BASE: An incrementally deployable mechanism for viable IP spoofing prevention

Heejo Lee, Minjin Kwon, Geoffrey Hasker, Adrian Perrig

Research output: Chapter in Book/Report/Conference proceedingConference contribution

37 Citations (Scopus)

Abstract

DoS attacks use IP spoofing to forge the source IP address of packets, and thereby hide the identity of the source. This makes it hard to defend against DoS attacks, so IP spoofing will still be used as an aggressive attack mechanism even under distributed attack environment. While many IP spoofing prevention techniques have been proposed, none have achieved widespread real-world use. One main reason is the lack of properties favoring incremental deployment, an essential component for the adoption of new technologies. A viable solution needs to be not only technically sound but also economically acceptable. An incrementally deploy-able protocol should have three properties: initial benefits for early adopters, incremental benefits for subsequent adopters, and effectiveness under partial deployment. Since no previous anti-spoofing solution satisfies all three of these properties, we propose a new mechanism called "BGP Anti-Spoofing Extension" (BASE). The BASE mechanism is an anti-spoofing protocol designed to fulfill the incremental deployment properties necessary for adoption in current Internet environments. Based on simulations we ran using a model of Internet AS connectivity, BASE shows desirable IP spoofing prevention capabilities under partial deployment. We find that just 30% deployment can drop about 97% of attack packets. Therefore, BASE not only provides adopters' benefit but also outperforms previous anti-spoofing mechanisms.

Original languageEnglish
Title of host publicationProceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07
Pages20-31
Number of pages12
DOIs
Publication statusPublished - 2007
Event2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07 - Singapore, Singapore
Duration: 2007 Mar 202007 Mar 22

Publication series

NameProceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07

Other

Other2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07
Country/TerritorySingapore
CitySingapore
Period07/3/2007/3/22

Keywords

  • BGP anti-spoofing extension
  • DDoS attack
  • IP spoofing
  • Packet marking and filtering

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software

Fingerprint

Dive into the research topics of 'BASE: An incrementally deployable mechanism for viable IP spoofing prevention'. Together they form a unique fingerprint.

Cite this