Fighting Cybercrime with Packet Attestation

IP source addresses are often the only initial lead when investigating cybercrime in the Internet. Unfortunately, source addresses are easily forged, which can protect the culprits and lead to false accusations. We describe a new method for packet attestation in the Internet. Packet attestation establishes whether or not a given IP packet was sent by a particular network subscriber. This capability allows network operators to verify the source of malicious traffic and to validate complaints, identity requests, and DMCA take-down notices against their clients. As a result, innocent users cannot be falsely accused, while the culprits no longer enjoy plausible deniability. Support for packet attestation can be deployed incrementally by ISPs, and requires no changes to end hosts or to the network core.

[1]  Ari Juels,et al.  $evwu Dfw , 1998 .

[2]  Michael O'Dell,et al.  GSE - An Alternate Addressing Architecture for IPv6 , 1997 .

[3]  Andreas Haeberlen,et al.  Pretty Good Packet Authentication , 2008, HotDep.

[4]  D. Clark Untangling Attribution , 2010 .

[5]  Matti Siekkinen,et al.  Performance Limitations of ADSL Users: A Case Study , 2007, PAM.

[6]  S. Landau,et al.  The problem isn't attribution: it's multi-stage attacks , 2010, ReARCH '10.

[7]  Xin Liu,et al.  Passport: Secure and Adoptable Source Authentication , 2008, NSDI.

[8]  Saikat Guha,et al.  ShutUp: End-to-End Containment of Unwanted Traffic , 2008 .

[9]  David R. Cheriton,et al.  Active Internet Traffic Filtering: Real-time Response to Denial of Service Attacks , 2003, ArXiv.

[10]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[11]  Martín Abadi,et al.  De-anonymizing the internet using unreliable IDs , 2009, SIGCOMM '09.

[12]  Marianne Shaw,et al.  Leveraging good intentions to reduce unwanted network traffic , 2006 .

[13]  Tadayoshi Kohno,et al.  Challenges and Directions for Monitoring P2P File Sharing Networks - or - Why My Printer Received a DMCA Takedown Notice , 2008, HotSec.

[14]  Xin Liu,et al.  NetFence: preventing internet denial of service from inside out , 2010, SIGCOMM '10.

[15]  Nick Feamster,et al.  Accountable internet protocol (aip) , 2008, SIGCOMM '08.

[16]  Justin Tung Ma,et al.  Learning to detect malicious URLs , 2011, TIST.

[17]  Nasir D. Memon,et al.  ForNet: A Distributed Forensics Network , 2003, MMM-ACNS.

[18]  Anja Feldmann,et al.  On dominant characteristics of residential broadband internet traffic , 2009, IMC '09.

[19]  Jun Li,et al.  Large-scale IP traceback in high-speed Internet: practical techniques and theoretical foundation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[20]  Dino Farinacci,et al.  The Locator/ID Separation Protocol (LISP) , 2009, RFC.

[21]  Bianca Schroeder,et al.  Disk Failures in the Real World: What Does an MTTF of 1, 000, 000 Hours Mean to You? , 2007, FAST.

[22]  Recommended Internet Service Provider Security Services and Procedures , 2000, RFC.

[23]  Mark Handley,et al.  An edge-to-edge filtering architecture against DoS , 2007, CCRV.

[24]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[25]  Hiroshi Esaki,et al.  Observing slow crustal movement in residential user traffic , 2008, CoNEXT '08.