{"title":"安全,高效,兼容的源地址验证与数据包标签","authors":"Xinyu Yang, Jiahao Cao, Mingwei Xu","doi":"10.1109/IPCCC50635.2020.9391554","DOIUrl":null,"url":null,"abstract":"Spoofed traffic has been a great threat to the Internet. Tag-based inter-AS source address validation solutions show great effectiveness and high deployment incentives on filtering spoofed traffic. However, they fail to consider secure key negotiation for tags, efficient tag generation for network devices, and compatible tag placement for network functionalities. In this paper, we present SEC, a secure, efficient, and compatible source address validation scheme based on packet tags. We provide a secure key negotiation method and a lightweight tag generation algorithm for SEC considering hardware limitations of network devices. They can be easily implemented in network devices to filter spoofed packets while forwarding packets at approximately line rate. We also carefully place all tags into appropriate option fields in packet headers to guarantee the compatibility of network functionalities. We implement SEC in real programmable switches. Both theoretical analysis and experimental results show SEC can verify source addresses of packets in a secure, efficient, and compatible way.","PeriodicalId":226034,"journal":{"name":"2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"SEC: Secure, Efficient, and Compatible Source Address Validation with Packet Tags\",\"authors\":\"Xinyu Yang, Jiahao Cao, Mingwei Xu\",\"doi\":\"10.1109/IPCCC50635.2020.9391554\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Spoofed traffic has been a great threat to the Internet. Tag-based inter-AS source address validation solutions show great effectiveness and high deployment incentives on filtering spoofed traffic. However, they fail to consider secure key negotiation for tags, efficient tag generation for network devices, and compatible tag placement for network functionalities. In this paper, we present SEC, a secure, efficient, and compatible source address validation scheme based on packet tags. We provide a secure key negotiation method and a lightweight tag generation algorithm for SEC considering hardware limitations of network devices. They can be easily implemented in network devices to filter spoofed packets while forwarding packets at approximately line rate. We also carefully place all tags into appropriate option fields in packet headers to guarantee the compatibility of network functionalities. We implement SEC in real programmable switches. Both theoretical analysis and experimental results show SEC can verify source addresses of packets in a secure, efficient, and compatible way.\",\"PeriodicalId\":226034,\"journal\":{\"name\":\"2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC)\",\"volume\":\"55 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-11-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IPCCC50635.2020.9391554\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IPCCC50635.2020.9391554","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
SEC: Secure, Efficient, and Compatible Source Address Validation with Packet Tags
Spoofed traffic has been a great threat to the Internet. Tag-based inter-AS source address validation solutions show great effectiveness and high deployment incentives on filtering spoofed traffic. However, they fail to consider secure key negotiation for tags, efficient tag generation for network devices, and compatible tag placement for network functionalities. In this paper, we present SEC, a secure, efficient, and compatible source address validation scheme based on packet tags. We provide a secure key negotiation method and a lightweight tag generation algorithm for SEC considering hardware limitations of network devices. They can be easily implemented in network devices to filter spoofed packets while forwarding packets at approximately line rate. We also carefully place all tags into appropriate option fields in packet headers to guarantee the compatibility of network functionalities. We implement SEC in real programmable switches. Both theoretical analysis and experimental results show SEC can verify source addresses of packets in a secure, efficient, and compatible way.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
