Title: Efficient and Unspoofable Source Identifiers via Packet Passports
by Xiaowei Yang

Abstract: 
We present the design of Passport, a system that allows source addresses to be
validated within the network. Passport uses efficient, symmetric-key
cryptography to place tokens on packets that allow each autonomous system
along the network path to independently verify that a source address is valid.
Compared to alternatives such as ingress filtering, Passport provides strong
deployment incentives. This is because the ISPs that adopt it protect their
address space from being spoofed to each other, even when the overall
deployment is small.  We implemented Passport and denial-of-service defense
systems that make use of it (based on fair queuing, filtering, and
capabilities) on Click and evaluated them on the Deterlab. We find that our
design is plausible for gigabit links and that denial-of-service designs based
on Passport outperform equivalent designs without unspoofable addresses. We
also describe how Passport can prevent reflector attacks and hijacking.