Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Single Packet IP Traceback Mechanism to Identify the Source Zeeshan Shafi Khan, Nabila Akram, Khaled Alghathbar, Muhammad She, Rashid Mehmood Center.

Published byChloe Rodgers Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Single Packet IP Traceback Mechanism to Identify the Source Zeeshan Shafi Khan, Nabila Akram, Khaled Alghathbar, Muhammad She, Rashid Mehmood Center."— Presentation transcript:

1 Secure Single Packet IP Traceback Mechanism to Identify the Source Zeeshan Shafi Khan, Nabila Akram, Khaled Alghathbar, Muhammad She, Rashid Mehmood Center of Excellence in Information Assurance, King Saud University, KSA Department of Computer Science, International Islamic University, Islamabad, PAKISTAN Information Systems Department, College of Computer and Information Sciences, King Saud University, KSA Internet Technology and Secured Transactions (ICITST), 2010 International Conference Advisor : I-Long Lin, Han-Chieh Chao Student : Shih-Hao Peng Date : 2011/05/24

2 Outline Abstract Introduction Related Work Problem Definition Proposed Solution Validation and Comparison Conclusion 2

3 Abstract Most of the attacks on networks are launched through spoofed IP addresses The researchers introduce a technique to identify the origin of the spoofed user Many traceback techniques are introduced but all have few drawbacks – Load – Delay – Implantation on all the routers of the world 3

4 Abstract(Cont.) All the existing IP traceback techniques require an efficient marking technique A new single packet IP traceback technique to identify the source of the packet is introduced in this paper This technique reduces the network delay and does not require any marking technique 4

5 Introduction Spoofing can be blind or non blind Blind : attacker sends several packets to the targeted user with sample sequence number Non blind : during transformation of data between host and server, attackers corrupt the data stream and re- establish the new connection itself Spoofing attacks can be mitigated by implementing Ingress and Egress filtering on border routers 5

6 Introduction(Cont.) To block private IP addresses on upstream routers implement ACL(Access Control List) This will prevent someone from sending spoofed traffic to the internet Spoofing threats also can be removed by implementing encryption and authentication 6

7 Related Work Abraham Yaar et al. proposed a Path Identification (PI) mechanism, helps to identify the source of attack packets When packet reaches to a router, every router marks its information in identification field of IP header All the routers try to identify the mark in the identification field To increase the performance of PI several methods are used: IP address hashing, node omission and edge marking 7

8 Related Work(Cont.) Amit et al presented Speedy IP Traceback (SIPT) approach in which MAC address of the attacker and IP Address of the boundary router is used to identify and traceback the attacker When a packet reaches at the gateway, the gateway router converts the 48 bit MAC address of the user and 32 bits of its own IP address into total 16 bits It adds these 16 bits into the identification field of the IP header 8

9 Problem Definition A few techniques require implementation on all the routers of the world – It is not practical to implement the solution on all the routers of the world – it is implemented then involvement of the every intermediate router will results in higher network delay Authors are making the SIPT technique as the base to formulate our problem, because it is the latest available IP traceback technique 9

10 Problem Definition(Cont.) SIPT has lot of limitations – It requires a marking technique that on one side marks the 80 bits into 16 bits and on the other side regenerate the 80 bits from these 16 bits – It communicates the MAC address of the user, which is the private property of the user so it compromise on the privacy issues – It encourages the reflected attacks A receiver may put a false claim that a user with a particular MAC address tries to launch an attack on it 10

11 Problem Definition(Cont.) SIPT approach 11

12 Proposed Solution Authors proposed a new IP traceback technique which works on single packet IP traceback – It requires only one packet to start the traceback procedure – It eliminates the need of any marking technique Authors proposed solution will not share the MAC address of a user with others The propose solution will be implemented on the ISP routers Authors will allocate a 16 bit Identity to all the ISPs of the world 12

13 Proposed Solution(Cont.) According to authors survey currently there are 13,000 ISPs in the world Whenever a packet reaches at the ISP gateway it adds its 16 bit identity in the field and keeps the log on the basis of the MAC address of the users When this message arrives at the ISP gateway of the receiver, the receiver ISP removes the 16 bit Identity of the sender's ISP and makes its own log file The information of the ISP's Identity remains only between the ISPs 13

14 Proposed Solution(Cont.) If a receiver detects an attack, it sends a complaint to its ISP The receiver's ISP checks its log and find out the ISP of that particular IP address After finding out the ISP identity, the victim ISP consults the Identity list to find the IP address of that ISP it forwards the complaint to attacker's ISP Upon receiving the complaint the attacker's ISP find out the MAC address of the attacker from its log file and penalize the attacker 14

15 Proposed Solution(Cont.) Since victim submits an attack complaint to its ISP so the ISP gateway inspects the complaint before forwarding it to the attacker's gateway The victim's gateway consults its log file to verify that whether really attack is launched from this IP address at the specified time or the victim is launching a false complaint 15

16 Proposed Solution(Cont.) ISP Identity Based Traceback 16

17 Validation and Comparison Authors compare it with the two most important and efficient traceback techniques – Path Identification(PI) – Speedy IP Traceback(SIPT) Authors divide their validation phase into two different mechanisms named as Fixed and Intelligent Fixed Mechanism : User is in learning phase and it is fixed that which one is an attack packet and which one is legitimate 17

18 Validation and Comparison(Cont.) Intelligent Mechanism : As soon as ISP receives the attack complaint from any of its user it first checks its log to decide whether the complaint is genuine or it is a false complaint Author’s proposed solution in doesn't matter that what type of topology network have Author’s solution is independent from network topology because intermediate routers are not involved in it 18

19 Validation and Comparison(Cont.) False Claims 19

20 Validation and Comparison(Cont.) Authors measure the packet delay in case of our proposed solution and compare it with the existing solutions Average Delay 20

21 Conclusion The proposed IP traceback technique will require implementation on only the ISPs Single packet will ensure the accurate traceback Marking technique is no more required This paper purely focuses on IPv4, however how to implement this solution in IPv6 is still an open question Authors can use extension header for it but it will cost more 21

Download ppt "Secure Single Packet IP Traceback Mechanism to Identify the Source Zeeshan Shafi Khan, Nabila Akram, Khaled Alghathbar, Muhammad She, Rashid Mehmood Center."

Similar presentations

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,
Security Issues In Mobile IP

Security Issues In Mobile IP
IPSec.

IPSec.
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
NETWORK LAYER (1) T.Najah AlSubaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.

NETWORK LAYER (1) T.Najah AlSubaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.
Page 1 / 14 The Mesh Comparison PLANET’s Layer 3 MAP products v.s. 3 rd ’s Layer 2 Mesh.

Page 1 / 14 The Mesh Comparison PLANET’s Layer 3 MAP products v.s. 3 rd ’s Layer 2 Mesh.
IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.

IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.

Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.

Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.
© 2003 By Default! A Free sample background from www.powerpointbackgrounds.com Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,
IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.

IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.
Examining IP Header Fields

Examining IP Header Fields
Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring.

Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring.
Defense Against DDoS Presented by Zhanxiang for [Crab] Apr. 15, 2004.

Defense Against DDoS Presented by Zhanxiang for [Crab] Apr. 15, 2004.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Similar presentations

Ads by Google