LIPS: lightweight internet permit system for stopping unwanted packets

Authors:
Changho Choi;Yingfei Dong;Zhi-Li Zhang
Affiliations:
Dept. of Computer Science, Univ. of Minnesota, Minneapolis, MN;Dept. of Electrical Engineering, Univ. of Hawaii, Honolulu, HI;Dept. of Computer Science, Univ. of Minnesota, Minneapolis, MN
Venue:
NETWORKING'05 Proceedings of the 4th IFIP-TC6 international conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communication Systems
Year:
2005

Citing 3
Cited 0

On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Handbook of Applied Cryptography

Handbook of Applied Cryptography
SOS: secure overlay services

Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we propose a Lightweight Internet Permit System (LIPS) that provides a lightweight, scalable packet authentication mechanism for ensuring traffic-origin accountability. LIPS is a simple extension of IP, in which each packet carries an access permit issued by its destination host or gateway, and the destination verifies the access permit to determine if a packet is accepted or dropped. We will first present the design and the prototype implementation of LIPS on Linux 2.4 kernel. We then use analysis, simulations, and experiments to show how LIPS can effectively prevent protected critical servers and links from being flooded by unwanted packets with negligible overheads. We propose LIPS as an domain-to-domain approach to stop unwanted attacks, without requiring broad changes in backbone networks as other approaches. Therefore, LIPS is incrementally deployable in a large scale on common platforms with minor software patches.