TY - GEN
T1 - Enabling Efficient Source and Path Verification via Probabilistic Packet Marking
AU - Wu, Bo
AU - Xu, Ke
AU - Li, Qi
AU - Liu, Zhuotao
AU - Hu, Yih Chun
AU - Reed, Martin J.
AU - Shen, Meng
AU - Yang, Fan
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2019/1/22
Y1 - 2019/1/22
N2 - The Internet lacks verification of source authenticity and path compliance between the planned packet delivery paths and the real delivery paths, which allows attackers to construct attacks like source spoofing and traffic hijacking attacks. Thus, it is essential to enable source and path verification in networks to detect forwarding anomalies and ensure correct packet delivery. However, most of the existing security mechanisms can only capture anomalies but are unable to locate the detected anomalies. Besides, they incur significant computation and communication overhead, which exacerbates the packet delivery performance. In this paper, we propose a high-efficient packet forwarding verification mechanism called PPV for networks, which verifies packet source and their forwarding paths in real time. PPV enables probabilistic packet marking in routers instead of verifying all packets. Thus, it can efficiently identify forwarding anomalies by verifying markings. Moreover, it localizes packet forwarding anomalies, e.g., malicious routers, by reconstructing packet forwarding paths based on the packet markings. We implement PPV prototype in Click routers and commodity servers, and conducts real experiments in a real testbed built upon the prototype. The experimental results demonstrate the efficiency and performance of PPV. In particular, PPV significantly improves the throughput and the goodput of forwarding verification, and achieves around 2 times and 3 times improvement compared with the-state-of-art OPT scheme, respectively.
AB - The Internet lacks verification of source authenticity and path compliance between the planned packet delivery paths and the real delivery paths, which allows attackers to construct attacks like source spoofing and traffic hijacking attacks. Thus, it is essential to enable source and path verification in networks to detect forwarding anomalies and ensure correct packet delivery. However, most of the existing security mechanisms can only capture anomalies but are unable to locate the detected anomalies. Besides, they incur significant computation and communication overhead, which exacerbates the packet delivery performance. In this paper, we propose a high-efficient packet forwarding verification mechanism called PPV for networks, which verifies packet source and their forwarding paths in real time. PPV enables probabilistic packet marking in routers instead of verifying all packets. Thus, it can efficiently identify forwarding anomalies by verifying markings. Moreover, it localizes packet forwarding anomalies, e.g., malicious routers, by reconstructing packet forwarding paths based on the packet markings. We implement PPV prototype in Click routers and commodity servers, and conducts real experiments in a real testbed built upon the prototype. The experimental results demonstrate the efficiency and performance of PPV. In particular, PPV significantly improves the throughput and the goodput of forwarding verification, and achieves around 2 times and 3 times improvement compared with the-state-of-art OPT scheme, respectively.
KW - Fault Localization
KW - Source and Path Verification
UR - http://www.scopus.com/inward/record.url?scp=85060231147&partnerID=8YFLogxK
U2 - 10.1109/IWQoS.2018.8624169
DO - 10.1109/IWQoS.2018.8624169
M3 - Conference contribution
AN - SCOPUS:85060231147
T3 - 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018
BT - 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 26th IEEE/ACM International Symposium on Quality of Service, IWQoS 2018
Y2 - 4 June 2018 through 6 June 2018
ER -