modular router , 1999, SOSP.

[30]  Hugo Krawczyk,et al.  UMAC: Fast and Secure Message Authentication , 1999, CRYPTO.

[31]  Adrian Perrig,et al.  FastPass: Providing First-Packet Delivery , 2006 .

[32]  S. M. Bellovin,et al.  Security problems in the TCP/IP protocol suite , 1989, CCRV.

[33]  Jia Wang,et al.  Towards an accurate AS-level traceroute tool , 2003, SIGCOMM '03.

[34]  Xiaowei Yang,et al.  A DoS-limiting network architecture , 2005, SIGCOMM '05.

[35]  Adrian Perrig,et al.  Modeling adoptability of secure BGP protocol , 2006, SIGCOMM 2006.

[36]  David L. Black,et al.  Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers , 1998, RFC.

[37]  Enke Chen,et al.  BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP) , 2006, RFC.

[38]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[39]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[40]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[41]  Dawn Xiaodong Song,et al.  SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[42]  Dawn Xiaodong Song,et al.  FIT: fast Internet traceback , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[43]  Xin Liu,et al.  Efficient and Secure Source Authentication with Packet Passports , 2006, SRUTI.

[44]  Damien Magoni,et al.  Analysis of the autonomous system network topology , 2001, CCRV.

[45]  Daniel Massey,et al.  An analysis of BGP multiple origin AS (MOAS) conflicts , 2001, IMW '01.

[46]  Deborah Estrin,et al.  Visa protocols for controlling interorganizational datagram flow , 1989, IEEE J. Sel. Areas Commun..

[47]  Fred Baker,et al.  Ingress Filtering for Multihomed Networks , 2004, RFC.

[48]  Phillip Rogaway,et al.  Software-optimized universal hashing and message authentication , 2000 .

[49]  G. W. Stewart Dns cache poisoning-the next generation , 2003 .