ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
TrueIP: prevention of IP spoofing attacks using identity-based cryptography
Full text PdfPdf (559 KB)
Source
International Conference on Security of Information and Networks archive
Proceedings of the 2nd international conference on Security of information and networks table of contents
North Cyprus, Turkey
SESSION: CS.2 CS: cryptography, security, and networks table of contents
Pages 128-137  
Year of Publication: 2009
ISBN:978-1-60558-412-6
Authors
Christian Schridde  University of Marburg, Marburg, Germany
Matthew Smith  University of Marburg, Marburg, Germany
Bernd Freisleben  University of Marburg, Marburg, Germany
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 27,   Downloads (12 Months): 27,   Citation Count: 0
Additional Information:

abstract   references   index terms  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1626195.1626229
What is a DOI?

ABSTRACT

In this paper, TrueIP--a system to prevent IP spoofing using identity-based cryptography--is presented. TrueIP is based on a new identity-based signature scheme to allow verification of an IP address without relying on a certificate or a public key infrastructure. It does not require changes or restrictions to the Internet routing protocol, is incrementally deployable, and offers protection from denial-of-service attacks based on IP spoofing. Implementation issues for practical deployment are discussed. Measurements of the TrueIP computation times for signature generation and verification are presented. Furthermore, the management overhead and bandwidth consumption to achieve proof of legitimate IP address possession and verification is compared with a standard Public Key Infrastructure approach using X.509 certificates signed by a Certificate Authority.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
MIRACL-Multiprecision Integer and Rational Arithmetic C/C Library. http://www.shamus.ie/.
 
2
B. Adida, D. Chau, S. Hohenberger, and R. L. Rivest. Lightweight Email Signatures. In SCN '06: Proceedings of the 5th International Conference on Security and Cryptography for Networks, volume 4116 of Lecture Notes in Computer Science, pages 288--302, 2006. Maiori, Italy.
 
3
D. G. Andersen, H. Balakrishnan, N. Feamster, T. Koponen, D. Moon, and S. Shenker. Holding the Internet Accountable. In Proceedings of the 6th ACM Workshop on Hot Topics in Networking (Hotnets), Atlanta, GA, November 2007.
 
4
T. Aura. Cryptographically Generated Addresses, 2005. RFC 3972.
 
5
F. Baker. Requirements for IP Version 4 Routers, 1995. RFC 1812, IETF.
 
6
M. Bellare, R. Canetti, and H. Krawczyk. Message Authentication Using Hash Functions: the HMAC Construction. CryptoBytes, 2(1):12--15, Spring 1996.
 
7
D. Boneh and M. Franklin. Identity-based Encryption from the Weil Pairing. SIAM Journal of Computation, 32(3):586--615, 2003.
 
8
C. Cocks. An Identity-based Encryption Scheme Based on Quadratic Residues. In Proceedings of the 8th IMA International Conference on Cryptography and Coding, volume 2260 of Lecture Notes in Computer Science, pages 360--363. Springer-Verlag, 2001.
 
9
P. Congdon, B. Aboba, A. Smith, G. Zorn, and J. Roese. IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines, September 2003. RFC 3580.
 
10
C. Ellison and B. Schneier. Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure. In Computer Security Journal, pages 1--7, 2000.
 
11
P. Ferguson and D. Senie. Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing, 2000. RFC 2827, IETF.
 
12
Y. I. Jerschow, C. Lochert, B. Scheuermann, and M. Mauve. CLL: A Cryptographic Link Layer for Local Area Networks. In SCN '08: Proceedings of the 6th International Conference on Security and Cryptography for Networks, volume 5229 of Lecture Notes in Computer Science, pages 21--38, Berlin, Heidelberg, 2008. Springer-Verlag. Amalfi, Italy.
 
13
S. Kent and R. Atkinson. Security Architecture for the Internet Protocol, 1998. RFC 2401, IETF.
 
14
X. Liu, A. Li, X. Yang, and D. Wetherall. Passport: Secure and Adoptable Source Authentication. In USENIX/ACM Symposium on Networked Systems Design and Implementation, pages 365--378, Berkeley, CA, USA, 2008. USENIX Association.
 
15
X. Liu, X. Yang, D. Wetherall, and T. Anderson. Efficient and Secure Source Authentication with Packet Passports. In Proceedings of the 2nd Conference on Steps to Reducing Unwanted Traffic on the Internet, pages 2--9, Berkeley, CA, USA, 2006. USENIX Association. San Jose, CA.
 
16
J. Mirkovic and P. Reiher. A Taxonomy of DDoS Attack and DDoS Defense Mmechanisms. In ACM SIGCOMM, pages 39--53, New York, NY, USA, 2004. ACM Press. Portland, Oregon.
 
17
R. Moskowitz, P. Nikander, P. Jokela, and T. Henderson. Host Identity Protocol, October 2003. RFC 4423.
 
18
B. Parno, D. Wendlandt, E. Shi, A. Perrig, B. Maggs, and Y.-C. Hu. Portcullis: Protecting Connection Setup from Denial-of-Capability Attacks. In ACM SIGCOMM, pages 289--300. ACM Press, 2007. Kyoto, Japan.
 
19
T. Peng, C. Leckie, and K. Ramamohanarao. Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS Problems. ACM Computing Surveys, 39(1):3, 2007.
 
20
R. L. Rivest and B. Kaliski. The RSA-Problem. Encyclopedia of Cryptography and Security, 2003.
 
21
S. Savage, D. Wetherall, A. Karlin, and T. Anderson. Practical Network Support for IP Traceback. In ACM SIGCOMM, pages 295--306. ACM Press, 2000. Stockholm, Sweden.
 
22
C. Schridde, M. Smith, and B. Freisleben. An Identity-based Key Agreement Protocol for the Network Layer. In SCN '08: Proceedings of the 6th International Conference on Security and Cryptography for Networks, volume 5229 of Lecture Notes in Computer Science, pages 409--422. Springer-Verlag, 2008. Amalfi, Italy.
 
23
A. Shamir. Identity-based Cryptosystems and Signature Schemes. CRYPTO 1984 Advances in Crytology, 196:47--53, 1984.
 
24
D. K. Smetters and G. Durfee. Domain-based Administration of Identity-based Cryptosystems for Secure E-Mail and IPSEC. In Proceedings of the 12th USENIX Security Symposium, pages 15--19, Berkeley, CA, USA, 2003. USENIX Association.

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

Additional Classification:
  E. Data
  E.3 DATA ENCRYPTION
      Subjects: Public key cryptosystems


General Terms:
Algorithms, Security


Keywords:
IP spoofing, denial-of-service, identity-based cryptography, network security, signatures


The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player