Title :
NPLA: Network Prefix Level Authentication
Author :
Li, Ming ; Cui, Yong ; Siekkinen, Matti ; Yla-Jaaski, Antti
Author_Institution :
Dept. of Comput. Sci. & Eng., Helsinki Univ. of Technol., Espoo, Finland
Abstract :
We present the design and evaluation of NPLA (Network Prefix Level Authentication), a system allowing source addresses to be validated within the network to the granularity of network prefix. Prefix routers use public key cryptography to insert NPLA headers in outgoing packets. En route entities holding the corresponding public key verify the source of a packet. NPLA provides deployment incentives because each upgraded prefix can prevent its address space from being maliciously used by other networks and its traffic is forwarded with high priority. In order to increase the scalability, NPLA does not employ PKI but leverages BGP to distribute public keys. Based on the relative damage reduction analysis, we conclude that NPLA provides more relative benefit than other approaches when they are all partially deployed. In order to decrease the overhead induced by public key cryptography, NPLA uses FPGA based hardware cryptography accelerator which has been proven to achieve several Gbps throughput on average.
Keywords :
Internet; computer network security; field programmable gate arrays; public key cryptography; telecommunication network routing; BGP; FPGA-based hardware cryptography accelerator; NPLA design; PKI; address space; network prefix level authentication; prefix routers; public key cryptography; authentication; network prefix; public key cryptography; source spoofing;
Conference_Titel :
GLOBECOM Workshops (GC Wkshps), 2010 IEEE
Conference_Location :
Miami, FL
Print_ISBN :
978-1-4244-8863-6
DOI :
10.1109/GLOCOMW.2010.5700338
