Difference between revisions of "A link to the paper"

From Soma-notes
Jump to navigation Jump to search
 
(120 intermediate revisions by 4 users not shown)
Line 1: Line 1:
=Title=
#REDIRECT [[Internet Attribution: Between Privacy and Cruciality]]
Proposed titles:
* Requirements for Attribution on the Internet
* Internet Attribution: Between Privacy and Cruciality
 
=Abstract=
Present and past situations show a need for improved attribution systems, and arguably, scientific basis for a properly functioning attribution systems are not yet defined. This paper presents limits and advances in the attribution of actions to agents over the internet. It reviews current attribution technologies as well as the limits of those technologies. It also identifies the requirements of a proper attribution system and proposes a distributed (yet cooperative) approach for performing attribution over the internet.
 
=Introduction=
===Definition===
*Binding and act to an agent (person or device)
*“determining the identity or location of an attacker or an attacker’s intermediary” [Institute for Defense Analyses, 2003]
 
=The attribution dilemma=
* While designing an attribution system one needs to consider balancing between attribution and privacy.
**Sometimes non-attribution is very crucial,to protect political dissidents and whistle-blowers
* When to decide to track a person and when not to (so as not to intrude privacy)?
* How to make sure attribution is properly achieved?
* Who should attribute who/what and why?
* How far can we trust IP-traceback, stepping stone authentications, link identifications and packet filtering in wedging packets to agents?
* How much can intermediate systems' cooperation contribute to achieving attribution?
* Should there be consequences upon attributing an action(s) to an agent? What are they? (punishment, rewarding, etc)
* How to deal with misleading data sources hiding behind botnets and concealing identities via stepping stones?
 
==Why is it difficult to achieve attribution?==
 
The main problem I see is that the way Internet is designed makes it possible and relatively easy to act without compromising identity. Moreover, most current solutions are  based on the same structure and work within the same scope, thus, can only reduce the number of potentially destructive acts or just deal with the consequences.  Of course, no system can prevent 100% of destructive attempts, but some potentially good attribution system should make such attempts highly undesirable and "costly" for an attacker.
 
*The issue of lack of attribution on the web mostly arises whenever security is compromised. When you're bombarded with spam, or when a system is under a DoS attack attribution becomes a more appealing notion. Getting a balance between security and privacy is tricky, because once attacks are tracked so will all other traffic.
*Depending on the type of sender and receiver, different attribution policy will be requested.
 
In the ideal world, every action on the internet could be bound to a machine and thus to a person. This is done by examining the source IP printed on each moving packet, locating the geographical location of this IP, consulting the ISP covering the location and identifying the person. If an act requires strict attribution (like checking and sending emails), authentication is used. <b>Here is what goes wrong</b>:
* IP addresses can be <b>spoofed</b> and hence, misleads the geographical location.
* For avoiding that problem, <b>IP traceback</b> can be performed BUT it requires global cooperation of intermediate systems... it is not there!
* IPs are <b>not permanently bound</b> to personnel, so figuring out the person from the IP is not concrete.
* Network users are <b>not aware of all packets sneaking</b> to their machines, which allows for malware distribution and hence, the creation of botnets... misleading attribution!
* <b>Firewalls</b> and packet filters can be used for avoiding that problem, but they are not 100% efficient.
* It is not applicable to <b>authenticate</b> every single action on the internet.
===Attacks to prevent correct attribution of actions===
* Stepping stone attack: a common way of attributing attacks to anonymity by using multiple public random agents (as stepping stones) to reach the victim in order to conceal the attacking source. <ref name="ref1">S. Staniford-Chen and L. T. Heberlein. Holding intruders accountable on the internet. In SP ’95: Proceedings of the 1995 IEEE Symposium on Security and Privacy, page 39, Washington, DC, USA, 1995. IEEE Computer Society.</ref>
* Forgery
** Identity theft (impersonation)
** Distribution of malware
 
==Why we need Attribution==
For identifying persons/devices when any of these attacks are detected:
* DoS and DDos
* Forgery and theft
* Sniffing private traffic
* Distributing illegal content/malware
* Sending spam
* Illegal/undesired intrusion
For marketing purposes (privacy?)
* custom (client-based) content generation
 
=Requirements for internet attribution system=
(Unstructured draft)
 
* Any potentially destructive act should be traceable to a person (and/or organization, group, etc)
* Traceability should not violate any current privacy-related laws and moral principles
* Attribution mapping should not be a bijection, in other words action should map to persons, but not vice versa
* Traceability information should be distributed
* It should be impossible to collect all traceability data in one place
* Personal data should be stored by trusted authorities (e.g. governments)
* Traceability information and personal data should be separated, a connection to be revealed only when needed
* Attribution system should be incrementally deployable
* Cost of setting up and maintaining the system for a particular body (person, organization, network) should be considerably less than average losses under current lack of attribution (e.g. DoS, identity theft, etc)
* Attribution system should be adoptable to different set of rules and principles (laws of countries, organizations' policies, etc), yet remain universal
 
=Related Work=
===Against attribution attacks===
2006: [http://ieeexplore.ieee.org.proxy.library.carleton.ca/stamp/stamp.jsp?tp=&arnumber=1649171 This] paper designed a scalable testbed for evaluating all existing stepping stone attack.<br/>
2007: [http://www.truststc.org/pubs/168/HeTong06ASC.pdf This] paper proposes a technique for robust detection of stepping stone attack.
 
===Attributing actions over the internet by attributing packets to agents===
2004: [http://ieeexplore.ieee.org.proxy.library.carleton.ca/stamp/stamp.jsp?tp=&arnumber=1437851 This] paper uses both <i>link identification</i> and <i>filtering</i> for achieving IP traceback WITHOUT the presence of high network cooperation.<br/>
 
===Attributing text/documents/articles/codes to authors (Authorship)===
2005: [http://ieeexplore.ieee.org.proxy.library.carleton.ca/stamp/stamp.jsp?tp=&arnumber=1556355 This] paper presents a neural network approach for source attribution of text.<br/>
2006: [http://ieeexplore.ieee.org.proxy.library.carleton.ca/stamp/stamp.jsp?tp=&arnumber=4028874 This] paper presents a process to determine the source of a previously unexamined piece of writing.<br/>
2007: [http://ieeexplore.ieee.org.proxy.library.carleton.ca/stamp/stamp.jsp?tp=&arnumber=4456854 This] paper uses feature extractions for document attribution.<br/>
2007: [http://ieeexplore.ieee.org.proxy.library.carleton.ca/stamp/stamp.jsp?tp=&arnumber=4293714 This] paper works to recognize the author of text documents without depending on the document's theme. It also visualizes this attribution using "blobby objects".<br/>
2009: [http://ieeexplore.ieee.org.proxy.library.carleton.ca/stamp/stamp.jsp?tp=&arnumber=5254209 This] paper attributes codes (s/w programs) to persons after learning the personal coding scheme through at least three samples of codes.<br/>
2011: [http://ieeexplore.ieee.org.proxy.library.carleton.ca/stamp/stamp.jsp?tp=&arnumber=5706693 This] paper attributes user-generated text on the web by using a two-stage supervised and non-supervised learning for achieving authorship attribution on web forum posts.
 
=References=
<references/>

Latest revision as of 15:56, 11 April 2011

Redirect to:

Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=A_link_to_the_paper&oldid=9415"