Abstract

This paper proposes a future Internet architecture whose security foundations prevent todaypsilas major threats - IP spoofing, distributed denial-of-service attacks, distributed scanning and intrusions, and wide-spread worm infections.The core of the architecture are source signatures that are attached to each packet by its creator host. These lightweight, unforgeable signatures make senders accountable for traffic they originate. They also enable spoofing elimination close to sources since they are verified at each router hop. The second layer of the architecture introduces route- independent, lightweight, unforgeable and short-lived packet tickets that act as capabilities. They indicate that the packet's destination agrees to receive traffic from a given source and eliminate some common denial-of-service attacks close to sources because they are verified at each router hop. The top layer contains a reputation system that …

Date

October 19, 2008

Authors

Jelena Mirkovic, Peter Reiher

Conference

2008 4th Workshop on Secure Network Protocols

Pages

45-51

Publisher

IEEE