Lightweight source authentication and path validation

Kim, Tiffany Hyun-Jin; Băsescu, Cristina; Jia, Limin; Lee, Soo Bum; Hu, Yih-Chun; Perrig, Adrian

doi:10.1145/2619239.2626323

Cited by 73 publications

(23 citation statements)

References 28 publications

(26 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Path validation requires that the Internet architecture be incorporated with lightweight enhancements [33], [36], [39]. Specifically, these enhancements allow end-hosts to select forwarding paths and, together with on-path routers, to enforce and verify path compliance.…”

Section: A System Modelmentioning

confidence: 99%

“…On-path routers are expected to adhere to the packet-carried path indicator for making forwarding decisions. However, malicious or compromised routers may mis-forward packets away from the specified path [9], [10], [33], [36], [39]. Such packet misforwardings tend to degrade performance and breach security [7].…”

Section: Introductionmentioning

confidence: 99%

“…Such proofs should suffice for validating that ⋆ Kai Bu is the corresponding author. a packet traverses not only all the on-path routers but also in the correct order [33].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Symphony: Path Validation at Scale

He,

Fu,

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Path validation has long been explored as a fundamental solution to secure future Internet architectures. It enables end-hosts to specify forwarding paths for their traffic and to verify whether the traffic follows the specified paths. In comparison with the current Internet architecture that keeps packet forwarding uncontrolled and transparent to end-hosts, path validation benefits end-hosts with flexibility, security, and privacy.The key design enforces routers to embed their credentials into cryptographic proofs in packet headers. Such proofs require sufficiently complex computation to guarantee unforgeability. This imposes an inevitable barrier on validation efficiency for a single packet. In this paper, we propose aggregate validation to implement path validation in a group-wise way. Amortizing overhead across packets in a group, aggregate validation promises higher validation efficiency without sacrificing security. We implement aggregation validation through Symphony, with various design techniques integrated and security properties formally proved. In comparison with state-of-the-art EPIC, Symphony speeds up packet processing by 3.78×∼18.40× and increases communication throughput by 1.13×∼6.11×.

show abstract

Section: A System Modelmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Symphony: Path Validation at Scale

He,

Fu,

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…However, a compromised SDN data plane can introduce different types of a ack scenarios [6], which are not possible to detect through header flow analysis alone. Some solutions have sought to detect forwarding a acks by monitoring flow statistics from neighboring switches [55], verifying OpenFlow events in the controller [73,78], applying heavy-weight cryptographic approaches [36], and naive controller generated probes [14,16].…”

Section: Scope Of Implementationmentioning

confidence: 99%

Role-Based Deception in Enterprise Networks

Anjum¹,

Zhu²,

Polinsky³

et al. 2020

Preprint

View full text Add to dashboard Cite

Historically, enterprise network reconnaissance is an active process, o en involving port scanning. However, as routers and switches become more complex, they also become more susceptible to compromise. From this vantage point, an a acker can passively identify high-value hosts such as the workstations of IT administrators, C-suite executives, and finance personnel. e goal of this paper is to develop a technique to deceive and dissuade such adversaries. We propose HoneyRoles, which uses honey connections to build metaphorical haystacks around the network traffic of client hosts belonging to high-value organizational roles.e honey connections also act as network canaries to signal network compromise, thereby dissuading the adversary from acting on information observed in network flows. We design a prototype implementation of HoneyRoles using an OpenFlow SDN controller and evaluate its security using the PRISM probabilistic model checker. Our performance evaluation shows that HoneyRoles has a small effect on network request completion time, and our security analysis demonstrates that once an alert is raised, HoneyRoles can quickly identify the compromised switch with high probability. In doing so, we show that role-based network deception is a promising approach for defending against adversaries that have compromised network devices.

show abstract

“…OPT's (Origin and Path Trace) [48] security properties have been formally verified using the Coq interactive theorem prover in [49]. Isabelle is used to give a mechanized proof of the Basic Perturbation Lemma in [50] and to verify the correctness of Warren Abstract Machine (WAM) in [51].…”

Section: Application Of Toolsmentioning

confidence: 99%

Cryptographic Protocols Specification and Verification Tools - A Survey

Shinde¹,

Umbarkar²,

Pillai³

2017

IJCT

View full text Add to dashboard Cite

Cryptographic protocols cannot guarantee the secure operations by merely using state-of-the-art cryptographic mechanisms. Validation of such protocols is done by using formal methods. Various specialized tools have been developed for this purpose and are being used to validate real life cryptographic protocols. These tools give feedback to the designers of protocols in terms of loops and attacks in protocols to improve security. In this paper, we discuss the brief history of formal methods and tools that are useful for the formal verification of the cryptographic protocols.

show abstract

Lightweight source authentication and path validation

Cited by 73 publications

References 28 publications

Symphony: Path Validation at Scale

Symphony: Path Validation at Scale

Role-Based Deception in Enterprise Networks

Cryptographic Protocols Specification and Verification Tools - A Survey

Contact Info

Product

Resources

About