Presentation is loading. Please wait.

Presentation is loading. Please wait.

Adam Bender, Neil Spring Dave Levin, Bobby Bhattacharjee University of Maryland, College Park In Proc. USENIX SRUTI, 2007 Speaker: Yun Liaw Accountability.

Published byAndra Gallagher Modified over 8 years ago

Similar presentations

Presentation on theme: "Adam Bender, Neil Spring Dave Levin, Bobby Bhattacharjee University of Maryland, College Park In Proc. USENIX SRUTI, 2007 Speaker: Yun Liaw Accountability."— Presentation transcript:

1 Adam Bender, Neil Spring Dave Levin, Bobby Bhattacharjee University of Maryland, College Park In Proc. USENIX SRUTI, 2007 Speaker: Yun Liaw Accountability as a Service

2 Introduction The purpose of accountability: To blame the miscreants, and let everyone else be Spoofed IP – Both IP address and ISP are not reliable Accountability Service Provider To “vouch for” sending traffic generated by endpoints Separate accountability from addressing and routing 3/09/09 Speaker : Yun Liaw 1

3 Related Work Explicit blocking of unsolicited traffic Implicit blocking of unsolicited traffic Stepping stone detection Approaches to stop spoofed source addresses in e-mail 3/09/09 Speaker : Yun Liaw 2

4 The Accountability Service The role of an accountability service To provide authenticated clients with identifiers that can be used to mark packets accountable Other clients of the service can block unwanted traffic, and report malicious packets to the service Accountability services may differentiate from each other by how much anonymity or accountability level they provide and what the require from their clients 3/09/09 Speaker : Yun Liaw 3

5 The Accountability Service Hold identities in escrow and reveals in case of severe proven abuse vouch for the traffic of its client Accountability identifiers are independent of destination Accountability identifiers are proxiable Receivers specify what accountability service they accept A victim can ask the network to filter traffic that has specific identifier 3/09/09 Speaker : Yun Liaw 4

6 Design: Straw-man Protocol Signing Every Packets Every router on the forwarding path can check the certificate, but it is expensive 3/09/09 Speaker : Yun Liaw 5 Service Provider (A) Sender (S) Receiver (R) Keypair: (S pub, S priv ) cert s = {S, S pub }A priv pkt, cert s {pkt}S priv Prove Sender himself

7 Design: An Efficient protocol Sender S, receiver R agree to use accountability service A Each client C of A has a private key c, public key g c and certification cert c = {C, C pub }A priv Use Diffie-Hellman to create shared key S and R: (g s ) r = (g r ) s S and S’s ISP, P 1 : k s = (g P 1 ) s = (g s ) P 1 Outgoing packets from S: cert s timestamp a hash h R = hash(pkt, timestamp, cert s, g sr ) a hash h 1 = hash(pkt, timestamp, cert s, k s ) 3/09/09 Speaker : Yun Liaw 6

8 Design: An Efficient protocol 3/09/09 Speaker : Yun Liaw 7 P 1 can cache cert s and k s for fast verification P 1 is expected to check cert s, timestamp, and h 1 Non-checking origination ISP identification Let P 1 insert into each packet from S to R P i ’s AS number and h i = hash(pkt,timestamp, cert s, k i ) If R receives a invalid certification packet, R can show this hashed-by-P 1 packet and cert s to any P i along the path, thereby proving that P 1 did not check the certification “First-hop accountability service ISP” R can ask its ISP P n to block traffic from cert s on its behalf

9 Design: An Efficient protocol Does not provide non-repudiation property 3/09/09 Speaker : Yun Liaw 8

10 Discussions and Comments Accountability services can help ISPs to filter unwanted traffic Centralized and trusted authority would limit the scalability Accountability should be held by people, while machines are neutral Bots and zombies The cost of accountability service What is the value and profit that accountability service would bring to us? Is it worth deploying? 3/09/09 Speaker : Yun Liaw 9

Download ppt "Adam Bender, Neil Spring Dave Levin, Bobby Bhattacharjee University of Maryland, College Park In Proc. USENIX SRUTI, 2007 Speaker: Yun Liaw Accountability."

Similar presentations

Network Support for Sharing. 2 CABO: Concurrent Architectures are Better than One No single set of protocols or functions –Different applications with.

Network Support for Sharing. 2 CABO: Concurrent Architectures are Better than One No single set of protocols or functions –Different applications with.
Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.

Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.
Shutup An E2E Approach to DoS Defense Paul Francis Saikat Guha Cornell.

Shutup An E2E Approach to DoS Defense Paul Francis Saikat Guha Cornell.
Leveraging Good Intentions to Reduce Unwanted Network Traffic Marianne Shaw (U. Washington) USENIX 2nd Workshop on Steps to Reducing Unwanted Traffic on.

Leveraging Good Intentions to Reduce Unwanted Network Traffic Marianne Shaw (U. Washington) USENIX 2nd Workshop on Steps to Reducing Unwanted Traffic on.
Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.

Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Access control for IP multicast T-110.557 Petri Jokela

Access control for IP multicast T Petri Jokela
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing emails are designed.

Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.

What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
IP: The Internet Protocol

IP: The Internet Protocol
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Panel: Current Research on Stopping Unwanted Traffic Vern Paxson, Stefan Savage, Helen J. Wang IAB Workshop on Unwanted Traffic March 10, 2006.

Panel: Current Research on Stopping Unwanted Traffic Vern Paxson, Stefan Savage, Helen J. Wang IAB Workshop on Unwanted Traffic March 10, 2006.
Rethink the design of the Internet CSCI 780, Fall 2005.

Rethink the design of the Internet CSCI 780, Fall 2005.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
CS335 Networking & Network Administration Tuesday, May 11, 2010.

CS335 Networking & Network Administration Tuesday, May 11, 2010.

Similar presentations

Ads by Google