TY - GEN
T1 - I Know if the Journey Changes
T2 - 28th IEEE/ACM International Symposium on Quality of Service, IWQoS 2020
AU - Yang, Fan
AU - Xu, Ke
AU - Li, Qi
AU - Lu, Rongxing
AU - Wu, Bo
AU - Zhang, Tong
AU - Zhao, Yi
AU - Shen, Meng
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/6
Y1 - 2020/6
N2 - No matter from the perspective of detection or defense, source and path validations are fundamentally primitive in constructing security mechanisms to greatly enhance network immunity in the face of malicious attacks, such as injection, traffic hijacking and hidden threats. However, existing works for source and path verification still impose a non-trivial operational overhead and lack adjustment capability for path dynamic changes. In this paper, we propose a flexible and convenient source and path validation protocol called PSVM, which uses an authentication structure PIC composed of ordered pieces to carry out packet verification. Specifically, in the basic PSVM protocol, PIC (related to cryptographic computation) in the packet header does not require any update during packet verification, which thus enables a lower processing overhead in routers. To cope with the challenge of path policy changes in the running protocol, the dynamic PSVM protocol supports controllable adjustment and migration, especially in the case of avoiding a malicious node or region. Our evaluation of a prototype experiment on Click demonstrates that the verification efficiency of PSVM is barely influenced by payload size or path length. Compared to the baseline of normal IP routing, the throughput reduction ratio of the basic PSVM is about 13%, which is much better than 28% of existing best solution Origin and Path Trace (OPT). In addition, for a 35-hop path with 30 pieces of PIC needed to be adjusted in dynamic PSVM, the throughput reduction ratio of routing cross node performing the adjustment operation after normal verification is only 2.4 %.
AB - No matter from the perspective of detection or defense, source and path validations are fundamentally primitive in constructing security mechanisms to greatly enhance network immunity in the face of malicious attacks, such as injection, traffic hijacking and hidden threats. However, existing works for source and path verification still impose a non-trivial operational overhead and lack adjustment capability for path dynamic changes. In this paper, we propose a flexible and convenient source and path validation protocol called PSVM, which uses an authentication structure PIC composed of ordered pieces to carry out packet verification. Specifically, in the basic PSVM protocol, PIC (related to cryptographic computation) in the packet header does not require any update during packet verification, which thus enables a lower processing overhead in routers. To cope with the challenge of path policy changes in the running protocol, the dynamic PSVM protocol supports controllable adjustment and migration, especially in the case of avoiding a malicious node or region. Our evaluation of a prototype experiment on Click demonstrates that the verification efficiency of PSVM is barely influenced by payload size or path length. Compared to the baseline of normal IP routing, the throughput reduction ratio of the basic PSVM is about 13%, which is much better than 28% of existing best solution Origin and Path Trace (OPT). In addition, for a 35-hop path with 30 pieces of PIC needed to be adjusted in dynamic PSVM, the throughput reduction ratio of routing cross node performing the adjustment operation after normal verification is only 2.4 %.
KW - PSVM
KW - dynamic verification
KW - source and path validation
UR - http://www.scopus.com/inward/record.url?scp=85094815257&partnerID=8YFLogxK
U2 - 10.1109/IWQoS49365.2020.9213001
DO - 10.1109/IWQoS49365.2020.9213001
M3 - Conference contribution
AN - SCOPUS:85094815257
T3 - 2020 IEEE/ACM 28th International Symposium on Quality of Service, IWQoS 2020
BT - 2020 IEEE/ACM 28th International Symposium on Quality of Service, IWQoS 2020
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 15 June 2020 through 17 June 2020
ER -