DistOS-2011W Attribution: Difference between revisions

From Soma-notes
No edit summary
Freetonik (talk | contribs)
Line 37: Line 37:
# Within the frame format of the IP protocol, a header is to be added including the <i>identification stamp</i> of the packet owner.
# Within the frame format of the IP protocol, a header is to be added including the <i>identification stamp</i> of the packet owner.
Upon achieving these requirements, the mentioned rule will apply. When a router receives a packet, it should first consult the global database for verifying the <i>identification stamp</i> of the packet. If it was not verified, the router drops the packet.
Upon achieving these requirements, the mentioned rule will apply. When a router receives a packet, it should first consult the global database for verifying the <i>identification stamp</i> of the packet. If it was not verified, the router drops the packet.
# Attribution mapping should not be bijection, in other words action should map to persons, but not vice versa.


As can be noticed the proposed system still lacks lots of definitions in its functionality. For example, it can't prevent the creation of botnets, forgery and other similar attacks. In principle, a web server provides a service on behalf of someone, should web servers have permanent identification stamps (as a replacement of certificates)? In addition, factors like router latencies, DB protection, who to elect as global trustful entity still needs to be addressed.
As can be noticed the proposed system still lacks lots of definitions in its functionality. For example, it can't prevent the creation of botnets, forgery and other similar attacks. In principle, a web server provides a service on behalf of someone, should web servers have permanent identification stamps (as a replacement of certificates)? In addition, factors like router latencies, DB protection, who to elect as global trustful entity still needs to be addressed.
Line 47: Line 48:
<b>Attribution Definition:</b><br/>
<b>Attribution Definition:</b><br/>
"Binding an act to a person" - Prof. Anil
"Binding an act to a person" - Prof. Anil
==Tuesday, March 15th==
==Tuesday, March 15th==



Revision as of 14:27, 15 March 2011

Members

  • AbdelRahman Abdou
  • Raghad Al-Awwad
  • Omi Iyamu
  • Rakhim Davletkaliyev

Meeting Briefings

Tuesday, March 1st

After 20 minutes of brainstorming, we agreed on:

  • Current internet infrastructure lacks the ability of achieving highly scalable and efficient attribution mechanism.
  • Attribution must be implemented in a distributed manner and must be automated and not owned.
  • Threats that should be addressed include (but not limited to):
    • Computers, individuals and applications impersonation
    • All types of electronic spoofing.
  • The skeleton of our project will constitute four main aspects:
    • Tracing/Tracking: baseline for attribution.
    • Human identification: a MUST to include!
    • Machine identification: to be dissolved with human identification.
    • Storage: how and where to store data traces and the identification stamps.

Thursday, March 3rd

Decided Task Distribution:

  • Tracing/Tracking: Omi
  • Human identification: Raghad
  • Machine identification: AbdelRahman
  • Storage: Rakhim

Thursday, March 10th

Basic Proposal:
Upon questioning the capabilities of the currently deployed global network, it was agreed that it lacks the ability of achieving a relatively high attribution property. By "relatively", we mean in comparison to the "world's" attribution standards (i.e., the percentage of success in binding an act to a person in the real world). Moreover, any system (h/w or s/w) that is to operate at the end systems is useless because it can be messed with. As a result, a proposed model was basically discussed. It employs the rule:
"An act cannot use network resources nor can it be routed if it is anonymously bound."
Noticeably, the routers, as primary constituents to the intermediate systems, should refrain from routing any data packets that are not fully attributed. As they are the main driving power behind delivering all malicious or benign packets, they should have great responsibility in achieving highly reliable attribution mechanism. The proposed system requires the following:

  1. Globally trustful entity(s) (e.g., government)
  2. Any newly bought (or even handmade/privately manufactured) device that has access capabilities must be licensed from the trustful entity (defined in 1), or else, it will not be able to benefit from global routing services.
  3. The licensing mechanism occurs by binding a human's unique feature (e.g., iris intricate structure) with a machine unique feature (e.g., MAC address) generating a chunk called identification stamp. (The inclusion of the passport number in the identification stamps is still under investigation for the sake of tracking the punishing the prime committer).
  4. A DNS-like world-wide distributed system is to be encrypted and deployed that acts as a database for storing all identification stamps. The system can ONLY be accessible for READ operations by the routers, and can ONLY be accessible for WRITE operations by the trustful entity(s) defined in 1.
  5. Within the frame format of the IP protocol, a header is to be added including the identification stamp of the packet owner.

Upon achieving these requirements, the mentioned rule will apply. When a router receives a packet, it should first consult the global database for verifying the identification stamp of the packet. If it was not verified, the router drops the packet.

