2014
DOI: 10.1145/2740070.2626323
|View full text |Cite
|
Sign up to set email alerts
|

Lightweight source authentication and path validation

Abstract: In-network source authentication and path validation are fundamental primitives to construct higher-level security mechanisms such as DDoS mitigation, path compliance, packet attribution, or protection against flow redirection. Unfortunately, currently proposed solutions either fall short of addressing important security concerns or require a substantial amount of router overhead. In this paper, we propose lightweight, scalable, and secure protocols for shared key setup, source authentication, and path validat… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
72
1

Year Published

2014
2014
2024
2024

Publication Types

Select...
4
2
2

Relationship

3
5

Authors

Journals

citations
Cited by 41 publications
(73 citation statements)
references
References 29 publications
0
72
1
Order By: Relevance
“…Although our work is not comparable with other software switching proposals for today's networks (e.g., IP or SDN) [16,18,19], our design and implementation can prove beneficial to proposals, such as IC-ING [20] and OPT [21], that leverage symmetric-key cryptography on the data plane.…”
Section: Related Workmentioning
confidence: 96%
See 1 more Smart Citation
“…Although our work is not comparable with other software switching proposals for today's networks (e.g., IP or SDN) [16,18,19], our design and implementation can prove beneficial to proposals, such as IC-ING [20] and OPT [21], that leverage symmetric-key cryptography on the data plane.…”
Section: Related Workmentioning
confidence: 96%
“…OPT [21] proposes light-weight protocols for source authentication and path validation. OPT also leverages symmetric-key cryptography at each router to generate a local secret key per packet and perform MAC computations.…”
Section: Related Workmentioning
confidence: 99%
“…Umbrella maintains per-sender state in the congestion resolving layer, and consequently relies on the correctness of source addresses. Such correctness can be assured by the more complete adoption of Ingress Filtering [25], [26] or the source authentication schemes [27], [28]. On our way to achieve complete spoof elimination 1 , Umbrella requires victim's additional participation to minimize the chance of source spoofing.…”
Section: A Problem Spacementioning
confidence: 99%
“…According to Equation 19 and the fact that α 1.0 decreases fast as the n (k) decreases by the factor of m, P worst (m, n (k) , α) for n (k) < n γ does not affect the product much for the most of α values. Therefore, we can approximate P r worst (A α ) as follows: , when n < nγ (20) , where size of {k|n (k) ≥ n γ } is log m (n/n γ ) + 1, because n (k) = n (k−1) /m. According to Theorem 2, approximately P worst (m, n, α) ≥ 1−Q(K, n m ) where K = n m + 2 n m log n − α .…”
Section: C2 Proof Sketch For Rlfd Total Detection Probabilitymentioning
confidence: 99%