Open Access  Subscription or Fee Access

The significant success and growth of Internet is that any application can send anything to any one any time, without needing to obtain advance permission from network administrators. This openness of the internet architecture leads to unauthorized access. Defending against these types of illicit access is the hardest security problems on the internet. To solve this problem, the proposed light weight scheme to detect and prevent the unauthorized request, instead of being able to send anything to anyone at the time, the sender must obtain the endorsement secret key or secret code from the destination server. To validate the legitimate of the request, a network Authentication Server (AS) performs an authentication process for each initiating host. The simulation result proves its effectiveness for preventing unauthorized access on network resource.

IP Spoofing, Key Distribution, Authentication Process

S. Bellovin, “Security Problems in the TCP/IP Protocol Suite”. Computer Communications Review, vol. 19, no. 2, pp. 32-48, April 1989.

Computer Incident Advisory Committee (CIAC), Advisory Notice F-08, “Internet Spoofing and Hijacked Session Attacks”, USES 1995.

Daemon9“IP Spoofing Demystified”, Phrack Magazine Review, Vol 7, No. 48, 48-14, June 1996.

Jelena MirKovic, Peter Reiher, “A Taxonomy of DDoS Attack and DDoS Defense Mechanisms”, ACM SIGCOMM Computer Communications review, Volume 34, Number 2, April 2004, pp.39-54

Steven J. Templeton and Karl E. Levitt, “Detecting Spoofed Packets”. In proceedings of DISCEX03, 2003.

V.Paxson and M. Allman, “RFC 2988 Computing TCP’s Retransmission Timer”, Nov.2000.

J. Mirkovic and P. Reiher, “Taxonomy of DDoS attack and DDoS defense mechanisms,” in Proc. Conf. ACM SIGCOMM Computer Communications Review, April 2004

P. Ferguson and D. Senie. “Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing,”RFC2827. May 2000.

A. Yaar, A. Perrig, and D. Song, “Pi: A path identification mechanism to defend against ddos attacks,” in Proc .IEEE Symposium on Security and Privacy, 2003.

LU XiCheng, LÜ GaoFeng, ZHU PeiDong & CHEN YiJiao, “MASK: An efficient mechanism to extend interdomain IP spoofing prevention”. Springer, Science in China series, 2008.

J. Li, J. Mirkovic, M. Wang, P. Reiher, and L. Zhang, “Save: Source address validity enforcement protocol,” in Proc. INFOCOM 2002.

C. Jin, H. Wang, and K. Shin, “Hop-count filtering: An effective defense against spoofed ddos traffic,” in Proc. ACM Conference on Computer and Communications Security, 2003.

G. Pazi, A. Bremler-Barr, R. Rivlin, and D. Touitou, “Protecting against distributed denial of service attacks,” 2002, Patent Application 20030110274.

Bremler-Barr, A. Levy, H, “Spoofing Prevention Method”, proceedings of 24th Annual Joint Conference of IEEE computer and communications societies, INFOCOM 2005, V1, Pages 536-547.

Xin Liu et al, “Net Fence: Preventing Internet Denial of Service from Inside Out”, SIGCOMM’10, August 30-September 3, 2010, New Delhi, India.