Review of "Privacy-preserving network forensics" by Afanasyev M., Kohno T., Ma J., Murphy N., Savage S., Snoeren A., and Voelker G.

The Internet offers users some anonymity; at the network level, an Internet protocol (IP) address is only loosely associated with a device, and is not associated with a person. This article proposes the use of group signatures to bind the identity of the device responsible for sending a packet with the contents of the packet. The group signature allows anyone to check that the signature is valid, but requires a number of cooperating group members to reveal the identity of the device from a signed packet. The authors suggest that manufacturers might include a unique device ID in their products, which could then be linked to the owner via purchase and maintenance records. The article discusses some of the privacy issues, but does not consider the possible actions of a motivated offender. For example, an offender could hijack a computer and easily send IP packets from a machine that he controls, but that he does not own. In addition, laptops are already among the most coveted items for thieves. A clean device ID would make a laptop an even more attractive target. Finally, the billions of PCs, PDAs, and smartphones in use without device IDs would be preferred tools for offenders. The clever technology proposed by Afanasyev et al. may help to trace back IP packets in some cases, but it is questionable whether the benefits outweigh the disadvantages.