Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Published byAmbrose Stevens Modified over 9 years ago

Similar presentations

Presentation on theme: "Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01."— Presentation transcript:

1 Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01

2 2 Introduction  Today’s Internet infrastructure is extremely vulnerable to motivated and well equipped attackers. –Denial of service attacks –Single well-targeted packet attacks  To institute accountability for these attacks, the source of individual packets must be identified.

3 3 Today’s IP Network  The IP protocol has difficulty to identify the true source of an IP datagram. –Stateless and destination based routing w/o source authentication –Legitimately spoofed source addresses NAT, Mobile IP, IPSec  Ingress filtering

4 4 Source Path Isolation Engine  Challenges in constructing a tracing system –Determining which packets to trace –Maintain privacy –Minimizing cost  The proposed SPIE can –reduces memory consumption with bloom filters –verifies packets while maintains privacy by packet digests

5 5 Assumptions on a Traceback System  Packets may be addressed to more than one physical host  Duplicate packets may exist in the network  Routers may be subverted, but not often  Attackers are aware they are being traced Continued…

6 6 Assumptions on a Traceback System  The routing behavior of the network may be unstable  The packet size should not grow as a result of tracing  End hosts may be resource constrained  Traceback is an infrequent operation

7 7 Design Goals  An optimal IP traceback system would –precisely identify the source of an arbitrary IP packet –construct an attack path when co-opted routers exist –construct an attack graph when multiple indistinguishable packets exist –produce no false negatives while attempting to minimize false positives –not expand the eavesdropping capabilities of a malicious party

8 8 Attack Graph

9 9 Design Goals  An optimum traceback system should trace packets through valid transformation back to the source of the original packet.  Transformation categories –Packet encapsulation –Packet generation –Common packet transformation (RFC 1812)

10 10 Related Works  Two approaches to determine the route of a packet flow are auditing and inferring.  Inferring (Burch and Cheswick) –Floods candidate links and monitors variations –Network topology and large packet floods  Specialized routing (Stone) –Overlay tracking network –Long-live flow and routing change

11 11 Auditing  End-host schemes –Routers notify the packet destination of their presence on the route by in-band or out-of-band signaling.  Infrastructure schemes –Log packets at various points throughout the network. –Space and privacy considerations  Input debugging & IDIP –High overhead

12 12 Packet Digesting  Auditing by computing and storing 32-bit packet digests reduces storage requirements and prevents eavesdropping.  SPIE computes digests over the invariant portion of the IP header and the first 8 bytes of the payload (totally 28 bytes). Continued…

13 13 Packet Digesting

14 14 Prefix Collision

15 15 Bloom Filter There are multiple, independent hashes which change over time at each router.

16 16 SPIE Architecture DGA: Data Generation Agent SCAR: SPIE Collection and Reduction STM: SPIE Traceback Manager IDS: Intrusion Detection System

17 17 Traceback Processing  IDS provide STM with a packet, P, victim, V, and time of attack, T.  STM verifies message’s authenticity and integrity.  STM immediately asks all SCARs to poll their DGAs for relevant traffic digests.  Each SCAR responds with a partial attack graph.  STM constructs a composite attack graph and returns it to IDS

18 18 Transformation Processing  Packet being transformed are put on the control path, thus relaxing the timing requirements.  Transform Lookup Table (TLT): a. Pointer b. Flow caching Indirect (I) flag: Continued…

19 19 Transformation Processing  29-bit packet digest field implies eight distinct packet digests map to the same TLT entry. –Rarity of packet transformations –Sparsity of the digest table –Uniformity of the digesting function  SPIE considers the security gateway or NAT functionality of routers as a separate entity to manage TLT growth.

20 20 Graph Construction  Simulating Reverse-Path Flooding (RPF), SCARs construct attack graphs by examining the digest tables.

21 21 DGA Hardware

22 22 Discussion  Reliable and timely SPIE communication –Out-of-band channel –Higher priority  Inter-domain cooperation –Authentication  Denial of service through transformation –Performance & policy

23 23 Conclusion and Future Works  SPIE contributes on tracing a single packet with privacy and low storage.  SPIE deals with complex packet transformations in high-speed routers.  Future works of SPIE include –extending time period of traceability –reduce information of de-transformation

Download ppt "Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01."

Similar presentations

COMP 7320 Internet Security: Prevention of DDoS Attacks By Dack Phillips.

COMP 7320 Internet Security: Prevention of DDoS Attacks By Dack Phillips.
Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
IPv6 Overview Brent Frye EECS710. Overview Google Drive Microsoft Cloud Drive Dropbox Paid-for alternatives 2.

IPv6 Overview Brent Frye EECS710. Overview Google Drive Microsoft Cloud Drive Dropbox Paid-for alternatives 2.
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.

IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.
124.09.2012 1 Lecture 5 - Routing On the Flat Labels M.Sc Ilya Nikolaevskiy Helsinki Institute for Information Technology (HIIT)

Lecture 5 - Routing On the Flat Labels M.Sc Ilya Nikolaevskiy Helsinki Institute for Information Technology (HIIT)
UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.

UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
IP Spoofing CIS 610 Week 2: 13-JAN-2004. Definition and Background n Def’n: The forging of the IP Source Address field in an IP packet n First mentioned.

IP Spoofing CIS 610 Week 2: 13-JAN Definition and Background n Def’n: The forging of the IP Source Address field in an IP packet n First mentioned.
NISNet Winter School Finse 2008 1 Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Internet Indirection Infrastructure Ion Stoica UC Berkeley.

Internet Indirection Infrastructure Ion Stoica UC Berkeley.
© 2003 By Default! A Free sample background from www.powerpointbackgrounds.com Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,
IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.

IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn 2004-2005.

Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.

A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.
CSCI 4550/8556 Computer Networks Comer, Chapter 19: Binding Protocol Addresses (ARP)

CSCI 4550/8556 Computer Networks Comer, Chapter 19: Binding Protocol Addresses (ARP)

Similar presentations

Ads by Google