Protecting DNS services from IP spoofing-SDN collaborative authentication approach

N. M. Sahri, Koji Okamura

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

As DNS packet are mostly UDP-based, make it as a perfect tool for hackers to launch a well-known type of distributed denial of service (DDoS). The purpose of this attack is to saturate the DNS server availability and resources. This type of attack usually utilizes a large number of botnet and perform spoofing on the IP address of the targeted victim. We take a different approach for IP spoofing detection and mitigation strategies to protect the DNS server by utilizing Software Defined Networking (SDN). In this paper, we present CAuth, a novel mechanism that autonomously block the spoofing query packet while authenticate the legitimate query. By manipulating Openflow control message, we design a collaborative approach between client and server network. Whenever a server controller receives query packet, it will send an authentication packet back to the client network and later the client controller also replies via authentication packet back to the server controller. The server controller will only forward the query to the DNS server if it receives the replied authentication packet from the client. From the evaluation, CAuth instantly manage to block spoofing query packet while authenticate the legitimate query as soon as the mechanism started. Most notably, our mechanism designed with no changes in existing DNS application and Openflow protocol.

Original languageEnglish
Title of host publicationProceedings of the 11th International Conference on Future Internet Technologies, CFI 2016
PublisherAssociation for Computing Machinery
Pages83-89
Number of pages7
ISBN (Electronic)9781450341813
DOIs
Publication statusPublished - Jun 15 2016
Event11th International Conference on Future Internet Technologies, CFI 2016 - Nanjing, China
Duration: Jun 15 2016Jun 17 2016

Publication series

NameACM International Conference Proceeding Series
Volume15-17-June-2016

Other

Other11th International Conference on Future Internet Technologies, CFI 2016
CountryChina
CityNanjing
Period6/15/166/17/16

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Protecting DNS services from IP spoofing-SDN collaborative authentication approach'. Together they form a unique fingerprint.

  • Cite this

    Sahri, N. M., & Okamura, K. (2016). Protecting DNS services from IP spoofing-SDN collaborative authentication approach. In Proceedings of the 11th International Conference on Future Internet Technologies, CFI 2016 (pp. 83-89). (ACM International Conference Proceeding Series; Vol. 15-17-June-2016). Association for Computing Machinery. https://doi.org/10.1145/2935663.2935666