Protecting DNS services from IP spoofing-SDN collaborative authentication approach

N. M. Sahri, Koji Okamura

    研究成果: 書籍/レポート タイプへの寄稿会議への寄与

    9 被引用数 (Scopus)

    抄録

    As DNS packet are mostly UDP-based, make it as a perfect tool for hackers to launch a well-known type of distributed denial of service (DDoS). The purpose of this attack is to saturate the DNS server availability and resources. This type of attack usually utilizes a large number of botnet and perform spoofing on the IP address of the targeted victim. We take a different approach for IP spoofing detection and mitigation strategies to protect the DNS server by utilizing Software Defined Networking (SDN). In this paper, we present CAuth, a novel mechanism that autonomously block the spoofing query packet while authenticate the legitimate query. By manipulating Openflow control message, we design a collaborative approach between client and server network. Whenever a server controller receives query packet, it will send an authentication packet back to the client network and later the client controller also replies via authentication packet back to the server controller. The server controller will only forward the query to the DNS server if it receives the replied authentication packet from the client. From the evaluation, CAuth instantly manage to block spoofing query packet while authenticate the legitimate query as soon as the mechanism started. Most notably, our mechanism designed with no changes in existing DNS application and Openflow protocol.

    本文言語英語
    ホスト出版物のタイトルProceedings of the 11th International Conference on Future Internet Technologies, CFI 2016
    出版社Association for Computing Machinery
    ページ83-89
    ページ数7
    ISBN(電子版)9781450341813
    DOI
    出版ステータス出版済み - 6月 15 2016
    イベント11th International Conference on Future Internet Technologies, CFI 2016 - Nanjing, 中国
    継続期間: 6月 15 20166月 17 2016

    出版物シリーズ

    名前ACM International Conference Proceeding Series
    15-17-June-2016

    その他

    その他11th International Conference on Future Internet Technologies, CFI 2016
    国/地域中国
    CityNanjing
    Period6/15/166/17/16

    !!!All Science Journal Classification (ASJC) codes

    • ソフトウェア
    • 人間とコンピュータの相互作用
    • コンピュータ ビジョンおよびパターン認識
    • コンピュータ ネットワークおよび通信

    フィンガープリント

    「Protecting DNS services from IP spoofing-SDN collaborative authentication approach」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

    引用スタイル