CFP last date
20 December 2024
Reseach Article

Two level Authentication and Packet Marking Mechanism for Defending against DoS and DDoS Attacks

by P. Ananthi, P. Balasubramanie
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 63 - Number 7
Year of Publication: 2013
Authors: P. Ananthi, P. Balasubramanie
10.5120/10481-5220

P. Ananthi, P. Balasubramanie . Two level Authentication and Packet Marking Mechanism for Defending against DoS and DDoS Attacks. International Journal of Computer Applications. 63, 7 ( February 2013), 41-45. DOI=10.5120/10481-5220

@article{ 10.5120/10481-5220,
author = { P. Ananthi, P. Balasubramanie },
title = { Two level Authentication and Packet Marking Mechanism for Defending against DoS and DDoS Attacks },
journal = { International Journal of Computer Applications },
issue_date = { February 2013 },
volume = { 63 },
number = { 7 },
month = { February },
year = { 2013 },
issn = { 0975-8887 },
pages = { 41-45 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume63/number7/10481-5220/ },
doi = { 10.5120/10481-5220 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:13:33.699631+05:30
%A P. Ananthi
%A P. Balasubramanie
%T Two level Authentication and Packet Marking Mechanism for Defending against DoS and DDoS Attacks
%J International Journal of Computer Applications
%@ 0975-8887
%V 63
%N 7
%P 41-45
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Denial of Service (DoS) attacks present a serious problem for Internet communications. IP source address spoofing is used by DoS and DDoS attacks on targeted victim. IP spoofing to forge the source IP address of the packet, and thereby hide the identity of source. This makes hard to detect and defend against such attack. This paper presents a token based authentication and Packet Marking mechanism (TAPM) for preventing IP spoofing. TAPM uses efficient public key cryptography to issue tokens and hash based cryptography for packet marking. It does not require changes or restrictions to the Internet routing protocol, is incrementally deployable, and offers protection from denial-of-service attacks based on IP spoo?ng. This paper presents efficient algorithm for token generation and evaluates its feasibility and correctness by simulation experiments.

