Ticket based service access for the mobile user
MobiCom '97 Proceedings of the 3rd annual ACM/IEEE international conference on Mobile computing and networking
Summary cache: a scalable wide-area Web cache sharing protocol
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Analysis of the autonomous system network topology
ACM SIGCOMM Computer Communication Review
Identity-Based Encryption from the Weil Pairing
SIAM Journal on Computing
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
Three Practical Ways to Improve Your Network
LISA '03 Proceedings of the 17th USENIX conference on System administration
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Active internet traffic filtering: real-time response to denial-of-service attacks
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Design and implementation of a routing control platform
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A distributed reputation approach to cooperative internet routing protection
NPSEC'05 Proceedings of the First international conference on Secure network protocols
SRUTI'07 Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet
Packet forwarding with source verification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Passport: secure and adoptable source authentication
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Rationality and traffic attraction: incentives for honest path announcements in bgp
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Privacy Preserving Data Mining within Anonymous Credential Systems
SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
TrueIP: prevention of IP spoofing attacks using identity-based cryptography
Proceedings of the 2nd international conference on Security of information and networks
The automatic peer-to-peer signature for source address validation
KES'07/WIRN'07 Proceedings of the 11th international conference, KES 2007 and XVII Italian workshop on neural networks conference on Knowledge-based intelligent information and engineering systems: Part I
Privacy-preserving network forensics
Communications of the ACM
NetQuery: a knowledge plane for reasoning about network properties
Proceedings of the ACM SIGCOMM 2011 conference
Journal of Network and Computer Applications
Hi-index | 0.02 |
A key challenge in combating Denial of Service (DoS) attacks is to reliably identify attack sources from packet contents. If a source can be reliably identified, routers can stop an attack by filtering packets from the attack sources without causing collateral damage to legitimate traffic. This task is difficult because attackers may spoof arbitrary packet contents to hide their identities. This paper proposes a packet passport system to address this challenge. A packet passport efficiently and securely authenticates the source of a packet. A packet with a valid passport must have originated from the claimed source. The packet passport system can be incrementally deployed without introducing extra control messages. It also provides incentives for early adoption: a domain that deploys packet passport system can prevent other domains from spoofing its source identifiers. Our preliminary analysis suggests that the packet passport system can be implemented at high-speed routers with today's technologies.