Abstract
In this paper, we propose a Lightweight Internet Permit System (LIPS) that provides a lightweight, scalable packet authentication mechanism for ensuring traffic-origin accountability. LIPS is a simple extension of IP, in which each packet carries an access permit issued by its destination host or gateway, and the destination verifies the access permit to determine if a packet is accepted or dropped. We will first present the design and the prototype implementation of LIPS on Linux 2.4 kernel. We then use analysis, simulations, and experiments to show how LIPS can effectively prevent protected critical servers and links from being flooded by unwanted packets with negligible overheads. We propose LIPS as an domain-to-domain approach to stop unwanted attacks, without requiring broad changes in backbone networks as other approaches. Therefore, LIPS is incrementally deployable in a large scale on common platforms with minor software patches.
Chapter PDF
Similar content being viewed by others
References
Anderson, T., Roscoe, T., Wetherall, D.: Preventing internet denial-of-service with capabilities. Hotnets 2003 (November 2003)
Dong, Y., Choi, C., Zhang, Z.l.: A lightweight permit system for stopping unwanted packets. Technical Report (July 2004), http://www.ee.hawaii.edu/~dong/papers/LIPS_report.pdf
Estrin, D., et al.: Visa protocols for controlling inter-organization datagram flow. IEEE Journal on Selected Areas in Communication (May 1989)
Hadjichristo, G., Davis IV, N., Midki, C.: Ipsec overhead in wireline and wireless networks for web and email applications. In: Proc. of IEEE IPCCC (April 2003)
Keromytis, A., Misra, V., Rubenstein, D.: SOS: Secure overlay services. In: Proc. of ACM SIGCOMM (August 2002)
Menezes, A., Oorschot, P., Vanstone, S.: Handbook of applied cryptography. CRC Press, Boca Raton (1996) ISBN: 0-8493-8523-7
Park, K., Lee, H.: On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law Internets. In: Proc. of ACM SIGCOMM 2001, San Diago, CA (2001)
Wang, H., Bose, A., Gendy, M., Shin, K.: IP Easy-pass: Edge Resource Access Control. In: Proc. of IEEE INFOCOM (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Choi, C., Dong, Y., Zhang, ZL. (2005). LIPS: Lightweight Internet Permit System for Stopping Unwanted Packets. In: Boutaba, R., Almeroth, K., Puigjaner, R., Shen, S., Black, J.P. (eds) NETWORKING 2005. Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems. NETWORKING 2005. Lecture Notes in Computer Science, vol 3462. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11422778_15
Download citation
DOI: https://doi.org/10.1007/11422778_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25809-4
Online ISBN: 978-3-540-32017-3
eBook Packages: Computer ScienceComputer Science (R0)