References
  1. Bremler-Barr,A. and Levy, H. 2005. Spoo?ng prevention method,Annual Joint Conference of the IEEE Computer and Communications Societies (InfoCom), 536-547.
  2. Ferguson,P. and Senie,D. 2000. Network ingress ?ltering: Defeating denial of service attacks which employ IP source address spoo?ng. ACM digital library.
  3. Lee, H. , Kwon, M. , Hasker,G. , And Perrig, A. 2007. BASE:An incrementally deployable mechanism for viable IP spoo?ng prevention, ACM Symposium on Information, Computer, and Communication Security.
  4. Li,J. , Mirkovic, J. , Wang, M. , Reiher, P. L. , And Zhang, L. 2002. SAVE: Source address validity enforcement protocol,IEEEComputer and Communications Societies (InfoCom). 1557–1566,DOI:10. 1109 /INFCOM. 2002. 1019407 .
  5. Liu, X. , Li, A. , Yang, X. , And Wetherall, D. 2008. Passport: Secure and adoptable source authentication, USENIX Symposium on Networked Systems Design and Implementation, 365-378.
  6. Mohammed A. Alhabeeb, Abdullah Almuhaideb, And Phu Dung Le 2010. Holistic Approach for Critical System Security: Flooding Prevention And Malicious Packet Stopping, Journal Of Telecommunications, Vol. 1(1).
  7. Zhenhai Duan, Xin Yuan, and Jaideep Chandrashekar 2008. ControllingIP Spooing Through Inter-Domain Packet Filter ,IEEE transaction on Dependable and Secure computing, Vol. 5: 22-36 .
  8. Lee Soon, Mohamed Othman, Nur Izura Udzir 2009. IP Spoofing Defense: Current Issues, Trend and Challenges, MASAUM Journal Of Reviews and Surveys, Vol. 1 (1).
  9. Junaid Israr, Mouhcine Guennoun, and Hussein T. Mouftah . 2009. Mitigating IP Spoofing by Validating BGP Routes Updates, IJCSNS International Journal of Computer Science and Network Security, Vol. 9 (5).
  10. Junaid Israr, Mouhcine Guennoun, and Hussein T. Mouftah , 2009. Credible BGP – Extensions to BGP for Secure Networking, Fourth International Conference on Systems and Networks Communications DOI: http: //doi. ieee computer society. org /10. 1109 /ICSNC . 2009. 74.
  11. Mopari, I. B. , Pukale, S. G. and Dhore , M. L. , (2008). Detection and Defense Against DDoS Attack with IP Spoofing, International Conference on Computing, Communication and Networking (ICCCN 2008), 1-5.
  12. Soon Hin Khor and Akihiro Nakao 2008. Overfort: Combating DDoS with Peer-to-Peer DDoS Puzzle, IEEE International Symposium on Parallel and Distributed Processing, 1-8.
  13. Lei Wang, Tianbing Xia, Jennifer Seberry , 2010. Inter-Domain Routing Validator Based Spoo?ng Defence System, Internaltional conference on Intelligence and Security Informatics,153-155.
  14. Turker Akyuz and Ibrahim Sogukpinar 2009. Packet Marking With Distance Based Probabilities for IP Traceback , First International Conference on Networks & Communications, ACM, 433-438.
  15. Markus Goldstein, Christoph Lampert, Matthias Reif, Armin Stahl and Thomas Breuel "BayesOptimal DDoS Mitigation by Adaptive History-Based IP Filtering" International conference on Networking, DOI: http:// doi. ieeecomputer society . org/ 10. 1109 /ICN . 2008. 64.
  16. Christos Douligeris , Aikaterini Mitrokotsa 2004. DDoS attacks and defense mechanisms: classi?cation and state -of -the-art, Computer Networks, Vol. 44 (5): 643–666.
  17. Lersak Limwiwatkul and Arnon Rungsawangr, 2004. Distributed Denial of Service Detection using TCP/IP Headerand Traffic Measurement Analysis, International Symposium on Communications and Information Technologies, Vol 1.
  18. Gupta, B. B. ,Joshi, R. C. , and Manoj Misra 2010. Distributed Denial of Service Prevention Techniques, International Journal of Computer and Electrical Engineering, Vol. 2(2).
  19. Cheng Jin Haining Wang Kang G. Shin. 2003. Hop-Count Filtering: An Effective Defense Against Spoofed DDoS Traf?c, ACM conference on Computer and communications security CCS'03, 30 – 41.
  20. Yao Chen, Shantanu Das, Pulak Dhar, Ab dulmotaleb El Saddik, and Amiya Nayak 2008. Detecting and Preventing IP-spoofed Distributed DoS Attacks, International Journal of Network Security, Vol. 7(1): 69-80.
  21. Meiko Jensen, Nils Gruschka and Norbert Luttenberger 2008. The Impact of Flooding Attacks on Network-based Services, The Third International Conference on Availability, Reliability and Security, ACM, 509-513.
  22. Wang Xiao-jing Xiao You-lin 2009. IP Traceback based on Deterministic Packet Marking and Logging, International Conference on Scalable Computing and Communication, 178-182.
  23. Toby Ehrenkranz And Jun Li. 2009. On the State of IP Spoo?ng Defense, ACM Transactions on Internet Technology,Vol. 9(2),DOI: 10. 1145 /1516539. 1516541.
  24. Xin Liu and Xiaowei Yang David Wetherall and Thomas Anderson. 2006. Ef?cient and Secure Source Authentication with Packet Passports,USENIX,2nd workshop on steps to reducing unwanted traffic in Internet, Sruti.
  25. Ying Xu and Roch Gu ´erin. 2005. On the Robustness of Router-based Denial-of-Service (DoS) Defense Systems , ACM Vol. 35(3): 47-60.
Index Terms

Computer Science
Information Sciences

Keywords

DDoS attacks IP spoofing packet marking secret key .