DistOS-2011W Attribution: Difference between revisions

From Soma-notes
No edit summary
No edit summary
 
(47 intermediate revisions by 3 users not shown)
Line 1: Line 1:
[https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B4BvKAjU8BfIYzNjZjZmOWMtNjJjZC00YmY5LWE3NDYtY2ZlODIzMTk0MWUz&hl=en A link to the presentation]
[[A link to the paper]]
==Members==
==Members==
* AbdelRahman Abdou
* AbdelRahman Abdou
Line 26: Line 31:
==Thursday, March 10th==
==Thursday, March 10th==
<b>Basic Proposal:</b><br/>
<b>Basic Proposal:</b><br/>
Upon questioning the capabilities of the currently deployed global network, it was agreed that it lacks the ability of achieving a relatively high attribution property. By <i>"relatively"</i>, we mean in comparison to the "world's" attribution standards (i.e., the percentage of success in binding an act to a person in the real world).  
Upon questioning the capabilities of the currently deployed global network, it was agreed that it lacks the ability of achieving a relatively high attribution property. By <i>"relatively"</i>, we mean in comparison to the "world's" attribution standards (i.e., the percentage of success in binding an act to a person in the real world). Moreover, any system (h/w or s/w) that is to operate at the end systems is useless because it can be messed with.
As a result, a proposed model was basically discussed. It employs the rule:<br/>
As a result, a proposed model was basically discussed. It employs the rule:<br/>
<i>"An act cannot use network resources nor can it be routed if it is anonymously bound."</i>
<i>"An act cannot use network resources nor can it be routed if it is anonymously bound."</i><br/>
To be done:
Noticeably, the routers, as primary constituents to the intermediate systems, should refrain from routing any data packets that are not fully attributed. As they are the main driving power behind delivering all malicious or benign packets, they should have great responsibility in achieving highly reliable attribution mechanism.
The proposed system requires the following:
# Globally trustful entity(s) (e.g., government)
# Any newly bought (or even handmade/privately manufactured) device that has access capabilities must be licensed from the trustful entity (defined in 1), or else, it will not be able to benefit from global routing services.
# The licensing mechanism occurs by binding a human's unique feature (e.g., iris intricate structure) with a machine unique feature (e.g., MAC address) generating a chunk called <i>identification stamp</i>. (The inclusion of the passport number in the <i>identification stamps</i> is still under investigation for the sake of tracking the punishing the prime committer).
# A DNS-like world-wide distributed system is to be encrypted and deployed that acts as a database for storing all <i>identification stamps</i>. The system can ONLY be accessible for READ operations by the routers, and can ONLY be accessible for WRITE operations by the trustful entity(s) defined in 1.
# Within the frame format of the IP protocol, a header is to be added including the <i>identification stamp</i> of the packet owner.
# Attribution mapping should not be bijection, in other words action should map to persons, but not vice versa.
Upon achieving these requirements, the mentioned rule will apply. When a router receives a packet, it should first consult the global database for verifying the <i>identification stamp</i> of the packet. If it was not verified, the router drops the packet.
 
 
As can be noticed the proposed system still lacks lots of definitions in its functionality. For example, it can't prevent the creation of botnets, forgery and other similar attacks. In principle, a web server provides a service on behalf of someone, should web servers have permanent identification stamps (as a replacement of certificates)? In addition, factors like router latencies, DB protection, who to elect as global trustful entity still needs to be addressed.
 
<b>To be done:</b><br/>
* Strictly define the requirements of a good attribution system.
* Strictly define the requirements of a good attribution system.
* Analyzing what the currently implemented attribution systems lack.
* Analyzing what the currently implemented attribution systems lack.
Line 36: Line 54:
<b>Attribution Definition:</b><br/>
<b>Attribution Definition:</b><br/>
"Binding an act to a person" - Prof. Anil
"Binding an act to a person" - Prof. Anil
==Tuesday, March 15th==
==Tuesday, March 15th==
* Discussed some of the surveyed papers.
* Analyzed more requirements of achieving attribution.
* Plan for next meeting: FORMAL DEFINITION OF THE PROBLEM.
==Thursday, March 17th==
Continuing with defining requirements as well as clarifying the reasons of the need of attribution and different attacks that prevent proper attribution.
==Monday, March 21st==
Finalized what will be presented and distributed the tasks (as those written in the "Discussion" page)
==Tuesday, March 22nd==
==Thursday, March 24th==
Presentations
==Tuesday, March 29th==
Preparing for final presentation.


