Skip to main content

Passport: Secure and adoptable source authentication

Publication ,  Conference
Liu, X; Li, A; Yang, X; Wetherall, D
Published in: 5th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2008
January 1, 2008

We present the design and evaluation of Passport, a system that allows source addresses to be validated within the network. Passport uses efficient, symmetric-key cryptography to place tokens on packets that allow each autonomous system (AS) along the network path to independently verify that a source address is valid. It leverages the routing system to efficiently distribute the symmetric keys used for verification, and is incrementally deployable without upgrading hosts. We have implemented Passport with Click and XORP and evaluated the design via micro-benchmarking, experiments on the Deterlab, security analysis, and adoptability modeling. We find that Passport is plausible for gigabit links, and can mitigate reflector attacks even without separate denial-of-service defenses. Our adoptability modeling shows that Passport provides stronger security and deployment incentives than alternatives such as ingress filtering. This is because the ISPs that adopt it protect their own addresses from being spoofed at each other's networks even when the overall deployment is small.

Duke Scholars

Published In

5th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2008

ISBN

9781931971584

Publication Date

January 1, 2008

Start / End Page

365 / 378
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Liu, X., Li, A., Yang, X., & Wetherall, D. (2008). Passport: Secure and adoptable source authentication. In 5th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2008 (pp. 365–378).
Liu, X., A. Li, X. Yang, and D. Wetherall. “Passport: Secure and adoptable source authentication.” In 5th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2008, 365–78, 2008.
Liu X, Li A, Yang X, Wetherall D. Passport: Secure and adoptable source authentication. In: 5th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2008. 2008. p. 365–78.
Liu, X., et al. “Passport: Secure and adoptable source authentication.” 5th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2008, 2008, pp. 365–78.
Liu X, Li A, Yang X, Wetherall D. Passport: Secure and adoptable source authentication. 5th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2008. 2008. p. 365–378.

Published In

5th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2008

ISBN

9781931971584

Publication Date

January 1, 2008

Start / End Page

365 / 378