2/16/051 ICMP Traceback Packet Authentication Eunjong Kim Colorado State University

Slides:

Advertisements

Similar presentations

The Transmission Control Protocol (TCP) carries most Internet traffic, so performance of the Internet depends to a great extent on how well TCP works.

Advertisements

A Threat Model for BGPSEC

A Threat Model for BGPSEC Steve Kent BBN Technologies.

RIPPLE Authentication for Network Coding Yaping Li, The Chinese University of Hong Kong Hongyi Yao, Tsinghua University Minghua Chen, The Chinese University.

Detecting Malicious Routers Alper T. Mızrak, Keith Marzullo, Stefan Savage University of California, San Diego.

Digital Signatures and Hash Functions. Digital Signatures.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Assessment of Mobile Ad-Hoc Network (MANET) Issues Jerry Usery CS 526 May 12 th, 2008.

1 Controlling High Bandwidth Aggregates in the Network.

KIANOOSH MOKHTARIAN SCHOOL OF COMPUTING SCIENCE SIMON FRASER UNIVERSITY 3/24/2008 Secure Multimedia Streaming.

Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.

Design of an Autonomous Anti-DDOS Network (A2D2) Angela Cearns Thesis Proposal Master of Software Engineering University of Colorado, Colorado Springs.

Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.

Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.

1 Wireless LAN Security Kim W. Tracy NEIU, University Computing

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Nodes Bearing Grudges: Towards Routing Security, Fairness, and Robustness in Mobile Ad Hoc Networks Sonja Buchegger Jean-Yves Le Boudec.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification.

Wireless Security Presented by: Amit Kumar Singh Instructor : Dr. T. Andrew Yang.

Network Security Technologies CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.

1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies

Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

Distributed Denial of Service Attacks

A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time Lusheng Ji†, Joint work with Changxi Zheng‡, Dan Pei†, Jia Wang†, Paul Francis‡

Packet-Marking Scheme for DDoS Attack Prevention

Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.

Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

1 Protecting Network Quality of Service against Denial of Service Attacks Douglas S. Reeves S. Felix Wu Chandru Sargor N. C. State University / MCNC October.

1 Distributed Denial of Service Attacks. Potential Damage of DDoS Attacks l The Problem: Massive distributed DoS attacks have the potential to severely.

Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.

Muhammad Mahmudul Islam Ronald Pose Carlo Kopp School of Computer Science & Software Engineering Monash University Australia.

An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.

SMUHACNet 2005 Information Infrastructure for Border and Transportation Security Suku Nair.

Hash-Based IP Traceback Alex C. Snoeren †, Craig Partridge, Luis A. Sanchez, Christine E. Jones, Fabrice Tchakountio, Stephen T. Kent, W. Timothy Strayer.

Stein-64 Slide 1 PW security requirements PWE3 – 64 th IETF 10 November 2005 Yaakov (J) Stein.

Secure Single Packet IP Traceback Mechanism to Identify the Source Zeeshan Shafi Khan, Nabila Akram, Khaled Alghathbar, Muhammad She, Rashid Mehmood Center.

1/18 Talking to Strangers: Authentication in Ad-Hoc Wireless Networks Dirk Balfanz 외 2 명 in Xerox Palo Alto Research Center Presentation: Lee Youn-ho.

Mitigating Distributed Denial of Service Attacks Using a Proportional- Integral-Derivative Controller Marcus Tylutki.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 8 TCP/IP Suite Error and Control Messages.

Introduction Wireless devices offering IP connectivity

Interconnecting Cisco Networking Devices Part 2 (ICND2 v3.0)

Authors – Johannes Krupp, Michael Backes, and Christian Rossow(2016)

Defending Against DDoS

Defending Against DDoS

SPINS: Security Protocols for Sensor Networks

BROADCAST AUTHENTICATION

Session 3 Response Measure

Quality of Service For Mobile IP.

Network Support For IP Traceback

Distributed Denial of Service Attacks

SPINS: Security Protocols for Sensor Networks

Detect and Prevent Rogue Traffic in Mobile Ad Hoc Networks

DDoS Attack and Its Defense

Discussion Issues on IMS-based NGN

Presentation transcript:

2/16/051 ICMP Traceback Packet Authentication Eunjong Kim Colorado State University

2/16/05 2 ICMP Traceback Packet Identification Link=(AS8 AS7 ) Packet Identification Link=( ) Packet Identification Link=(AS7 AS6 )

2/16/05 3 Enhanced ICMP Traceback

4 iTrace Packet Authentication Weak Authentication No PKI (Public Key Infrastructure) based authentication Not much performance overhead TESLA keys (using time differences) One-way accumulator (to provide originator validation) Does not waste unnecessary resources Rabin’s Information Dispersal Technique. n out of m packets regenerate the original packet Guarantee the message integrity Tolerant to packet loss Robust to false origin or packet dropping attacks Bogus iTrace message attack. Our validation is based on actual data traffic Not easy to make since false routers can not see the real data traffic. (easy to detect)