Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues

Abstract : In the cyber world, the current state of the practice regarding the technical ability to track and trace Internet- based attacks is primitive at best. Sophisticated attacks can be almost impossible to trace to their true source using current practices. The anonymity enjoyed by today's cyber-attackers poses a grave threat to the global information society, the progress of an information-based international economy, and the advancement of global collaboration and cooperation in all areas of human endeavor. Part I of this report examines the current state of the Internet environment and the reasons why tracking and tracing cyber-attackers is so difficult. Part II examines some promising research on technical approaches that may greatly improve the ability to track and trace cyber-attackers to their source. Also discussed are some policy considerations with regard to privacy, information sharing, liability, and other policy issues that would be faced by the U. S. State Department in negotiating international agreements for cooperation and collaboration in the tracking and tracing of cyber-attacks. The report concludes with a closer look at technical and policy considerations for next-generation Internet protocols to enhance track and trace capabilities.

[1]  Jon Postel,et al.  Internet Control Message Protocol , 1981, RFC.

[2]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[3]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[4]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[5]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[6]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[7]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[8]  Wolfgang H. Reinicke Global Public Policy: Governing without Government? , 1998 .

[9]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[10]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[11]  David A. Fisher,et al.  Survivability—a new technical and business perspective on security , 1999, NSPW '99.

[12]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[13]  Catherine A. Meadows,et al.  A formal framework and evaluation method for network denial of service , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[14]  Sidnie Feit TCP/IP , 2000 .

[15]  Robert Stone,et al.  CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.

[16]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[17]  Catherine Meadows A Framework for Denial of Service Analysis , 2000 .

[18]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[19]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[20]  Yin Zhang,et al.  Detecting Stepping Stones , 2000, USENIX Security Symposium.

[21]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[22]  George M. Weaver,et al.  Trends in Denial of Service Attack Technology CERT ® Coordination Center , 2001 .

[23]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[24]  Craig Partridge,et al.  Hash-based IP traceback , 2001, SIGCOMM.

[25]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[26]  Christine E. Jones,et al.  Hash-based IP traceback , 2001, SIGCOMM '01.

[27]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[28]  Marcel Waldvogel,et al.  GOSSIB vs. IP traceback rumors , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[29]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[30]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[31]  M. Chadalapaka Network Working Group , 2002 .

[32]  Paul A. Karger,et al.  Thirty years later: lessons from the Multics security evaluation , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[33]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[34]  International Working Group on Data Protection in , 2022 .