A link to the paper: Difference between revisions

From Soma-notes
Freetonik (talk | contribs)
Line 13: Line 13:
===Raghad===
===Raghad===
===AbdelRahman===
===AbdelRahman===
In the ideal world, every action on the internet could be bind to a machine and thus to a person. This is done by examining the source IP printed on each moving packet, locating the geographical location of this IP, consulting the ISP covering the location and identifying the person. Here is what goes wrong:
* IP addresses can be spoofed and hence, misleads the geographical location.
* For avoiding that problem, IP traceback can be performed BUT it requires global cooperation of intermediate systems... it is not there!
* IPs are not permanently bound to a person, so figuring out the person from the IP is not concrete.
* Network users are not aware of all packets sneaking to their machines, which allows for malware distribution and hence, the creation of botnets... misleading attribution!
* Firewalls and packet filter can be used for avoiding that problem, but they are not 100% efficient.


==Why we need Attribution==
==Why we need Attribution==

Revision as of 17:35, 17 March 2011

Title

Requirements for Attribution on the Internet

Abstract

Introduction

The attribution dilemma

What is the attribution problem

Rakhim

Omi

Raghad

AbdelRahman

In the ideal world, every action on the internet could be bind to a machine and thus to a person. This is done by examining the source IP printed on each moving packet, locating the geographical location of this IP, consulting the ISP covering the location and identifying the person. Here is what goes wrong:

  • IP addresses can be spoofed and hence, misleads the geographical location.
  • For avoiding that problem, IP traceback can be performed BUT it requires global cooperation of intermediate systems... it is not there!
  • IPs are not permanently bound to a person, so figuring out the person from the IP is not concrete.
  • Network users are not aware of all packets sneaking to their machines, which allows for malware distribution and hence, the creation of botnets... misleading attribution!
  • Firewalls and packet filter can be used for avoiding that problem, but they are not 100% efficient.

Why we need Attribution

  • DoS

Attribution Attacks

  • Stepping stone attack
  • Forgery
    • Identity theft

Requirements for internet attribution system

(Unstructured draft)

  • Any potentially destructive act should be traceable to a person (and/or organization, group, etc)
  • Traceability should not violate any current privacy-related laws and moral principles
  • Attribution mapping should not be a bijection, in other words action should map to persons, but not vice versa
  • Traceability information should be distributed
  • It should be impossible to collect all traceability data in one place
  • Personal data should be stored by trusted authorities (e.g. governments)
  • Traceability information and personal data should be separated, a connection to be revealed only when needed
  • Attribution system should be incrementally deployable
  • Cost of setting up and maintaining the system for a particular body (person, organization, network) should be considerably less than average losses under current lack of attribution (e.g. DoS, identity theft, etc)

Related Work

2004: This paper uses both link identification and filtering for achieving IP traceback WITHOUT the presence of high network cooperation.

Requirements