Paper Review:
Hash-Based IP Traceback

Reviewer: Jie Zhou


Motivated attacks are serious threat to the security of Internet. As a solution, IP traceback can make the attackers accountable. However, it is difficult to identify the origin of an IP packet, due to the design of IP protocal. Because of the tremendous storage requirements and the increased eavesdropping risks, developing a traceback system has long been viewed as impractical.


The paper presents a hash-based technique of IP traceback, which is effetive, space-efficient and implementable in current or next generation routing hardware. The implementation of SPIE system shows that single packet tracing is feasible.

Main Ideas

  • By storing packet digests instead of the actual packet contents, SPIE has low storage requirements and does not aid in eavesdropping.
  • SPIE is a complete and practical system.


    I rate the paper at 4 (significant contribution), because of the implemented IP traceback system, which is very important for Internet security. The authors give clear explanations and theoretical analysis, as well as simulation results. I feel it is convincing.

  • The packet digest is generated from the packet header and the first 8 bytes. The feasibility of their approach is based on the assumption that, except certain fields, this part of packet will not be frequently modified. This assumption may be broken as the design of IP protocal develops. The new IP protocal may use the first 8 bytes to store extended imformation, and modify them from time to time. In this case, the transformation process in SPIE will happen frequently and cause serious storage burden.


    To audit information, it is not necessary to store the whole content. Instead, we can compute and store the "digest", which can identify the original imformation and needs only a small fraction of space.