Abstract
In today’s Internet routing architecture, the router doesn’t validate the correctness of the source address carried in the packet, nor keep the state information when forwarding the packet. Thus the DDoS attacks with spoofed IP source address can cause security problems. In this paper, we aim to prevent the attackers from attacking somewhere outside the IPv6 edge network with forged source address in the fine granularity. The proposed methods include source address authentication by using session key and hash digest algorithm, and replay attack prevention by combining the sequence number method and the timestamp method. This paper presents the algorithm design and evaluates its feasibility and correctness by simulation experiments.
Chapter PDF
Similar content being viewed by others
References
Bremler-Barr, A., Levy, H.: Spoofing Prevention Method. In: INFOCOM (2005)
Snoeren, C., Luis, A.: Hash-based IP traceback. In: SIGCOMM (2001)
Bellovin, S.: ICMP Traceback messages. IETF Internet Draft draft-ietf-itrace -03.txt (2003)
Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Pratical network support for IP traceback. In: SIGCOMM (2000)
Rizvi, B.: Analysis of Adjusted Probabilistic Packet Marking. In: IPOM 2003 (2003)
Al-Duwairi, B., Manimaran, G.: A Novel Packet Marking Scheme for IP Traceback. In: ICPADS (2004)
Belenky, A., Ansari, N.: Tracing multiple attackers with deterministic packet marking (DPM). In: PACRIM (2003)
Ferguson, P., Senie, D.: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. RFC2827 (2000)
Park, K., Lee, H.: On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets. In: SIGCOMM (2001)
Li, J., Mirkovic, J., Wang, M., Reiher, P., Zhang, L.: SAVE: Source Address Validity Enforcement Protocol. In: INFOCOM (2002)
Rivest, R.: The MD5 Message-Digest Algorithm. RFC1321 (1992)
Eastlake, D., Jones, P.: US Secure Hash Algorithm 1 (SHA1). RFC 3174 (2001)
Rigney, C., Willens, S., Rubens, A., Simpson, W.: Remote Authentication Dia. In: User Service (RADIUS). RFC2865 (2000)
Kohl, J., Neuman, C.: The Kerberos Network Authentication Service (V5). RFC 1510 (September 1993)
Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). RFC 2409 (1998)
Kaufman, C.: Internet Key Exchange (IKEv2) Protocol. RFC 4306 (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Xie, L., Bi, J., Wu, J. (2007). An Authentication Based Source Address Spoofing Prevention Method Deployed in IPv6 Edge Network. In: Shi, Y., van Albada, G.D., Dongarra, J., Sloot, P.M.A. (eds) Computational Science – ICCS 2007. ICCS 2007. Lecture Notes in Computer Science, vol 4490. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72590-9_121
Download citation
DOI: https://doi.org/10.1007/978-3-540-72590-9_121
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72589-3
Online ISBN: 978-3-540-72590-9
eBook Packages: Computer ScienceComputer Science (R0)