Source Address Validation: Architecture and Protocol Design

Author

Wu, Jianping ; Ren, Gang ; Li, Xing

Author_Institution

Tsinghua Univ., Beijing

fYear

2007

fDate

16-19 Oct. 2007

Firstpage

276

Lastpage

283

Abstract

The current Internet addressing architecture does not verify the source address of a packet received and forwarded. This causes serious security and accounting problems. Based on the drastically increased IPv6 address space, a "source address validation architecture" (SAVA) is proposed in this paper, which can guarantee that every packet received and forwarded holds an authenticated source IP address. The design goals of the architecture are lightweight, loose coupling, "multi-fence support" and incremental deployment. This paper discusses the details of design and implementation for the architecture, including inter-AS, intra-AS and local subnet. This architecture is deployed into the CNGI-CERNET2 infrastructure -a large-scale native IPv6 backbone network of the China Next Generation Internet project. We believe that the source address validation architecture will help the transition to a new, more secure and sustainable Internet.

Keywords

IP networks; Internet; message authentication; telecommunication network routing; telecommunication security; transport protocols; IPv6 backbone network; Internet addressing architecture; authenticated source IP address; protocol design; source address validation architecture; Authentication; Computer architecture; Computer science; Cryptography; Design engineering; Internet; Large-scale systems; Optical coupling; Protocols; Spine; Authenticated Source IP Address; Source Address Validation Architecture;

fLanguage

English

Publisher

ieee

Conference_Titel

Network Protocols, 2007. ICNP 2007. IEEE International Conference on

Conference_Location

Beijing

Print_ISBN

978-1-4244-1588-5

Electronic_ISBN

978-1-4244-1588-5

Type

conf

DOI

10.1109/ICNP.2007.4375858

Filename

4375858