User Authentication in an Internet Protocol

Authors

  • Parinya Thamthawornsakul
  • Suvepon Sittichivapak

Keywords:

IP Options, Self-Authentication, HMAC, Source Address Spoofing

Abstract

This paper presents an enhancement of IP (Internet Protocol) standard to support user authentication within the protocol itself. The options field in an IP header is used for carrying specific data to add the ability of self-authentication. The specific data consist of a user identifier, a timestamp, and an HMAC calculated with important data in the IP header. The major purpose is to verify a device owner or a computer user in a local network in real time, before allowing access to restricted networks or the Internet. By this enhancement, users can be authenticated at IP layer, without needing an additional user authentication process. The self-authentication ability provides a prevention of sending source-spoofed IP packet and also provides a high reliability of identifying the user. In addition, this ability does not require a creation of specific connection and an exchange of security parameters.

References

[1] C. Manusankar, S. Karthik, and T. Rajendran, “Intrusion Detection System with Packet Filtering for IP Spoofing,” International Conference on Communication and Computational Intelligence, India, pp. 563-567, December, 2010.
[2] G. Appenzeller, M. Roussopoulos, and M. Baker, “User-Friendly Access Control for Public Network Ports,” INFOCOM IEEE, vol. 2, pp. 699-707, March, 1999.
[3] S. Kent and K. Seo, “Security Architecture for the Internet Protocol,” RFC 4301, December, 2005.
[4] S. Kent, “IP Authentication Header,” RFC 4302, December, 2005.
[5] H. Krawczyk, M. Bellare, and R. Canetti, “HMAC: Keyed-Hashing for Message Authentication,” RFC 2104, February, 1997.
[6] D. Eastlake and P. Jones, “US Secure Hash Algorithm 1 (SHA1),” RFC 3174, September, 2001.
[7] P. Syverson, “A taxonomy of replay attacks,” IEEE Computer Society Press, pp. 187-191, 1994.
[8] D. Denning and G. Sacco, “Timestamps in Key Distribution Protocols,” Communications of the ACM, Vol. 24, pp. 533-536, August, 1981.
[9] J. Postel, “INTERNET PROTOCOL,” RFC 791, September, 1981.
[10] S. Deering and R. Hinden, “Internet Protocol, Version 6 (IPv6) Specification,” RFC 2460, December, 1998.
[11] P. Biondi, “Packet generation and network based attacks with Scapy,” CanSecWest/core05, France, May, 2005.

Downloads

Published

2020-06-22

How to Cite

[1]
P. . . Thamthawornsakul and S. . . Sittichivapak, “User Authentication in an Internet Protocol”, Eng. & Technol. Horiz., vol. 34, no. 2, pp. 1–7, Jun. 2020.

Issue

Vol. 34 No. 2 (2017): April -June

Section

Research Articles

License

The published articles are copyrighted by the School of Engineering, King Mongkut's Institute of Technology Ladkrabang.

The statements contained in each article in this academic journal are the personal opinions of each author and are not related to King Mongkut's Institute of Technology Ladkrabang and other faculty members in the institute.
Responsibility for all elements of each article belongs to each author; If there are any mistakes, each author is solely responsible for his own articles.