Sciweavers

NSDI
2008

Passport: Secure and Adoptable Source Authentication

14 years 2 months ago
Passport: Secure and Adoptable Source Authentication
We present the design and evaluation of Passport, a system that allows source addresses to be validated within the network. Passport uses efficient, symmetric-key cryptography to place tokens on packets that allow each autonomous system (AS) along the network path to independently verify that a source address is valid. It leverages the routing system to efficiently distribute the symmetric keys used for verification, and is incrementally deployable without upgrading hosts. We have implemented Passport with Click and XORP and evaluated the design via micro-benchmarking, experiments on the Deterlab, security analysis, and adoptability modeling. We find that Passport is plausible for gigabit links, and can mitigate reflector attacks even without separate denial-of-service defenses. Our adoptability modeling shows that Passport provides stronger security and deployment incentives than alternatives such as ingress filtering. This is because the ISPs that adopt it protect their own addresse...
Xin Liu, Ang Li, Xiaowei Yang, David Wetherall
Added 02 Oct 2010
Updated 02 Oct 2010
Type Conference
Year 2008
Where NSDI
Authors Xin Liu, Ang Li, Xiaowei Yang, David Wetherall
Comments (0)