By Topic

IP easy-pass: edge resource access control

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Haining Wang ; Dept. of Comput. Sci., Coll. of William & Mary, Williamsburg, VA, USA ; Bose, A. ; El-Gendy, M. ; Shin, K.G.

Providing real-time communication services to multimedia applications and subscription-based Internet access often requires sufficient network resources to be reserved for real-time traffic. However, the reserved network resource is susceptible to resource theft and abuse. Without a resource access control mechanism that can efficiently differentiate legitimate real-time traffic from attacking packets, the traffic conditioning and policing enforced at ISP (Internet service provider) edge routers cannot protect the reserved network resource from embezzlement. On the contrary, the traffic policing at edge routers aggravates their vulnerability to flooding attacks by blindly dropping packets. We propose a fast and light-weighted IP network-edge resource access control mechanism, called IP easy-pass to prevent unauthorized access to reserved network resources at edge devices. We attach a unique pass to each legitimate real-time packet so that an ISP edge router can validate the legitimacy of an incoming IP packet very quickly and simply by checking its pass. We present the generation of easy-pass, its embedding, and verification procedures. We implement the IP easy-pass mechanism in the Linux kernel, analyze its effectiveness against packet forgery and resource embezzlement attempts. Finally, we measure the overhead incurred by easy-pass.

Published in:

INFOCOM 2004. Twenty-third AnnualJoint Conference of the IEEE Computer and Communications Societies  (Volume:4 )

Date of Conference:

7-11 March 2004