SAVAH: Source Address Validation with Host Identity Protocol

Kuptsov, Dmitriy; Gurtov, Andrei

doi:10.1007/978-3-642-04434-2_17

SAVAH: Source Address Validation with Host Identity Protocol

Dmitriy Kuptsov¹⁷ &
Andrei Gurtov¹⁷

Conference paper

621 Accesses
1 Citations

Part of the book series: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ((LNICST,volume 17))

Abstract

Explosive growth of the Internet and lack of mechanisms that validate the authenticity of a packet source produced serious security and accounting issues. In this paper, we propose validating source addresses in LAN using Host Identity Protocol (HIP) deployed in a first-hop router. Compared to alternative solutions such as CGA, our approach is suitable both for IPv4 and IPv6. We have implemented SAVAH in Wi-Fi access points and evaluated its overhead for clients and the first-hop router.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Wu, J., Ren, G., Li, X.: Source Address Validation: Architecture and Protocol Design. In: IEEE International Conference on Network Protocols, pp. 276–283. IEEE Computer Society Press, Los Alamitos (2007)
Google Scholar
Heer, T., Li, S., Wehrle, K.: PISA: P2P Wi-Fi Internet Sharing Architecture. In: 7th IEEE International Conference on Peer-to-Peer Computing, pp. 251–252. IEEE Computer Society Press, Los Alamitos (2007)
Google Scholar
Jin, C., Wang, H., Shin, G.K.: Hop-count filtering: an effective defense against spoofed DDoS traffic. In: 10th ACM conference on Computer and communications security, pp. 30–41. ACM Press, New York (2003)
Google Scholar
Li, J., Mirkovic, J., Wang, M., Reiher, P., Zhang, L.: SAVE: Source address validity enforcement protocol. In: 21st Annual Joint Conference of the IEEE Computer and Communications Societies, pp. 1557–1566. IEEE Press, Los Alamitos (2002)
Google Scholar
Bremler-Barr, A., Levy, H.: Spoofing Prevention Method. In: 24th Annual Joint Conference of the IEEE Computer and Communications Societies, pp. 536–547. IEEE Press, Los Alamitos (2005)
Google Scholar
Gurtov, A.: Host Identity Protocol (HIP): Towards the Secure Mobile Internet. John Wiley and Sons Publishing, Chichester (2008)
Book Google Scholar
Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol, IETF, RFC 2401 (1998)
Google Scholar
Moskowitz, R., Nikander, P.: Host Identity Protocol Architecture, IETF, RFC 4423 (2006)
Google Scholar
Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.: Experimental Host Identity Protocol (HIP), IETF, RFC 5201 (2008)
Google Scholar
Jokela, P., Moskowitz, R., Nikander, P.: Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP), IETF, RFC 5202 (2008)
Google Scholar
Laganier, J., Koponen, T., Eggert, L.: Host Identity Protocol (HIP) Registration Extension, IETF, RFC 5203 (2008)
Google Scholar
Laganier, J., Eggert, L.: Host Identity Protocol (HIP) Rendezvous Extension, IETF, RFC 5204 (2008)
Google Scholar
Nikander, P., Laganier, J.: Host Identity Protocol (HIP) Domain Name System (DNS) Extension, IETF, RFC 5205 (2008)
Google Scholar
Nikander, P., Henderson, T., Vogt, C., Arkko, J.: End-Host Mobility and Multihoming with the Host Identity Protocol (HIP), IETF, RFC 5206 (2008)
Google Scholar
Bi, J., Wu, J., Yao, G.: A CGA based Source Address Authorization and Authentication (CSA) Mechanism for First IPv6 Layer-3 Hop: draft-bi-savi-csa-00, IETF, Internet Draft (2007)
Google Scholar
Nikander, P., Melen, J.: A Bound End-to-End Tunnel (BEET) mode for ESP: draft-nikander-esp-beet-mode-09, ITEF, Internet Draft (2008)
Google Scholar
OpenWRT Web site, http://www.openwrt.org
PanOULU Public WLAN Network, http://www.panoulu.net

Download references

Author information

Authors and Affiliations

Helsinki Institute for Information Technology, Helsinki University of Technology, Finland
Dmitriy Kuptsov & Andrei Gurtov

Authors

Dmitriy Kuptsov
View author publications
You can also search for this author in PubMed Google Scholar
Andrei Gurtov
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

novalyst IT AG, Robert-Bosch Str. 38, 61184, Karben, Germany
Andreas U. Schmidt
France Telecom R&D, Haidian District, 10F, South Twr., Raycom Infotech, Park C, 2 Science Institute South Rd.,, 100080, Beijing, China
Shiguo Lian

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kuptsov, D., Gurtov, A. (2009). SAVAH: Source Address Validation with Host Identity Protocol . In: Schmidt, A.U., Lian, S. (eds) Security and Privacy in Mobile Information and Communication Systems. MobiSec 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 17. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04434-2_17

Download citation

DOI: https://doi.org/10.1007/978-3-642-04434-2_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04433-5
Online ISBN: 978-3-642-04434-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics