Chrome Extension
WeChat Mini Program
Use on ChatGLM

Toward Practical Inter-Domain Source Address Validation

IEEE/ACM Transactions on Networking(2024)

Cited 0|Views38
No score
Abstract
The Internet Protocol (IP) is the most fundamental building block of the Internet. However, it provides no explicit notion of packet-level authenticity. Such a weakness allows malicious actors to spoof IP packet headers and launch a wide variety of attacks. Meanwhile, the highly decentralized management of Internet infrastructure makes large-scale source address validation challenging in terms of overhead, validity, and flexibility. This paper presents a practical anti-spoofing approach, Source Address Validation Architecture eXternal (SAVA-X). SAVA-X introduces the concept of Address Domain to enable address validation in finer, prefix-level granularity. The address domains are organized in nested hierarchies to provide higher scalability and lower maintenance costs for partial deployment. We implement SAVA-X on commercial backbone routers and the P4 platform. The experiments indicate that the hardware implementation of SAVA-X can achieve 98% throughput on 100 Gbps links and close to the native IP forwarding in per-packet overhead, with less than 10 microseconds additional processing latency.
More
Translated text
Key words
Network security,source address validation,hierarchical validation
AI Read Science
Must-Reading Tree
Example
Generate MRT to find the research sequence of this paper
Chat Paper
Summary is being generated by the instructions you defined