Identity-based cryptosystems and signature schemes
Proceedings of CRYPTO 84 on Advances in cryptology
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Identity-Based Encryption from the Weil Pairing
SIAM Journal on Computing
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Survey of network-based defense mechanisms countering the DoS and DDoS problems
ACM Computing Surveys (CSUR)
Efficient and secure source authentication with packet passports
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Domain-based administration of identity-based cryptosystems for secure email and IPSEC
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Portcullis: protecting connection setup from denial-of-capability attacks
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Passport: secure and adoptable source authentication
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Lightweight email signatures (extended abstract)
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Hi-index | 0.00 |
In this paper, TrueIP--a system to prevent IP spoofing using identity-based cryptography--is presented. TrueIP is based on a new identity-based signature scheme to allow verification of an IP address without relying on a certificate or a public key infrastructure. It does not require changes or restrictions to the Internet routing protocol, is incrementally deployable, and offers protection from denial-of-service attacks based on IP spoofing. Implementation issues for practical deployment are discussed. Measurements of the TrueIP computation times for signature generation and verification are presented. Furthermore, the management overhead and bandwidth consumption to achieve proof of legitimate IP address possession and verification is compared with a standard Public Key Infrastructure approach using X.509 certificates signed by a Certificate Authority.