Requirements for Attribution on the Internet
=The attribution dilemma=
==What is the attribution problem==
==Why we need Attribution==
==Attribution Attacks==
* Stepping stone attack
* Forgery
** Identity theft
=Requirements for internet attribution system=
(Unstructured draft)
* Any potentially destructive act should be traceable to a person (and/or organization, group, etc)
* Traceability should not violate any current privacy-related laws and moral principles
* Attribution mapping should not be a bijection, in other words action should map to persons, but not vice versa
* Traceability information should be distributed
* It should be impossible to collect all traceability data in one place
* Personal data should be stored by trusted authorities (e.g. governments)
* Traceability information and personal data should be separated, a connection to be revealed only when needed
* Attribution system should be incrementally deployable
* Cost of setting up and maintaining the system for a particular body (person, organization, network) should be considerably less than average losses under current lack of attribution (e.g. DoS, identity theft, etc)
=Related Work=
2004: [http://ieeexplore.ieee.org.proxy.library.carleton.ca/stamp/stamp.jsp?tp=&arnumber=1437851 This] paper uses both <i>link identification</i> and <i>filtering</i> for achieving IP traceback WITHOUT the presence of high network cooperation.

