Lightweight source authentication and path validation

Tiffany Hyun Jin Kim, Cristina Basescu, Limin Jia, Soo Bum Lee, Yih-Chun Hu, Adrian Perrig

Research output: Contribution to journalConference article

Abstract

In-network source authentication and path validation are fundamental primitives to construct higher-level security mechanisms such as DDoS mitigation, path compliance, packet attribution, or protection against flow redirection. Unfortunately, currently proposed solutions either fall short of addressing important security concerns or require a substantial amount of router overhead. In this paper, we propose lightweight, scalable, and secure protocols for shared key setup, source authentication, and path validation. Our prototype implementation demonstrates the efficiency and scalability of the protocols, especially for software-based implementations.

Original languageEnglish (US)
Pages (from-to)271-282
Number of pages12
JournalComputer Communication Review
Volume44
Issue number4
DOIs
StatePublished - Feb 25 2015
EventACM SIGCOMM 2014 Conference - Chicago, United States
Duration: Aug 17 2014Aug 22 2014

Fingerprint

Authentication
Routers
Scalability
Compliance

Keywords

  • Path validation
  • Retroactive key setup
  • Source authentication

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Kim, T. H. J., Basescu, C., Jia, L., Lee, S. B., Hu, Y-C., & Perrig, A. (2015). Lightweight source authentication and path validation. Computer Communication Review, 44(4), 271-282. https://doi.org/10.1145/2619239.2626323

Lightweight source authentication and path validation. / Kim, Tiffany Hyun Jin; Basescu, Cristina; Jia, Limin; Lee, Soo Bum; Hu, Yih-Chun; Perrig, Adrian.

In: Computer Communication Review, Vol. 44, No. 4, 25.02.2015, p. 271-282.

Research output: Contribution to journalConference article

Kim, THJ, Basescu, C, Jia, L, Lee, SB, Hu, Y-C & Perrig, A 2015, 'Lightweight source authentication and path validation', Computer Communication Review, vol. 44, no. 4, pp. 271-282. https://doi.org/10.1145/2619239.2626323
Kim, Tiffany Hyun Jin ; Basescu, Cristina ; Jia, Limin ; Lee, Soo Bum ; Hu, Yih-Chun ; Perrig, Adrian. / Lightweight source authentication and path validation. In: Computer Communication Review. 2015 ; Vol. 44, No. 4. pp. 271-282.
@article{e68e4d43509a4b0cb23d69a19b99ca7a,
title = "Lightweight source authentication and path validation",
abstract = "In-network source authentication and path validation are fundamental primitives to construct higher-level security mechanisms such as DDoS mitigation, path compliance, packet attribution, or protection against flow redirection. Unfortunately, currently proposed solutions either fall short of addressing important security concerns or require a substantial amount of router overhead. In this paper, we propose lightweight, scalable, and secure protocols for shared key setup, source authentication, and path validation. Our prototype implementation demonstrates the efficiency and scalability of the protocols, especially for software-based implementations.",
keywords = "Path validation, Retroactive key setup, Source authentication",
author = "Kim, {Tiffany Hyun Jin} and Cristina Basescu and Limin Jia and Lee, {Soo Bum} and Yih-Chun Hu and Adrian Perrig",
year = "2015",
month = "2",
day = "25",
doi = "10.1145/2619239.2626323",
language = "English (US)",
volume = "44",
pages = "271--282",
journal = "Computer Communication Review",
issn = "0146-4833",
publisher = "Association for Computing Machinery (ACM)",
number = "4",

}

TY - JOUR

T1 - Lightweight source authentication and path validation

AU - Kim, Tiffany Hyun Jin

AU - Basescu, Cristina

AU - Jia, Limin

AU - Lee, Soo Bum

AU - Hu, Yih-Chun

AU - Perrig, Adrian

PY - 2015/2/25

Y1 - 2015/2/25

N2 - In-network source authentication and path validation are fundamental primitives to construct higher-level security mechanisms such as DDoS mitigation, path compliance, packet attribution, or protection against flow redirection. Unfortunately, currently proposed solutions either fall short of addressing important security concerns or require a substantial amount of router overhead. In this paper, we propose lightweight, scalable, and secure protocols for shared key setup, source authentication, and path validation. Our prototype implementation demonstrates the efficiency and scalability of the protocols, especially for software-based implementations.

AB - In-network source authentication and path validation are fundamental primitives to construct higher-level security mechanisms such as DDoS mitigation, path compliance, packet attribution, or protection against flow redirection. Unfortunately, currently proposed solutions either fall short of addressing important security concerns or require a substantial amount of router overhead. In this paper, we propose lightweight, scalable, and secure protocols for shared key setup, source authentication, and path validation. Our prototype implementation demonstrates the efficiency and scalability of the protocols, especially for software-based implementations.

KW - Path validation

KW - Retroactive key setup

KW - Source authentication

UR - http://www.scopus.com/inward/record.url?scp=84924409356&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84924409356&partnerID=8YFLogxK

U2 - 10.1145/2619239.2626323

DO - 10.1145/2619239.2626323

M3 - Conference article

AN - SCOPUS:84924409356

VL - 44

SP - 271

EP - 282

JO - Computer Communication Review

JF - Computer Communication Review

SN - 0146-4833

IS - 4

ER -