Title

Requirements for Attribution on the Internet

Abstract

Introduction

Definition

Binding and act to an agent (person or device)

The attribution dilemma

While designing an attribution system one needs to consider balancing between attribution and privacy.

What is the attribution problem

Rakhim

The main problem I see is that the way Internet is designed makes it possible and relatively easy to act without compromising identity. Moreover, most current solutions are based on the same structure and work within the same scope, thus, can only reduce the number of potentially destructive acts or just deal with the consequences. Of course, no system can prevent 100% of destructive attempts, but some potentially good attribution system should make such attempts highly undesirable and "costly" for an attacker.

Omi

Raghad

The issue of lack of attribution on the web mostly arises whenever security is compromised. When your bombarded with spam, or when a system under a DoS attack attribution becomes a more appealing notion.

AbdelRahman

In the ideal world, every action on the internet could be bind to a machine and thus to a person. This is done by examining the source IP printed on each moving packet, locating the geographical location of this IP, consulting the ISP covering the location and identifying the person. If an act requires strict attribution (like checking and sending emails), authentication is used. Here is what goes wrong:

• IP addresses can be spoofed and hence, misleads the geographical location.
• For avoiding that problem, IP traceback can be performed BUT it requires global cooperation of intermediate systems... it is not there!
• IPs are not permanently bound to a person, so figuring out the person from the IP is not concrete.
• Network users are not aware of all packets sneaking to their machines, which allows for malware distribution and hence, the creation of botnets... misleading attribution!
• Firewalls and packet filters can be used for avoiding that problem, but they are not 100% efficient.
• It is not applicable to authenticate every single action on the internet.

Why we need Attribution

For identifying persons/devices when any of these attacks are detected:

• DoS and DDos
• Forgery and theft
• Sniffing private traffic
• Distributing illegal content
• Sending spam
• Illegal/undesired intrusion

For marketing purposes (privacy?)

• custom (client-based) content generation

Attacks to prevent correct attribution of actions

• Stepping stone attack
• Forgery
  • Identity theft (impersonation)
  • Distribution of malware

Requirements for internet attribution system

(Unstructured draft)

• Any potentially destructive act should be traceable to a person (and/or organization, group, etc)
• Traceability should not violate any current privacy-related laws and moral principles
• Attribution mapping should not be a bijection, in other words action should map to persons, but not vice versa
• Traceability information should be distributed
• It should be impossible to collect all traceability data in one place
• Personal data should be stored by trusted authorities (e.g. governments)
• Traceability information and personal data should be separated, a connection to be revealed only when needed
• Attribution system should be incrementally deployable
• Cost of setting up and maintaining the system for a particular body (person, organization, network) should be considerably less than average losses under current lack of attribution (e.g. DoS, identity theft, etc)
• Attribution system should be adoptable to different set of rules and principles (laws of countries, organizations' policies, etc), yet remain universal

Related Work

2004: This paper uses both link identification and filtering for achieving IP traceback WITHOUT the presence of high network cooperation.