FPAC: Fast, fixed-cost authentication for access to reserved resources

Kenneth L. Calvert, Srinivasan Venkatraman, James N. Griffioen

Research output: Contribution to journalConference articlepeer-review

2 Scopus citations


Enhanced network services often involve allocating resources (bandwidth/buffer space) preferentially to packets belonging to certain flows or traffic classes. Such services are vulnerable to denial-of-service attacks if packet classification is based on information that can be forged, such as source and destination addresses and port numbers. Traditional message authentication codes (MACs), often considered the only solution to this problem, are really not designed to solve it. In particular, their per-packet costs are so high that they enable another form of denial-of-service attack based on overwhelming the verification mechanism. We describe the problem of denial of access to reserved resources and the inadequacies of conventional solutions. We then observe that it is reasonable to trade some of the strong security guarantees provided by conventional MACs for a lower per-packet cost. We propose a new packet authentication algorithm, designed to solve the problem of protecting reserved resources, with a very low, fixed per-packet cost. While it cannot replace conventional MACs for end-to-end authentication, we argue that it is a better solution for the problem considered here. We present measurements from a prototype implementation that can verify a packet of arbitrary size in as few as 1000 machine cycles on an Intel architecture machine.

Original languageEnglish
Pages (from-to)1049-1058
Number of pages10
JournalProceedings - IEEE INFOCOM
StatePublished - 2002
EventIEEE Infocom 2002 - New York, NY, United States
Duration: Jun 23 2002Jun 27 2002

ASJC Scopus subject areas

  • General Computer Science
  • Electrical and Electronic Engineering


Dive into the research topics of 'FPAC: Fast, fixed-cost authentication for access to reserved resources'. Together they form a unique fingerprint.

Cite this