=Surveyed Papers=
=Surveyed Papers=
Line 58: Line 90:
*ABSTRACT
*ABSTRACT
<i>Many information systems involve data about people. In order reliably to associate data with particular individuals, it is necessary that an effective and efficient identification scheme be established and maintained. There is remarkably little in the information technology literature concerning human identification. Seeks to overcome that deficiency by undertaking a survey of human identity and human identification. Discusses techniques including names, codes, knowledge-based and token-based identification, and biometrics. Identifies the key challenge to management as being to devise a scheme which is practicable and economic, and of sufficiently high integrity to address the risks the organization confronts in its dealings with people. Proposes that much greater use be made of schemes which are designed to afford people anonymity, or which enable them to use multiple identities or pseudonyms, while at the same time protecting the organization's own interest. Describes multi-purpose and inhabitant registration schemes, and notes the recurrence of proposals to implement and extend them. Identifies public policy issues. Of especial concern is the threat to personal privacy that the general-purpose use of an inhabitant registrant scheme represents. Speculates that, where such schemes are pursued energetically, the reaction may be strong enough to threaten the social fabric.</i>
<i>Many information systems involve data about people. In order reliably to associate data with particular individuals, it is necessary that an effective and efficient identification scheme be established and maintained. There is remarkably little in the information technology literature concerning human identification. Seeks to overcome that deficiency by undertaking a survey of human identity and human identification. Discusses techniques including names, codes, knowledge-based and token-based identification, and biometrics. Identifies the key challenge to management as being to devise a scheme which is practicable and economic, and of sufficiently high integrity to address the risks the organization confronts in its dealings with people. Proposes that much greater use be made of schemes which are designed to afford people anonymity, or which enable them to use multiple identities or pseudonyms, while at the same time protecting the organization's own interest. Describes multi-purpose and inhabitant registration schemes, and notes the recurrence of proposals to implement and extend them. Identifies public policy issues. Of especial concern is the threat to personal privacy that the general-purpose use of an inhabitant registrant scheme represents. Speculates that, where such schemes are pursued energetically, the reaction may be strong enough to threaten the social fabric.</i>
[4]Matt Bishop, Carrie Gates and Jerrey Hunker <i>The Sisterhood of the Traveling Packets</i> [http://jeffreyhunker.com/gallery/20/nspw09-1.pdf PDF]
*ABSTRACT
<I>From a cyber-security perspective, attribution is considered to be
the ability to determine the originating location for an attack.
However, should such an attribution system be developed and
deployed, it would provide attribution for all traffic, not just attack
traffic. This has several implications for both the senders and
receivers of traffic, as well as the intervening organizations,
Internet service providers and nation-states. In this paper we
examine the requirements for an attribution system, identifying all
of the actors, their potential interests, and the resulting policies
they might therefore have. We provide a general framework that
represents the attribution problem, and outline the technical and
policy requirements for a solution. We discuss the inevitable
policy conflicts due to the social, legal and cultural issues that
would surround such a system.</i>


=Milestones=
=Milestones=
(Under Construction)
* Abstract (100% done)
* Problem definition
* Introduction (100% done)
* Literature review
* Background (100% done)
* Basic system proposal
* Dilemma (100% done)
* ??
* Requirements for a proper attribution scheme (100% done)
* Conclusion (100% done)


=Project Progress=
=Project Progress=
Coming Soon!
100%


=Requirements=
=Requirements=
Line 73: Line 124:
* privacy
* privacy


==Readings==
=Readings=
''really hard to find anything not from psychology''
''really hard to find anything not from psychology''
[http://weiner.socialpsychology.org/ "Bernard Weiner"] has developed the <i>[http://www.amazon.com/Human-Motivation-Metaphors-Theories-Research/dp/0803946589 attribution theory]</i>, but it attributes an explanation to certain human behavior. Not related to our work.
There are relatively rare publications on Internet attribution..!!
=Interoperabilities=
Observability?
=Survey=
Guys, I think we should make a survey and gather data as much as we can regarding how much are people willing to sacrifice their privacy for achieving attribution. We can add this to our report...
How about this:
'''Anonymity over the internet is crucial to most of us. Is it the time to give it up?'''
The fact that no one knows who is doing what over the internet allows for anyone to slice and dice (to commit all these kinds of hacking and electronic crimes). Attribution systems are those who can be injected in the internet to tell WHO DID WHAT. With a good attribution over the internet, most of your actions including internet surfing, email signup, reading news, etc will be FORMALLY linked to you.. sounds bad? However, now crime committers will think twice before doing it.
HOW MUCH ARE YOU WILLING TO SACRIFICE YOUR PRIVACY IN ORDER TO GAIN PROPER ATTRIBUTION?
* NONE! I don't care about attribution.
* Not so much
* Indifferent
* Big time
* SACRIFICE IT ALL. Attribution is so important.

