Secure name service: A framework for protecting critical internet resources

Yingfei Dong; Changho Choi; Zhi Li Zhang

doi:10.1007/978-3-540-24693-0_64

Secure name service: A framework for protecting critical internet resources

Yingfei Dong, Changho Choi, Zhi Li Zhang

Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Chapter

Abstract

We propose a novel Secure Name Service (SNS) framework for protecting critical Internet resources from unauthorized accesses, denial of service (DoS) and other attacks. The key idea is to enforce packet-origin authentication through resource virtualization and utilize dynamic name binding for protecting servers under attacks and improving service availability. Different from static network-level security schemes such as IPsec and VPN, SNS is able to dynamically bind the names of critical resources at the service level, which allows us to actively protect the service resources through a distributed filtering mechanism built on authenticated packet forwarding paths. Our prototype implementation of authenticated packet forwarding components on Pentium 4 Linux machines demonstrates that regular Linux platforms are sufficient to support SNS authenticated packet forwarding on 100Mbps or 1Gbps LANs.

Original language	English (US)
Title of host publication	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Editors	Nikolas Mitrou, Kimon Kontovasilis, George N. Rouskas, Ilias lliadis, Lazaros Merakos
Publisher	Springer Verlag
Pages	783-794
Number of pages	12
ISBN (Print)	9783540246930
DOIs	https://doi.org/10.1007/978-3-540-24693-0_64
State	Published - 2004

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	3042
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Access

10.1007/978-3-540-24693-0_64

OpenUrl availability

Full text

Cite this

Dong, Y., Choi, C., & Zhang, Z. L. (2004). Secure name service: A framework for protecting critical internet resources. In N. Mitrou, K. Kontovasilis, G. N. Rouskas, I. lliadis, & L. Merakos (Eds.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 783-794). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3042). Springer Verlag. https://doi.org/10.1007/978-3-540-24693-0_64

Secure name service: A framework for protecting critical internet resources. / Dong, Yingfei; Choi, Changho; Zhang, Zhi Li.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). ed. / Nikolas Mitrou; Kimon Kontovasilis; George N. Rouskas; Ilias lliadis; Lazaros Merakos. Springer Verlag, 2004. p. 783-794 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3042).

Research output: Chapter in Book/Report/Conference proceeding › Chapter

Dong, Y, Choi, C & Zhang, ZL 2004, Secure name service: A framework for protecting critical internet resources. in N Mitrou, K Kontovasilis, GN Rouskas, I lliadis & L Merakos (eds), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3042, Springer Verlag, pp. 783-794. https://doi.org/10.1007/978-3-540-24693-0_64

Dong Y, Choi C, Zhang ZL. Secure name service: A framework for protecting critical internet resources. In Mitrou N, Kontovasilis K, Rouskas GN, lliadis I, Merakos L, editors, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Springer Verlag. 2004. p. 783-794. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-24693-0_64

Dong, Yingfei ; Choi, Changho ; Zhang, Zhi Li. / Secure name service : A framework for protecting critical internet resources. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). editor / Nikolas Mitrou ; Kimon Kontovasilis ; George N. Rouskas ; Ilias lliadis ; Lazaros Merakos. Springer Verlag, 2004. pp. 783-794 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inbook{b75d49d50b7e4ca49913bb085d02670c,

title = "Secure name service: A framework for protecting critical internet resources",

abstract = "We propose a novel Secure Name Service (SNS) framework for protecting critical Internet resources from unauthorized accesses, denial of service (DoS) and other attacks. The key idea is to enforce packet-origin authentication through resource virtualization and utilize dynamic name binding for protecting servers under attacks and improving service availability. Different from static network-level security schemes such as IPsec and VPN, SNS is able to dynamically bind the names of critical resources at the service level, which allows us to actively protect the service resources through a distributed filtering mechanism built on authenticated packet forwarding paths. Our prototype implementation of authenticated packet forwarding components on Pentium 4 Linux machines demonstrates that regular Linux platforms are sufficient to support SNS authenticated packet forwarding on 100Mbps or 1Gbps LANs.",

author = "Yingfei Dong and Changho Choi and Zhang, {Zhi Li}",

year = "2004",

doi = "10.1007/978-3-540-24693-0_64",

language = "English (US)",

isbn = "9783540246930",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "783--794",

editor = "Nikolas Mitrou and Kimon Kontovasilis and Rouskas, {George N.} and Ilias lliadis and Lazaros Merakos",

booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - CHAP

T1 - Secure name service

T2 - A framework for protecting critical internet resources

AU - Dong, Yingfei

AU - Choi, Changho

AU - Zhang, Zhi Li

PY - 2004

Y1 - 2004

N2 - We propose a novel Secure Name Service (SNS) framework for protecting critical Internet resources from unauthorized accesses, denial of service (DoS) and other attacks. The key idea is to enforce packet-origin authentication through resource virtualization and utilize dynamic name binding for protecting servers under attacks and improving service availability. Different from static network-level security schemes such as IPsec and VPN, SNS is able to dynamically bind the names of critical resources at the service level, which allows us to actively protect the service resources through a distributed filtering mechanism built on authenticated packet forwarding paths. Our prototype implementation of authenticated packet forwarding components on Pentium 4 Linux machines demonstrates that regular Linux platforms are sufficient to support SNS authenticated packet forwarding on 100Mbps or 1Gbps LANs.

AB - We propose a novel Secure Name Service (SNS) framework for protecting critical Internet resources from unauthorized accesses, denial of service (DoS) and other attacks. The key idea is to enforce packet-origin authentication through resource virtualization and utilize dynamic name binding for protecting servers under attacks and improving service availability. Different from static network-level security schemes such as IPsec and VPN, SNS is able to dynamically bind the names of critical resources at the service level, which allows us to actively protect the service resources through a distributed filtering mechanism built on authenticated packet forwarding paths. Our prototype implementation of authenticated packet forwarding components on Pentium 4 Linux machines demonstrates that regular Linux platforms are sufficient to support SNS authenticated packet forwarding on 100Mbps or 1Gbps LANs.

UR - http://www.scopus.com/inward/record.url?scp=35048866851&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=35048866851&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-24693-0_64

DO - 10.1007/978-3-540-24693-0_64

M3 - Chapter

AN - SCOPUS:35048866851

SN - 9783540246930

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 783

EP - 794

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

A2 - Mitrou, Nikolas

A2 - Kontovasilis, Kimon

A2 - Rouskas, George N.

A2 - lliadis, Ilias

A2 - Merakos, Lazaros

PB - Springer Verlag

ER -

Secure name service: A framework for protecting critical internet resources

Abstract

Publication series

Access

OpenUrl availability

Other files and links

Fingerprint

Cite this