TrueIP: prevention of IP spoofing attacks using identity-based cryptography

Authors:
Christian Schridde;Matthew Smith;Bernd Freisleben
Affiliations:
University of Marburg, Marburg, Germany;University of Marburg, Marburg, Germany;University of Marburg, Marburg, Germany
Venue:
Proceedings of the 2nd international conference on Security of information and networks
Year:
2009

Citing 10
Cited 0

Identity-based cryptosystems and signature schemes

Proceedings of CRYPTO 84 on Advances in cryptology
Practical network support for IP traceback

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Identity-Based Encryption from the Weil Pairing

SIAM Journal on Computing
A taxonomy of DDoS attack and DDoS defense mechanisms

ACM SIGCOMM Computer Communication Review
Survey of network-based defense mechanisms countering the DoS and DDoS problems

ACM Computing Surveys (CSUR)
Efficient and secure source authentication with packet passports

SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Domain-based administration of identity-based cryptosystems for secure email and IPSEC

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Portcullis: protecting connection setup from denial-of-capability attacks

Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Passport: secure and adoptable source authentication

NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Lightweight email signatures (extended abstract)

SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, TrueIP--a system to prevent IP spoofing using identity-based cryptography--is presented. TrueIP is based on a new identity-based signature scheme to allow verification of an IP address without relying on a certificate or a public key infrastructure. It does not require changes or restrictions to the Internet routing protocol, is incrementally deployable, and offers protection from denial-of-service attacks based on IP spoofing. Implementation issues for practical deployment are discussed. Measurements of the TrueIP computation times for signature generation and verification are presented. Furthermore, the management overhead and bandwidth consumption to achieve proof of legitimate IP address possession and verification is compared with a standard Public Key Infrastructure approach using X.509 certificates signed by a Certificate Authority.