Title

Proposed titles:

• Requirements for Attribution on the Internet
• Internet Attribution: Between Privacy and Cruciality

Abstract

Present and past situations show a need for improved attribution systems, and arguably, scientific basis for a properly functioning attribution systems are not yet defined. This paper presents limits and advances in the attribution of actions to agents over the internet. It reviews current attribution technologies as well as the limits of those technologies. It also identifies the requirements of a proper attribution system and proposes a distributed (yet cooperative) approach for performing attribution over the internet.

Introduction

Definition

• Binding and act to an agent (person or device)
• “determining the identity or location of an attacker or an attacker’s intermediary” [Institute for Defense Analyses, 2003]

The attribution dilemma

• While designing an attribution system one needs to consider balancing between attribution and privacy.
  • Sometimes non-attribution is very crucial,to protect political dissidents and whistle-blowers
• When to decide to track a person and when not to (so as not to intrude privacy)?
• How to make sure attribution is properly achieved?
• Who should attribute who/what and why?
• How far can we trust IP-traceback, stepping stone authentications, link identifications and packet filtering in wedging packets to agents?
• How much can intermediate systems' cooperation contribute to achieving attribution?
• Should there be consequences upon attributing an action(s) to an agent? What are they? (punishment, rewarding, etc)
• How to deal with misleading data sources hiding behind botnets and concealing identities via stepping stones?

Why is it difficult to achieve attribution?

The main problem I see is that the way Internet is designed makes it possible and relatively easy to act without compromising identity. Moreover, most current solutions are based on the same structure and work within the same scope, thus, can only reduce the number of potentially destructive acts or just deal with the consequences. Of course, no system can prevent 100% of destructive attempts, but some potentially good attribution system should make such attempts highly undesirable and "costly" for an attacker.

• The issue of lack of attribution on the web mostly arises whenever security is compromised. When you're bombarded with spam, or when a system is under a DoS attack attribution becomes a more appealing notion. Getting a balance between security and privacy is tricky, because once attacks are tracked so will all other traffic.
• Depending on the type of sender and receiver, different attribution policy will be requested.

In the ideal world, every action on the internet could be bound to a machine and thus to a person. This is done by examining the source IP printed on each moving packet, locating the geographical location of this IP, consulting the ISP covering the location and identifying the person. If an act requires strict attribution (like checking and sending emails), authentication is used. Here is what goes wrong:

• IP addresses can be spoofed and hence, misleads the geographical location.
• For avoiding that problem, IP traceback can be performed BUT it requires global cooperation of intermediate systems... it is not there!
• IPs are not permanently bound to personnel, so figuring out the person from the IP is not concrete.
• Network users are not aware of all packets sneaking to their machines, which allows for malware distribution and hence, the creation of botnets... misleading attribution!
• Firewalls and packet filters can be used for avoiding that problem, but they are not 100% efficient.
• It is not applicable to authenticate every single action on the internet.

Attacks to prevent correct attribution of actions

• Stepping stone attack: a common way of attributing attacks to anonymity by using multiple public random agents (as stepping stones) to reach the victim in order to conceal the attacking source. <ref name="ref1">S. Staniford-Chen and L. T. Heberlein. Holding intruders accountable on the internet. In SP ’95: Proceedings of the 1995 IEEE Symposium on Security and Privacy, page 39, Washington, DC, USA, 1995. IEEE Computer Society.</ref>
• Forgery
  • Identity theft (impersonation)
  • Distribution of malware

Why we need Attribution

For identifying persons/devices when any of these attacks are detected:

• DoS and DDos
• Forgery and theft
• Sniffing private traffic
• Distributing illegal content/malware
• Sending spam
• Illegal/undesired intrusion

For marketing purposes (privacy?)

• custom (client-based) content generation

Requirements for internet attribution system

(Unstructured draft)

• Any potentially destructive act should be traceable to a person (and/or organization, group, etc)
• Traceability should not violate any current privacy-related laws and moral principles
• Attribution mapping should not be a bijection, in other words action should map to persons, but not vice versa
• Traceability information should be distributed
• It should be impossible to collect all traceability data in one place
• Personal data should be stored by trusted authorities (e.g. governments)
• Traceability information and personal data should be separated, a connection to be revealed only when needed
• Attribution system should be incrementally deployable
• Cost of setting up and maintaining the system for a particular body (person, organization, network) should be considerably less than average losses under current lack of attribution (e.g. DoS, identity theft, etc)
• Attribution system should be adoptable to different set of rules and principles (laws of countries, organizations' policies, etc), yet remain universal

Related Work

Against attribution attacks

2006: This paper designed a scalable testbed for evaluating all existing stepping stone attack.
2007: This paper proposes a technique for robust detection of stepping stone attack.

Attributing actions over the internet by attributing packets to agents

2004: This paper uses both link identification and filtering for achieving IP traceback WITHOUT the presence of high network cooperation.

Attributing text/documents/articles/codes to authors (Authorship)

2005: This paper presents a neural network approach for source attribution of text.
2006: This paper presents a process to determine the source of a previously unexamined piece of writing.
2007: This paper uses feature extractions for document attribution.
2007: This paper works to recognize the author of text documents without depending on the document's theme. It also visualizes this attribution using "blobby objects".
2009: This paper attributes codes (s/w programs) to persons after learning the personal coding scheme through at least three samples of codes.
2011: This paper attributes user-generated text on the web by using a two-stage supervised and non-supervised learning for achieving authorship attribution on web forum posts.

References

<references/>