Two Level Authentication and Packet Marking Mechanism for Defending Against DoS and DDoS Attacks
Denial of Service (DoS) attacks presents a serious problem for Internet communications. IP source address spoofing is used by DoS and DDoS attacks on targeted victim. IP spoofing to forge the source IP address of the packet, and thereby hide the identity of source. This makes hard to detect and defend against such attack. This paper presents a Token based Authentication and Packet Marking mechanism (TAPM) for preventing IP spoofing. TAPM uses efficient public key cryptography to issue tokens and hash based cryptography for packet marking. It does not require changes or restrictions to the Internet routing protocol, is incrementally deployable, and offers protection from denial-of-service attacks based on IP spoofing.