  1. Attribution mapping should not be bijection, in other words action should map to persons, but not vice versa.

As can be noticed the proposed system still lacks lots of definitions in its functionality. For example, it can't prevent the creation of botnets, forgery and other similar attacks. In principle, a web server provides a service on behalf of someone, should web servers have permanent identification stamps (as a replacement of certificates)? In addition, factors like router latencies, DB protection, who to elect as global trustful entity still needs to be addressed.

To be done:

  • Strictly define the requirements of a good attribution system.
  • Analyzing what the currently implemented attribution systems lack.
  • (optional) Proposing a model that arguably employs attribution.

Attribution Definition:
"Binding an act to a person" - Prof. Anil

Tuesday, March 15th

Surveyed Papers

[1]Marco Gruteser, Suman Banerjee, Marco Gruteser, Vladimir Barik, Wireless device identification with radiometric signatures, University of Wisconsin at Madison, Madison, WI, USA, 2008. PDF

  • ABSTRACT

We design, implement, and evaluate a technique to identify the source network interface card (NIC) of an IEEE 802.11 frame through passive radio-frequency analysis. This technique, called PARADIS, leverages minute imperfections of transmitter hardware that are acquired at manufacture and are present even in otherwise identical NICs. These imperfections are transmitter-specific and manifest themselves as artifacts of the emitted signals. In PARADIS, we measure differentiating artifacts of individual wireless frames in the modulation domain, apply suitable machine-learning classification tools to achieve significantly higher degrees of NIC identification accuracy than prior best known schemes. We experimentally demonstrate effectiveness of PARADIS in differentiating between more than 130 identical 802.11 NICs with accuracy in excess of 99%. Our results also show that the accuracy of PARADIS is resilient against ambient noise and fluctuations of the wireless channel. Although our implementation deals exclusively with IEEE 802.11, the approach itself is general and will work with any digital modulation scheme.


[2] Subhabrata Sen, Oliver Spatscheck, Dongmei Wang, Accurate, scalable in-network identification of p2p traffic using application signatures, AT&T Labs-Research, Florham Park, NJ, 2004. PDF

  • ABSTRACT

The ability to accurately identify the network traffic associated with different P2P applications is important to a broad range of network operations including application-specific traffic engineering, capacity planning, provisioning, service differentiation,etc. However, traditional traffic to higher-level application mapping techniques such as default server TCP or UDP network-port baseddisambiguation is highly inaccurate for some P2P applications.In this paper, we provide an efficient approach for identifying the P2P application traffic through application level signatures. We firstidentify the application level signatures by examining some available documentations, and packet-level traces. We then utilize the identified signatures to develop online filters that can efficiently and accurately track the P2P traffic even on high-speed network links.We examine the performance of our application-level identification approach using five popular P2P protocols. Our measurements show thatour technique achieves less than 5% false positive and false negative ratios in most cases. We also show that our approach only requires the examination of the very first few packets (less than 10packets) to identify a P2P connection, which makes our approach highly scalable. Our technique can significantly improve the P2P traffic volume estimates over what pure network port based approaches provide. For instance, we were able to identify 3 times as much traffic for the popular Kazaa P2P protocol, compared to the traditional port-based approach.


[3] Roger Clarke, Human Identification in Information Systems: Management Challenges and Public Policy Issues PDF/HTML

  • ABSTRACT

Many information systems involve data about people. In order reliably to associate data with particular individuals, it is necessary that an effective and efficient identification scheme be established and maintained. There is remarkably little in the information technology literature concerning human identification. Seeks to overcome that deficiency by undertaking a survey of human identity and human identification. Discusses techniques including names, codes, knowledge-based and token-based identification, and biometrics. Identifies the key challenge to management as being to devise a scheme which is practicable and economic, and of sufficiently high integrity to address the risks the organization confronts in its dealings with people. Proposes that much greater use be made of schemes which are designed to afford people anonymity, or which enable them to use multiple identities or pseudonyms, while at the same time protecting the organization's own interest. Describes multi-purpose and inhabitant registration schemes, and notes the recurrence of proposals to implement and extend them. Identifies public policy issues. Of especial concern is the threat to personal privacy that the general-purpose use of an inhabitant registrant scheme represents. Speculates that, where such schemes are pursued energetically, the reaction may be strong enough to threaten the social fabric.

Milestones

  • Problem definition
  • Literature review
  • Comparison of literature
  • Requirements for a proper attribution scheme
  • Discussions
  • Conclusion and Future Work

Paper

A link to the paper

Project Progress

Coming Soon!

Requirements

  • incremental deployability
  • privacy

Readings

really hard to find anything not from psychology