SafeZone: A Hierarchical Inter-Domain Authenticated Source Address Validation Solution (1103.3766v1)

Abstract: Next generation Internet is highly concerned about the issue of reliability. Principally, the foundation of reliability is authentication of the source IP address. With the signature-and-verification based defense mechanisms available today, unfortunately, there is a lack of hierarchical architecture, which makes the structure of the trust alliance excessively flat and single. Moreover, with the increasing scale of the trust alliance, costs of validation grow so quickly that they do not adapt to incremental deployment. Via comparison with traditional solutions, this article proposes a hierarchical, inter-domain authenticated source address validation solution named SafeZone. SafeZone employs two intelligent designs, lightweight tag replacement and a hierarchical partitioning scheme, each of which helps to ensure that SafeZone can construct trustworthy and hierarchical trust alliances without the negative influences and complex operations on de facto networks. Extensive experiments also indicate that SafeZone can effectively obtain the design goals of a hierarchical architecture, along with lightweight, loose coupling and "multi-fence support" and as well as an incremental deployment scheme.