Latest revision as of 19:58, 11 April 2011

A link to the presentation

A link to the paper


Members

  • AbdelRahman Abdou
  • Raghad Al-Awwad
  • Omi Iyamu
  • Rakhim Davletkaliyev

Meeting Briefings

Tuesday, March 1st

After 20 minutes of brainstorming, we agreed on:

  • Current internet infrastructure lacks the ability of achieving highly scalable and efficient attribution mechanism.
  • Attribution must be implemented in a distributed manner and must be automated and not owned.
  • Threats that should be addressed include (but not limited to):
    • Computers, individuals and applications impersonation
    • All types of electronic spoofing.
  • The skeleton of our project will constitute four main aspects:
    • Tracing/Tracking: baseline for attribution.
    • Human identification: a MUST to include!
    • Machine identification: to be dissolved with human identification.
    • Storage: how and where to store data traces and the identification stamps.

Thursday, March 3rd

Decided Task Distribution:

  • Tracing/Tracking: Omi
  • Human identification: Raghad
  • Machine identification: AbdelRahman
  • Storage: Rakhim

Thursday, March 10th

Basic Proposal:
Upon questioning the capabilities of the currently deployed global network, it was agreed that it lacks the ability of achieving a relatively high attribution property. By "relatively", we mean in comparison to the "world's" attribution standards (i.e., the percentage of success in binding an act to a person in the real world). Moreover, any system (h/w or s/w) that is to operate at the end systems is useless because it can be messed with. As a result, a proposed model was basically discussed. It employs the rule:
"An act cannot use network resources nor can it be routed if it is anonymously bound."
Noticeably, the routers, as primary constituents to the intermediate systems, should refrain from routing any data packets that are not fully attributed. As they are the main driving power behind delivering all malicious or benign packets, they should have great responsibility in achieving highly reliable attribution mechanism. The proposed system requires the following:

  1. Globally trustful entity(s) (e.g., government)
  2. Any newly bought (or even handmade/privately manufactured) device that has access capabilities must be licensed from the trustful entity (defined in 1), or else, it will not be able to benefit from global routing services.
  3. The licensing mechanism occurs by binding a human's unique feature (e.g., iris intricate structure) with a machine unique feature (e.g., MAC address) generating a chunk called identification stamp. (The inclusion of the passport number in the identification stamps is still under investigation for the sake of tracking the punishing the prime committer).
  4. A DNS-like world-wide distributed system is to be encrypted and deployed that acts as a database for storing all identification stamps. The system can ONLY be accessible for READ operations by the routers, and can ONLY be accessible for WRITE operations by the trustful entity(s) defined in 1.
  5. Within the frame format of the IP protocol, a header is to be added including the identification stamp of the packet owner.
  6. Attribution mapping should not be bijection, in other words action should map to persons, but not vice versa.

Upon achieving these requirements, the mentioned rule will apply. When a router receives a packet, it should first consult the global database for verifying the identification stamp of the packet. If it was not verified, the router drops the packet.


As can be noticed the proposed system still lacks lots of definitions in its functionality. For example, it can't prevent the creation of botnets, forgery and other similar attacks. In principle, a web server provides a service on behalf of someone, should web servers have permanent identification stamps (as a replacement of certificates)? In addition, factors like router latencies, DB protection, who to elect as global trustful entity still needs to be addressed.

To be done:

  • Strictly define the requirements of a good attribution system.
  • Analyzing what the currently implemented attribution systems lack.
  • (optional) Proposing a model that arguably employs attribution.

Attribution Definition:
"Binding an act to a person" - Prof. Anil

Tuesday, March 15th

  • Discussed some of the surveyed papers.
  • Analyzed more requirements of achieving attribution.
  • Plan for next meeting: FORMAL DEFINITION OF THE PROBLEM.

Thursday, March 17th

Continuing with defining requirements as well as clarifying the reasons of the need of attribution and different attacks that prevent proper attribution.

Monday, March 21st

Finalized what will be presented and distributed the tasks (as those written in the "Discussion" page)

Tuesday, March 22nd

Thursday, March 24th

Presentations

Tuesday, March 29th

Preparing for final presentation.

Surveyed Papers

[1]Marco Gruteser, Suman Banerjee, Marco Gruteser, Vladimir Barik, Wireless device identification with radiometric signatures, University of Wisconsin at Madison, Madison, WI, USA, 2008. PDF

  • ABSTRACT

We design, implement, and evaluate a technique to identify the source network interface card (NIC) of an IEEE 802.11 frame through passive radio-frequency analysis. This technique, called PARADIS, leverages minute imperfections of transmitter hardware that are acquired at manufacture and are present even in otherwise identical NICs. These imperfections are transmitter-specific and manifest themselves as artifacts of the emitted signals. In PARADIS, we measure differentiating artifacts of individual wireless frames in the modulation domain, apply suitable machine-learning classification tools to achieve significantly higher degrees of NIC identification accuracy than prior best known schemes. We experimentally demonstrate effectiveness of PARADIS in differentiating between more than 130 identical 802.11 NICs with accuracy in excess of 99%. Our results also show that the accuracy of PARADIS is resilient against ambient noise and fluctuations of the wireless channel. Although our implementation deals exclusively with IEEE 802.11, the approach itself is general and will work with any digital modulation scheme.


