Abstract
Explosive growth of the Internet and lack of mechanisms that validate the authenticity of a packet source produced serious security and accounting issues. In this paper, we propose validating source addresses in LAN using Host Identity Protocol (HIP) deployed in a first-hop router. Compared to alternative solutions such as CGA, our approach is suitable both for IPv4 and IPv6. We have implemented SAVAH in Wi-Fi access points and evaluated its overhead for clients and the first-hop router.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Wu, J., Ren, G., Li, X.: Source Address Validation: Architecture and Protocol Design. In: IEEE International Conference on Network Protocols, pp. 276–283. IEEE Computer Society Press, Los Alamitos (2007)
Heer, T., Li, S., Wehrle, K.: PISA: P2P Wi-Fi Internet Sharing Architecture. In: 7th IEEE International Conference on Peer-to-Peer Computing, pp. 251–252. IEEE Computer Society Press, Los Alamitos (2007)
Jin, C., Wang, H., Shin, G.K.: Hop-count filtering: an effective defense against spoofed DDoS traffic. In: 10th ACM conference on Computer and communications security, pp. 30–41. ACM Press, New York (2003)
Li, J., Mirkovic, J., Wang, M., Reiher, P., Zhang, L.: SAVE: Source address validity enforcement protocol. In: 21st Annual Joint Conference of the IEEE Computer and Communications Societies, pp. 1557–1566. IEEE Press, Los Alamitos (2002)
Bremler-Barr, A., Levy, H.: Spoofing Prevention Method. In: 24th Annual Joint Conference of the IEEE Computer and Communications Societies, pp. 536–547. IEEE Press, Los Alamitos (2005)
Gurtov, A.: Host Identity Protocol (HIP): Towards the Secure Mobile Internet. John Wiley and Sons Publishing, Chichester (2008)
Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol, IETF, RFC 2401 (1998)
Moskowitz, R., Nikander, P.: Host Identity Protocol Architecture, IETF, RFC 4423 (2006)
Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.: Experimental Host Identity Protocol (HIP), IETF, RFC 5201 (2008)
Jokela, P., Moskowitz, R., Nikander, P.: Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP), IETF, RFC 5202 (2008)
Laganier, J., Koponen, T., Eggert, L.: Host Identity Protocol (HIP) Registration Extension, IETF, RFC 5203 (2008)
Laganier, J., Eggert, L.: Host Identity Protocol (HIP) Rendezvous Extension, IETF, RFC 5204 (2008)
Nikander, P., Laganier, J.: Host Identity Protocol (HIP) Domain Name System (DNS) Extension, IETF, RFC 5205 (2008)
Nikander, P., Henderson, T., Vogt, C., Arkko, J.: End-Host Mobility and Multihoming with the Host Identity Protocol (HIP), IETF, RFC 5206 (2008)
Bi, J., Wu, J., Yao, G.: A CGA based Source Address Authorization and Authentication (CSA) Mechanism for First IPv6 Layer-3 Hop: draft-bi-savi-csa-00, IETF, Internet Draft (2007)
Nikander, P., Melen, J.: A Bound End-to-End Tunnel (BEET) mode for ESP: draft-nikander-esp-beet-mode-09, ITEF, Internet Draft (2008)
OpenWRT Web site, http://www.openwrt.org
PanOULU Public WLAN Network, http://www.panoulu.net
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Kuptsov, D., Gurtov, A. (2009). SAVAH: Source Address Validation with Host Identity Protocol . In: Schmidt, A.U., Lian, S. (eds) Security and Privacy in Mobile Information and Communication Systems. MobiSec 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 17. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04434-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-04434-2_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04433-5
Online ISBN: 978-3-642-04434-2
eBook Packages: Computer ScienceComputer Science (R0)