Hash-Based IP Traceback
Reviewer: Jie Zhou
Motivated attacks are serious threat to the security of Internet. As a solution, IP traceback can make the attackers accountable. However, it is
difficult to identify the origin of an IP packet, due to the design of IP protocal. Because of the tremendous storage requirements and the increased
eavesdropping risks, developing a traceback system has long been viewed as impractical.
The paper presents a hash-based technique of IP traceback, which is effetive, space-efficient and implementable in current or next generation routing
hardware. The implementation of SPIE system shows that single packet tracing is feasible.
By storing packet digests instead of the actual packet contents, SPIE has low storage requirements and does not aid in eavesdropping.
SPIE is a complete and practical system.
I rate the paper at 4 (significant contribution), because of the implemented IP traceback system, which is very important for Internet security. The
authors give clear explanations and theoretical analysis, as well as simulation results. I feel it is convincing.
The packet digest is generated from the packet header and the first 8 bytes. The feasibility of their approach is based on the assumption that,
except certain fields, this part of packet will not be frequently modified. This assumption may be broken as the design of IP protocal develops. The
new IP protocal may use the first 8 bytes to store extended imformation, and modify them from time to time. In this case, the transformation process
in SPIE will happen frequently and cause serious storage burden.
To audit information, it is not necessary to store the whole content. Instead, we can compute and store the "digest", which can identify the original
imformation and needs only a small fraction of space.