SafeZone: A Hierarchical Inter-Domain Authenticated Source Address Validation Solution

TL;DR

SafeZone introduces a hierarchical, scalable, and efficient source address validation system for the Internet, enhancing trust and reliability without complex operations or high costs.

Contribution

It proposes a novel hierarchical architecture with lightweight mechanisms for inter-domain source address validation, enabling scalable and incremental deployment.

Findings

Effective hierarchical trust alliance construction

Lightweight and scalable validation process

Supports incremental deployment and multi-fence architecture

Abstract

Next generation Internet is highly concerned about the issue of reliability. Principally, the foundation of reliability is authentication of the source IP address. With the signature-and-verification based defense mechanisms available today, unfortunately, there is a lack of hierarchical architecture, which makes the structure of the trust alliance excessively flat and single. Moreover, with the increasing scale of the trust alliance, costs of validation grow so quickly that they do not adapt to incremental deployment. Via comparison with traditional solutions, this article proposes a hierarchical, inter-domain authenticated source address validation solution named SafeZone. SafeZone employs two intelligent designs, lightweight tag replacement and a hierarchical partitioning scheme, each of which helps to ensure that SafeZone can construct trustworthy and hierarchical trust alliances without the negative influences and complex operations on de facto networks. Extensive experiments also indicate that SafeZone can effectively obtain the design goals of a hierarchical architecture, along with lightweight, loose coupling and "multi-fence support" and as well as an incremental deployment scheme.