Building an evolvable spoofing prevention mechanism using trustworthy coordination model

novel approach for filtering spoofed IP packets, called Spoofing Prevention based on Trustworthy Coordination Model, is proposed. In the approach a unique temporal signature is associated with each ordered pair of source destination trusted domains, in which members trust in each others. The source address space, which is shared among routers residing in the trusted domain, is fused to be delivered over trusted domains using dynamic bloom filter. Each packet leaving a source trusted domain S is marked with the signature Sig(S,D),associated with (S,D), where D is the destination domain. Upon arrival at the destination trusted domain the signature is verified and removed. The method verifies the authenticity of packets carrying the address s which belongs to the source address space of domain S indexed by the signature, according to which the trust level is updated to adjust the trusted domain. The major benefits of SP-TCM are the strong incentive it provides to network operators to implement it, and the fact that the approach lends itself to stepwise deployment, since it benefits networks deploying the approach even if it is implemented only on parts of the Internet.