Project ID:
RFP-2007-025
Title:
Detection of Source Address Spoofing in Multi-domain (across multiple AS) Networks
Summary:
The lack of source IP address validation across multiple autonomous systems (AS) in the internet makes it difficult to detect and prevent attackers from using spoofed source addresses. Currently, there are limited proposals available to detect malicious use of spoofed source addresses from across ASs. This RFP supports research on further development of schemes that have feasible deployment properties, and can satisfy various topology configurations and performance requirements.
Full Description:
Within a single AS, various techniques such as those documented in [0][1] exist to detect spoofed source addresses and prevent malicious attacks. However, in the current internet topology model, there is limited routing information exchange across ASs which makes these techniques difficult to apply in a multiple AS system such as the internet.
A framework to tackle this problem has been recently proposed in [2]. This framework specifies mechanisms and protocols to:
- guarantee validity of source addresses in packets accepted for transmission;
- communicate within and between an AS the degree of assurance that exists as to the validity of source addresses in each packet; and
- communicate with authorized entities as to the validation status of packets emitted from an AS.
However, questions remain unresolved with this proposal, including: How can it be incorporated in existing routing protocols and architectures? What is the performance cost on a per packet basis for this framework? How does it react to failures in the network? Also, are there better approaches to this problem? Can existing technologies such as unicast Reverse Path Forwarding (uRPF) or use of Access-control lists (ACLs) in conjunction with routing protocols be enhanced to tackle this issue?
Some examples of research under this RFP might include measurement and performance analysis of proposed methods, proposals to improve those methods, or creation of entirely new methods.
References
[0] : Ferguson, P., Senie, D., "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source
Address Spoofing", RFC 2827, http://www.ietf.org/rfc/rfc2827.txt
[1] : Baker, F., Savola, P., "Ingress Filtering for Multihomed Networks", RFC3704, http://www.ietf.org/rfc/rfc3704.txt
[2] : Wu, J. et. al., "Source Address Validation Architecture (SAVA) Framework", http://www.ietf.org/internet-drafts/draft-wu-sava-framework-01.txt
Constraints and other information:
IPR will stay with the University. Cisco expects customary scholarly dissemination of results, and hopes that promising results would made available to the community without limiting licenses, royalties, or other encumbrances.
Proposal submission:
Please use the link below to submit a proposal for research responding to this RFP. After a preliminary review, we may ask you to revise and resubmit your proposal.
Create/submit a proposal for this RFP
RFPs may be withdrawn as research proposals are funded, or interest in the specific topic is satisfied. Researchers should plan to submit their proposals as soon as possible. Submissions-to-date are reviewed at the beginning of each calendar quarter.
Questions? Contact: research@cisco.com