[2] Subhabrata Sen, Oliver Spatscheck, Dongmei Wang, Accurate, scalable in-network identification of p2p traffic using application signatures, AT&T Labs-Research, Florham Park, NJ, 2004. PDF

  • ABSTRACT

The ability to accurately identify the network traffic associated with different P2P applications is important to a broad range of network operations including application-specific traffic engineering, capacity planning, provisioning, service differentiation,etc. However, traditional traffic to higher-level application mapping techniques such as default server TCP or UDP network-port baseddisambiguation is highly inaccurate for some P2P applications.In this paper, we provide an efficient approach for identifying the P2P application traffic through application level signatures. We firstidentify the application level signatures by examining some available documentations, and packet-level traces. We then utilize the identified signatures to develop online filters that can efficiently and accurately track the P2P traffic even on high-speed network links.We examine the performance of our application-level identification approach using five popular P2P protocols. Our measurements show thatour technique achieves less than 5% false positive and false negative ratios in most cases. We also show that our approach only requires the examination of the very first few packets (less than 10packets) to identify a P2P connection, which makes our approach highly scalable. Our technique can significantly improve the P2P traffic volume estimates over what pure network port based approaches provide. For instance, we were able to identify 3 times as much traffic for the popular Kazaa P2P protocol, compared to the traditional port-based approach.


[3] Roger Clarke, Human Identification in Information Systems: Management Challenges and Public Policy Issues PDF/HTML

  • ABSTRACT

Many information systems involve data about people. In order reliably to associate data with particular individuals, it is necessary that an effective and efficient identification scheme be established and maintained. There is remarkably little in the information technology literature concerning human identification. Seeks to overcome that deficiency by undertaking a survey of human identity and human identification. Discusses techniques including names, codes, knowledge-based and token-based identification, and biometrics. Identifies the key challenge to management as being to devise a scheme which is practicable and economic, and of sufficiently high integrity to address the risks the organization confronts in its dealings with people. Proposes that much greater use be made of schemes which are designed to afford people anonymity, or which enable them to use multiple identities or pseudonyms, while at the same time protecting the organization's own interest. Describes multi-purpose and inhabitant registration schemes, and notes the recurrence of proposals to implement and extend them. Identifies public policy issues. Of especial concern is the threat to personal privacy that the general-purpose use of an inhabitant registrant scheme represents. Speculates that, where such schemes are pursued energetically, the reaction may be strong enough to threaten the social fabric.


[4]Matt Bishop, Carrie Gates and Jerrey Hunker The Sisterhood of the Traveling Packets PDF

  • ABSTRACT

From a cyber-security perspective, attribution is considered to be the ability to determine the originating location for an attack. However, should such an attribution system be developed and deployed, it would provide attribution for all traffic, not just attack traffic. This has several implications for both the senders and receivers of traffic, as well as the intervening organizations, Internet service providers and nation-states. In this paper we examine the requirements for an attribution system, identifying all of the actors, their potential interests, and the resulting policies they might therefore have. We provide a general framework that represents the attribution problem, and outline the technical and policy requirements for a solution. We discuss the inevitable policy conflicts due to the social, legal and cultural issues that would surround such a system.

Milestones

  • Abstract (100% done)
  • Introduction (100% done)
  • Background (100% done)
  • Dilemma (100% done)
  • Requirements for a proper attribution scheme (100% done)
  • Conclusion (100% done)

Project Progress

100%

Requirements

  • incremental deployability
  • privacy

Readings

really hard to find anything not from psychology

"Bernard Weiner" has developed the attribution theory, but it attributes an explanation to certain human behavior. Not related to our work.

There are relatively rare publications on Internet attribution..!!

Interoperabilities

Observability?

Survey

Guys, I think we should make a survey and gather data as much as we can regarding how much are people willing to sacrifice their privacy for achieving attribution. We can add this to our report...

How about this:

Anonymity over the internet is crucial to most of us. Is it the time to give it up?

The fact that no one knows who is doing what over the internet allows for anyone to slice and dice (to commit all these kinds of hacking and electronic crimes). Attribution systems are those who can be injected in the internet to tell WHO DID WHAT. With a good attribution over the internet, most of your actions including internet surfing, email signup, reading news, etc will be FORMALLY linked to you.. sounds bad? However, now crime committers will think twice before doing it.

HOW MUCH ARE YOU WILLING TO SACRIFICE YOUR PRIVACY IN ORDER TO GAIN PROPER ATTRIBUTION?

  • NONE! I don't care about attribution.
  • Not so much
  • Indifferent
  • Big time
  • SACRIFICE IT ALL. Attribution is so important.