Enabling Efficient Source and Path Verification via Probabilistic Packet Marking

Bo Wu, Ke Xu, Qi Li, Zhuotao Liu, Yih-Chun Hu, Martin J. Reed, Meng Shen, Fan Yang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The Internet lacks verification of source authenticity and path compliance between the planned packet delivery paths and the real delivery paths, which allows attackers to construct attacks like source spoofing and traffic hijacking attacks. Thus, it is essential to enable source and path verification in networks to detect forwarding anomalies and ensure correct packet delivery. However, most of the existing security mechanisms can only capture anomalies but are unable to locate the detected anomalies. Besides, they incur significant computation and communication overhead, which exacerbates the packet delivery performance. In this paper, we propose a high-efficient packet forwarding verification mechanism called PPV for networks, which verifies packet source and their forwarding paths in real time. PPV enables probabilistic packet marking in routers instead of verifying all packets. Thus, it can efficiently identify forwarding anomalies by verifying markings. Moreover, it localizes packet forwarding anomalies, e.g., malicious routers, by reconstructing packet forwarding paths based on the packet markings. We implement PPV prototype in Click routers and commodity servers, and conducts real experiments in a real testbed built upon the prototype. The experimental results demonstrate the efficiency and performance of PPV. In particular, PPV significantly improves the throughput and the goodput of forwarding verification, and achieves around 2 times and 3 times improvement compared with the-state-of-art OPT scheme, respectively.

Original languageEnglish (US)
Title of host publication2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538625422
DOIs
StatePublished - Jan 22 2019
Event26th IEEE/ACM International Symposium on Quality of Service, IWQoS 2018 - Banff, Canada
Duration: Jun 4 2018Jun 6 2018

Publication series

Name2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018

Conference

Conference26th IEEE/ACM International Symposium on Quality of Service, IWQoS 2018
CountryCanada
CityBanff
Period6/4/186/6/18

Fingerprint

Routers
Testbeds
Servers
Throughput
Internet
Anomaly
Communication
Experiments
Prototype
Attack

Keywords

  • Fault Localization
  • Source and Path Verification

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Management of Technology and Innovation
  • Computer Networks and Communications
  • Media Technology

Cite this

Wu, B., Xu, K., Li, Q., Liu, Z., Hu, Y-C., Reed, M. J., ... Yang, F. (2019). Enabling Efficient Source and Path Verification via Probabilistic Packet Marking. In 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018 [8624169] (2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IWQoS.2018.8624169

Enabling Efficient Source and Path Verification via Probabilistic Packet Marking. / Wu, Bo; Xu, Ke; Li, Qi; Liu, Zhuotao; Hu, Yih-Chun; Reed, Martin J.; Shen, Meng; Yang, Fan.

2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018. Institute of Electrical and Electronics Engineers Inc., 2019. 8624169 (2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Wu, B, Xu, K, Li, Q, Liu, Z, Hu, Y-C, Reed, MJ, Shen, M & Yang, F 2019, Enabling Efficient Source and Path Verification via Probabilistic Packet Marking. in 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018., 8624169, 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018, Institute of Electrical and Electronics Engineers Inc., 26th IEEE/ACM International Symposium on Quality of Service, IWQoS 2018, Banff, Canada, 6/4/18. https://doi.org/10.1109/IWQoS.2018.8624169
Wu B, Xu K, Li Q, Liu Z, Hu Y-C, Reed MJ et al. Enabling Efficient Source and Path Verification via Probabilistic Packet Marking. In 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018. Institute of Electrical and Electronics Engineers Inc. 2019. 8624169. (2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018). https://doi.org/10.1109/IWQoS.2018.8624169
Wu, Bo ; Xu, Ke ; Li, Qi ; Liu, Zhuotao ; Hu, Yih-Chun ; Reed, Martin J. ; Shen, Meng ; Yang, Fan. / Enabling Efficient Source and Path Verification via Probabilistic Packet Marking. 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018. Institute of Electrical and Electronics Engineers Inc., 2019. (2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018).
@inproceedings{d23b733f3a814b7185a6cda083abdb4f,
title = "Enabling Efficient Source and Path Verification via Probabilistic Packet Marking",
abstract = "The Internet lacks verification of source authenticity and path compliance between the planned packet delivery paths and the real delivery paths, which allows attackers to construct attacks like source spoofing and traffic hijacking attacks. Thus, it is essential to enable source and path verification in networks to detect forwarding anomalies and ensure correct packet delivery. However, most of the existing security mechanisms can only capture anomalies but are unable to locate the detected anomalies. Besides, they incur significant computation and communication overhead, which exacerbates the packet delivery performance. In this paper, we propose a high-efficient packet forwarding verification mechanism called PPV for networks, which verifies packet source and their forwarding paths in real time. PPV enables probabilistic packet marking in routers instead of verifying all packets. Thus, it can efficiently identify forwarding anomalies by verifying markings. Moreover, it localizes packet forwarding anomalies, e.g., malicious routers, by reconstructing packet forwarding paths based on the packet markings. We implement PPV prototype in Click routers and commodity servers, and conducts real experiments in a real testbed built upon the prototype. The experimental results demonstrate the efficiency and performance of PPV. In particular, PPV significantly improves the throughput and the goodput of forwarding verification, and achieves around 2 times and 3 times improvement compared with the-state-of-art OPT scheme, respectively.",
keywords = "Fault Localization, Source and Path Verification",
author = "Bo Wu and Ke Xu and Qi Li and Zhuotao Liu and Yih-Chun Hu and Reed, {Martin J.} and Meng Shen and Fan Yang",
year = "2019",
month = "1",
day = "22",
doi = "10.1109/IWQoS.2018.8624169",
language = "English (US)",
series = "2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018",
address = "United States",

