Implementing Cryptography for Packet Level Authentication
Packet Level Authentication (PLA) is a novel countermeasure against distributed denial-of-service attacks. Each packet sent across a network has a digital signature and public key attached to it, allowing each hop along the route to verify the authenticity of packets. This requires high-speed Elliptic Curve Cryptography (ECC) to improve throughput. In this paper, the authors present a software solution of cryptography for PLA using the combination of Koblitz curves to increase throughput and implicit certificates to decrease storage and computation overhead. A software implementation is presented, built on OpenSSL libraries and extending the OpenSSL API to support not only fast ECC using Koblitz curves, but implicit certificates and fast signature verifications using implicit certificates as well.