Paper review : Hash-Based IP Traceback (SPSJ+01)
Reviewer : Hai Fang (hfang@acm.org)
- Goal
To provide a seperated trackback facility for the vulnerable Internet.
- Contribution
The paper presents a hash-based technique for IP traceback the origin of a single
IP packet. fd
- Main ideas
- Packet digesting makes reconstruction of attack path feasible (give a controlable number
of false positives); it is space-efficient
and will not endanger the Internet privacy.
- The Source Path Isolation Engine(SPIE) built on this technique is efficient and scalable
in current or next-generation routing hardware.
- Evaluation
- Significance rating: 3
This paper gives a good design which combines the hashing and the fingerprint techniques.
It makes the traceback technique be possible to be implemented into the practical hardware.
- Convincing rating
The authors present both analytic and simulation results to show the system's effectiveness.
However, the analysis and simulation are did along the way of the earlier works in this area.
- Limitation
The role of the end-host in the SPIE architecture seems more important than it should be.
The ideal method should detect the offensive packets during the transmission instead of ask
the end-host to provide the candidates. I suspect that when the end-host was attacked by
the packet-flood, can it still send out the trackback request?
Although packet digest is more space-efficient than the earlier techniques, the routers still
need to provide a large amount of space for storing the data. If the end-host cannot find the
offensive packets as soon as possible, it is hard to trace them a long while after the attack.
- Conclusion
Although it is ostensible that traceback is a pragmatic problem which maybe solved by some
ad-hoc techniques, this problem has a closed relation with the mathematical techniques, e.g.
hashing and fingerprint, especially when the space is limited.
11/12/01