A link to the paper
Title
Requirements for Attribution on the Internet
Abstract
Introduction
The attribution dilemma
What is the attribution problem
Rakhim
Omi
Raghad
AbdelRahman
In the ideal world, every action on the internet could be bind to a machine and thus to a person. This is done by examining the source IP printed on each moving packet, locating the geographical location of this IP, consulting the ISP covering the location and identifying the person. Here is what goes wrong:
- IP addresses can be spoofed and hence, misleads the geographical location.
- For avoiding that problem, IP traceback can be performed BUT it requires global cooperation of intermediate systems... it is not there!
- IPs are not permanently bound to a person, so figuring out the person from the IP is not concrete.
- Network users are not aware of all packets sneaking to their machines, which allows for malware distribution and hence, the creation of botnets... misleading attribution!
- Firewalls and packet filter can be used for avoiding that problem, but they are not 100% efficient.
Why we need Attribution
- DoS
Attribution Attacks
- Stepping stone attack
- Forgery
- Identity theft
Requirements for internet attribution system
(Unstructured draft)
- Any potentially destructive act should be traceable to a person (and/or organization, group, etc)
- Traceability should not violate any current privacy-related laws and moral principles
- Attribution mapping should not be a bijection, in other words action should map to persons, but not vice versa
- Traceability information should be distributed
- It should be impossible to collect all traceability data in one place
- Personal data should be stored by trusted authorities (e.g. governments)
- Traceability information and personal data should be separated, a connection to be revealed only when needed
- Attribution system should be incrementally deployable
- Cost of setting up and maintaining the system for a particular body (person, organization, network) should be considerably less than average losses under current lack of attribution (e.g. DoS, identity theft, etc)
Related Work
2004: This paper uses both link identification and filtering for achieving IP traceback WITHOUT the presence of high network cooperation.