NPLA: Network Prefix Level Authentication

被引：0

作者：

Li, Ming ^{[1
]}

Cui, Yong ^{[2
]}

Siekkinen, Matti ^{[1
]}

Yla-Jaaski, Antti ^{[1
]}

机构：

[1] Aalto Univ, Dept Comp Sci & Engn, FI-02015 Espoo, Finland

[2] Tsinghua Univ, Dept Comp Sci & Technol, Beijing 100084, Peoples R China

来源：

2010 IEEE GLOBECOM WORKSHOPS | 2010年

基金：

芬兰科学院;

关键词：

source spoofing; authentication; network prefix; public key cryptography;

D O I：

10.1109/GLOCOMW.2010.5700338

中图分类号：

TM [电工技术]; TN [电子技术、通信技术];

学科分类号：

0808 ; 0809 ;

摘要：

We present the design and evaluation of NPLA (Network Prefix Level Authentication), a system allowing source addresses to be validated within the network to the granularity of network prefix. Prefix routers use public key cryptography to insert NPLA headers in outgoing packets. En route entities holding the corresponding public key verify the source of a packet. NPLA provides deployment incentives because each upgraded prefix can prevent its address space from being maliciously used by other networks and its traffic is forwarded with high priority. In order to increase the scalability, NPLA does not employ PKI but leverages BGP to distribute public keys. Based on the relative damage reduction analysis, we conclude that NPLA provides more relative benefit than other approaches when they are all partially deployed. In order to decrease the overhead induced by public key cryptography, NPLA uses FPGA based hardware cryptography accelerator which has been proven to achieve several Gbps throughput on average.

引用

页码：339 / 344

页数：6

共 50 条

[1] Probabilistic IP prefix authentication (PIPA) for prefix hijacking
Seoul National University, Korea, Republic of
[J]. Proc. Int. Conf. Future Internet Technol., CFI, 1600, (52-55):
[2] Network prefix-level traffic profiling: Characterizing, modeling, and evaluation
Jiang, Hongbo
Ge, Zihui
Jin, Shudong
Wang, Jia
[J]. COMPUTER NETWORKS, 2010, 54 (18) : 3327 - 3340
[3] Investigating the Prefix-level Characteristics: A Case Study in an IPv6 Network
Li, Fuliang
Pan, Tian
Yang, Jiahai
An, Changqing
Wang, Xingwei
Wu, Jianping
[J]. 2015 INTERNATIONAL CONFERENCE ON COMPUTING, NETWORKING AND COMMUNICATIONS (ICNC), 2015, : 824 - 829
[4] Origin authentication scheme against BGP address prefix hijacking
[J]. Liu, Z.-H. (kevin2296@gmail.com), 1908, Chinese Academy of Sciences (23):
[5] Efficient prefix cache for network processors
Akhbarizadeh, MJ
Nourani, M
[J]. 12TH ANNUAL IEEE SYMPOSIUM ON HIGH PERFORMANCE INTERCONNECTS, PROCEEDINGS, 2004, : 41 - 46
[6] SPMAC: Scalable Prefix Verifiable Message Authentication Code for Internet of Things
Yan, Haotian
Hu, Haibo
Ye, Qingqing
Tang, Li
[J]. IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, 2022, 19 (03): : 3453 - 3464
[7] IPv6 routing lookup algorithm based on prefix range and prefix level (PRPL)
School of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
不详
[J]. Gaojishu Tongxin/Chinese High Technology Letters, 2008, 18 (04): : 345 - 349
[8] Providing network services with multiple prefix delegation
Shinsuke, S
[J]. 2004 INTERNATIONAL SYMPOSIUM ON APPLICATIONS AND THE INTERNET WORKSHOPS, PROCEEDINGS, 2004, : 173 - 177
[9] Routing prefix caching in network processor design
Liu, H
[J]. TENTH INTERNATIONAL CONFERENCE ON COMPUTER COMMUNICATIONS AND NETWORKS, PROCEEDINGS, 2001, : 18 - 23
[10] Network Identification and Authentication
Jin, Shengmin
Phoha, Vir V.
Zafarani, Reza
[J]. 2019 19TH IEEE INTERNATIONAL CONFERENCE ON DATA MINING (ICDM 2019), 2019, : 1144 - 1149

← 1 2 3 4 5 →