Michael T. Goodrich
ABSTRACT
We present a new approach to IP traceback based on the probabilistic packet marking paradigm. Our approach, which we call randomize-and-link, uses large checksum cords to "link" message fragments in a way that is highly scalable, for the checksums serve both as associative addresses and data integrity verifiers. The main advantage of these checksum cords is that they spread the addresses of possible router messages across a spectrum that is too large for the attacker to easily create messages that collide with legitimate messages. Our methods therefore scale to attack trees containing hundreds of routers and do not require that a victim know the topology of the attack tree a priori. In addition, by utilizing authenticated dictionaries in a novel way, our methods do not require routers sign any setup messages individually.
- M. Adler. Tradeoffs in probabilistic packet marking for IP traceback. In 34th ACM Symposium Theory of Computing (STOC), 2002. Google Scholar
Digital Library
- A. Anagnostopoulos, M. T. Goodrich, and R. Tamassia. Persistent authenticated dictionaries and their applications. In Information Security Conference (ISC 2001), LNCS 2200, 379--393, 2001. Google ScholarDigital Library
- T. Baba and S. Matsuda. Tracing network attacks to their sources. IEEE Internet Computing, 6(2):20--26, 2002. Google ScholarDigital Library
- S. M. Bellovin. ICMP traceback messages. In Work in Progress, Internet Draft draft-bellovin-itrace-00.txt, March 2000.Google Scholar
- H. Burch and B. Cheswick. Tracing anonymous packets to their approximate source. In Usenix LISA (New Orleans) Conference, 313--322, 2000. Google ScholarDigital Library
- R. Cohen, M. T. Goodrich, R. Tamassia, and N. Triandopoulos. Authenticated data structures for graph and geometric searching. Technical report, Brown University, 2001.Google Scholar
- D. Dean, M. Franklin, and A. Stubblefield. An algebraic approach to IP traceback. In Network and Distributed System Security Symposium (NDSS), 3--12, 2001.Google Scholar
- P. Devanbu, M. Gertz, C. Martel, and S. Stubblebine. Authentic third-party data publication. In Fourteenth IFIP 11.3 Conference on Database Security, 2000. Google ScholarDigital Library
- M. T. Goodrich, R. Tamassia, and A. Schwerin. Implementation of an authenticated dictionary with skip lists and commutative hashing. In 2001 DARPA Information Survivability Conference and Exposition, vol. 2, 68--82, 2001.Google ScholarCross Ref
- J. Ioannidis and S. M. Bellovin. Implementing pushback: Router-based defense against DDoS attacks. In Network and Distributed System Security Symposium. The Internet Society, 2002.Google Scholar
- D. E. Knuth. Fundamental Algorithms, vol. 1 of The Art of Computer Programming. Addison-Wesley, Reading, MA, 2nd edition, 1973. Google ScholarDigital Library
- L. Lamport. Password authentication with insecure communication. Communications of the ACM, 24(11):770--772, 1981. Google ScholarDigital Library
- D. Moore, G. Voelker, and S. Savage. Inferring internet denial-of-service activity. In Usenix Security Symposium, 2001. Google ScholarDigital Library
- R. Motwani and P. Raghavan. Randomized Algorithms. Cambridge University Press, New York, NY, 1995. Google ScholarDigital Library
- M. Naor and K. Nissim. Certificate revocation and certificate update. In 7th USENIX Security Symposium (SECURITY-98), 217--228, Berkeley, 1998. Google ScholarDigital Library
- K. Park and H. Lee. The effectiveness of probabilistic packet marking for IP traceback under denial of service attack, 2000.Google Scholar
- V. Paxson. An analysis of using reflectors for distributed denial-of-service attacks. ACM Computer Communications Review (CCR), 31(3), July 2001. Google ScholarDigital Library
- J. Postel. Internet protocol, 1981.Google Scholar
- S. Savage, D. Wetherall, A. R. Karlin, and T. Anderson. Practical network support for IP traceback. In SIGCOMM, 295--306, 2000. Google ScholarDigital Library
- A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, S. T. Kent, and W. T. Strayer. Hash-based IP traceback. In ACM SIGCOMM 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, 2001. Google ScholarDigital Library
- D. Song and A. Perrig. Advanced and authenticated marking schemes for IP traceback. In IEEE Infocomm, 2001.Google Scholar
- R. Stone. Centertrack: An IP overlay network for tracking DoS floods. In 9th USENIX Security Symposium, August 2000. Google ScholarDigital Library
Index Terms
- Efficient packet marking for large-scale IP traceback
Recommendations
Dynamic probabilistic packet marking for efficient IP traceback
Recently, denial-of-service (DoS) attack has become a pressing problem due to the lack of an efficient method to locate the real attackers and ease of launching an attack with readily available source codes on the Internet. Traceback is a subtle scheme ...
Probabilistic packet marking for large-scale IP traceback
This paper presents an approach to IP traceback based on the probabilistic packet marking paradigm. Our approach, which we call randomize-and-link, uses large checksum cords to "link" message fragments in a way that is highly scalable, for the checksums ...
A secure packet marking scheme for IP traceback in IPv6
ICACCI '12: Proceedings of the International Conference on Advances in Computing, Communications and InformaticsThe growing threat of cyber attacks, especially the DDoS (Distributed Denial of Service Attack) makes the IP Traceback very much prevalent to today's Internet security. IP Traceback is one of the security concerns that is associated with finding out the ...
Comments