}

TY - GEN

T1 - Enabling Efficient Source and Path Verification via Probabilistic Packet Marking

AU - Wu, Bo

AU - Xu, Ke

AU - Li, Qi

AU - Liu, Zhuotao

AU - Hu, Yih-Chun

AU - Reed, Martin J.

AU - Shen, Meng

AU - Yang, Fan

PY - 2019/1/22

Y1 - 2019/1/22

N2 - The Internet lacks verification of source authenticity and path compliance between the planned packet delivery paths and the real delivery paths, which allows attackers to construct attacks like source spoofing and traffic hijacking attacks. Thus, it is essential to enable source and path verification in networks to detect forwarding anomalies and ensure correct packet delivery. However, most of the existing security mechanisms can only capture anomalies but are unable to locate the detected anomalies. Besides, they incur significant computation and communication overhead, which exacerbates the packet delivery performance. In this paper, we propose a high-efficient packet forwarding verification mechanism called PPV for networks, which verifies packet source and their forwarding paths in real time. PPV enables probabilistic packet marking in routers instead of verifying all packets. Thus, it can efficiently identify forwarding anomalies by verifying markings. Moreover, it localizes packet forwarding anomalies, e.g., malicious routers, by reconstructing packet forwarding paths based on the packet markings. We implement PPV prototype in Click routers and commodity servers, and conducts real experiments in a real testbed built upon the prototype. The experimental results demonstrate the efficiency and performance of PPV. In particular, PPV significantly improves the throughput and the goodput of forwarding verification, and achieves around 2 times and 3 times improvement compared with the-state-of-art OPT scheme, respectively.

AB - The Internet lacks verification of source authenticity and path compliance between the planned packet delivery paths and the real delivery paths, which allows attackers to construct attacks like source spoofing and traffic hijacking attacks. Thus, it is essential to enable source and path verification in networks to detect forwarding anomalies and ensure correct packet delivery. However, most of the existing security mechanisms can only capture anomalies but are unable to locate the detected anomalies. Besides, they incur significant computation and communication overhead, which exacerbates the packet delivery performance. In this paper, we propose a high-efficient packet forwarding verification mechanism called PPV for networks, which verifies packet source and their forwarding paths in real time. PPV enables probabilistic packet marking in routers instead of verifying all packets. Thus, it can efficiently identify forwarding anomalies by verifying markings. Moreover, it localizes packet forwarding anomalies, e.g., malicious routers, by reconstructing packet forwarding paths based on the packet markings. We implement PPV prototype in Click routers and commodity servers, and conducts real experiments in a real testbed built upon the prototype. The experimental results demonstrate the efficiency and performance of PPV. In particular, PPV significantly improves the throughput and the goodput of forwarding verification, and achieves around 2 times and 3 times improvement compared with the-state-of-art OPT scheme, respectively.

KW - Fault Localization

KW - Source and Path Verification

UR - http://www.scopus.com/inward/record.url?scp=85060231147&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85060231147&partnerID=8YFLogxK

U2 - 10.1109/IWQoS.2018.8624169

DO - 10.1109/IWQoS.2018.8624169

M3 - Conference contribution

AN - SCOPUS:85060231147

T3 - 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018

BT - 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018

PB - Institute of Electrical and Electronics Engineers Inc.

ER -