SpringSim '07 Proceedings of the 2007 spring simulation multiconference - Volume 3
International Journal of Information and Computer Security
| Hi-index | 0.00 |
Authentication forms the basis for most applications on the Internet. However, at the IP level, no solid mechanism yet exists for detecting ýspoofedý IP packets. The need for authenticating source IP addresses has become eminent with the advent of many ingenious DDoS attacks. In this paper, we propose a type of authentication scheme based on group (or multi party) signatures and discuss applications of such a scheme in preventing and detecting many types of DDoS attacks found on the Internet. Group signatures authenticate groups of senders rather than individuals and using such a scheme, senders can prove membership of a particular group without having to reveal their individual identity. The main idea behind our approach is to combine senders into large groups to reduce the amount of keying information kept in core routers. Our scheme also presents a method for secure routing protocols in general. Using our scheme, several autonomous networks can exercise policies on granting or denying routing privileges to other interconnected networks. Essentially, our protocol uses the concept of ýNon-interactive zero knowledge proofs of membershipý.