Upload
andra-gallagher
View
219
Download
0
Embed Size (px)
DESCRIPTION
Related Work Explicit blocking of unsolicited traffic Implicit blocking of unsolicited traffic Stepping stone detection Approaches to stop spoofed source addresses in 3/09/09 Speaker : Yun Liaw 2
Citation preview
Adam Bender, Neil SpringDave Levin, Bobby BhattacharjeeUniversity of Maryland, College
ParkIn Proc. USENIX SRUTI, 2007
Speaker: Yun Liaw
Accountability as a Service
IntroductionThe purpose of accountability: To blame
the miscreants, and let everyone else beSpoofed IP – Both IP address and ISP are
not reliableAccountability Service Provider
To “vouch for” sending traffic generated by endpoints
Separate accountability from addressing and routing
3/09/09Speaker : Yun Liaw2
Related WorkExplicit blocking of unsolicited traffic
Implicit blocking of unsolicited traffic
Stepping stone detectionApproaches to stop spoofed source addresses in e-mail
3/09/09Speaker : Yun Liaw3
The Accountability ServiceThe role of an accountability service
To provide authenticated clients with identifiers that can be used to mark packets accountable
Other clients of the service can block unwanted traffic, and report malicious packets to the service
Accountability services may differentiate from each other by how much anonymity or accountability level they provide and what the require from their clients
3/09/09Speaker : Yun Liaw4
The Accountability ServiceHold identities in escrow and reveals in
case of severe proven abusevouch for the traffic of its clientAccountability identifiers are independent
of destinationAccountability identifiers are proxiableReceivers specify what accountability
service they acceptA victim can ask the network to filter
traffic that has specific identifier3/09/09Speaker : Yun Liaw5
Design:Straw-man ProtocolSigning Every PacketsEvery router on the forwarding path can
check the certificate, but it is expensive
3/09/09Speaker : Yun Liaw6
Service
Provider (A)
Sender(S)
Receiver(R)
Keypair:
(S pub,
S priv)
cert s =
{S,
S pub}A privpkt, certs
{pkt}Spriv
Prove Sender himself
Design:An Efficient protocolSender S, receiver R agree to use accountability
service AEach client C of A has a private key c, public key
gc and certification certc = {C, Cpub}AprivUse Diffie-Hellman to create shared key
S and R: (gs)r = (gr)s
S and S’s ISP, P1: ks = (gP1)s = (gs)P1 Outgoing packets from S:
certstimestampa hash hR = hash(pkt, timestamp, certs, gsr)a hash h1 = hash(pkt, timestamp, certs, ks)
3/09/09Speaker : Yun Liaw7
Design:An Efficient protocol
3/09/09Speaker : Yun Liaw8
P1 can cache certs and ks for fast verificationP1 is expected to check certs, timestamp, and h1
Non-checking origination ISP identificationLet P1 insert into each packet from S to R Pi’s AS
number and hi = hash(pkt,timestamp, certs, ki)If R receives a invalid certification packet, R can
show this hashed-by-P1 packet and certs to any Pi along the path, thereby proving that P1 did not check the certification
“First-hop accountability service ISP”R can ask its ISP Pn to block traffic from certs on its
behalf
Design:An Efficient protocol
Does not provide non-repudiation property
3/09/09Speaker : Yun Liaw9
Discussions and CommentsAccountability services can help ISPs to
filter unwanted trafficCentralized and trusted authority would
limit the scalabilityAccountability should be held by people,
while machines are neutralBots and zombies
The cost of accountability serviceWhat is the value and profit that
accountability service would bring to us? Is it worth deploying?
3/09/09Speaker : Yun Liaw10