论文信息 - Prevention of Man-in-the-Middle Attacks Using ID Based Signatures

Prevention of Man-in-the-Middle Attacks Using ID Based Signatures

The Denial-of-Service (DoS) attack is a serious threat to the legitimate use of the Internet. It is hard to detect and there is no comprehensive method to prevent such attacks. The primary goal of an attack is to deny the access to a particular resource of a victim. The attacker, in order to hide the identity, often spoofs the source IP address of the packet. Such spoofing results in the impossibility of tracing back the attacker. Recently, TrueIP, a IP spoofing prevention technique using Identity based cryptography has been proposed in which a signature scheme is used to achieve better security. In this paper, the drawbacks of TrueIP are addressed and a new architecture has been proposed to overcome them. In addition, all sorts of man-in-the-middle attacks (MIMA) are eliminated in our proposal.

S. Selvakumar | V. Radhakishan

[1] Bernd Freisleben,et al. TrueIP: prevention of IP spoofing attacks using identity-based cryptography , 2009, SIN '09.

[2] Anat Bremler-Barr,et al. Spoofing prevention method , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[3] Matthew K. Franklin,et al. Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[4] Flavio D. Garcia,et al. A Schnorr-Like Lightweight Identity-Based Signature Scheme , 2009, AFRICACRYPT.

[5] Shiuh-Pyng Shieh,et al. Defending against spoofed DDoS attacks with path fingerprint , 2005, Comput. Secur..

[6] A. Shamm. Identity-based cryptosystems and signature schemes , 1985 .

[7] Qiang Liu,et al. A two-level source address spoofing prevention based on automatic signature and verification mechanism , 2008, 2008 IEEE Symposium on Computers and Communications.

[8] Robert H. Deng,et al. Efficient Unidirectional Proxy Re-Encryption , 2010, AFRICACRYPT.

[9] Adi Shamir,et al. Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[10] Craig A. Shue,et al. Packet forwarding with source verification , 2008, Comput. Networks.