Paper review: < Hash-Based IP Traceback [SPSJ+01] >

Reviewer: <Ryan Gehl>

1. State the problem the paper is trying to solve.

The main problem this paper is trying to solve is that it is difficult to reliably identify the originator of an IP packet. This is important because reliably tracing individual packets back to their sources is the first step toward making attackers accountable for their actions.

2. State the main contribution of the paper: solving a new problem, proposing a new algorithm, or presenting a new evaluation (analysis). If a new problem, why was the problem important? Is the problem still important today? Will the problem be important tomorrow?  If a new algorithm or new evaluation (analysis), what are the improvements over previous algorithms or evaluations? How do they come up with the new algorithm or evaluation? 

The main contribution of this work is the presentation of a hash-based technique for IP traceback that generates audit trails for traffic within a network and can trace the origin of a single IP packet delivered by the network (as opposed to determining the source of a large flow).

3. Summarize the (at most) 3 key main ideas (each in 1 sentence.) 

(1) One of the key innovations of their Source Path Insolation Engine (SPIE) is the reduced memory requirement relative to other schemes (through the use of Bloom filters.
(2) SPIE does not increase a network's vulnerability to eavesdropping because only packet digests are stored, not the packets themselves.


4. Critique the main contribution
   • Rate the significance of the paper on a scale of 5 (breakthrough), 4 (significant contribution), 3 (modest contribution), 2 (incremental contribution), 1 (no contribution or negative contribution). Explain your rating in a sentence or two.

   I would rate this paper as a 4 because it presents a solution to the problem of tracing a single packet back to its source. The biggest advantages of this proposed system is that SPIE has low storage requirements and does not aid in easvesdropping.

   • Rate how convincing the methodology is: how do the authors justify the solution approach or evaluation? Do the authors use arguments, analyses, experiments, simulations, or a combination of them? Do the claims and conclusions follow from the arguments, analyses or experiments? Are the assumptions realistic (at the time of the research)? Are the assumptions still valid today? Are the experiments well designed? Are there different experiments that would be more convincing? Are there other alternatives the authors should have considered? (And, of course, is the paper free of methodological errors.)

   I felt like the authors were very effective in their description of this new and not clearly defined problem. To me, the assumptions made by the authors do seem realistic, although I'm interested in how traceback will be performed given that traceback will likely be requested when the network is unstable.

   • What is the most important limitation of the approach?

   The most important limitation to this approach is that traceback will often be requested precisely when the network is unstable. The authors suggest using an out-of-band channel or through either physically or logically separate links, which I think is a limiting assumption.

5. What lessons should researchers and builders take away from this work. What (if any) questions does this work leave open?

Difficult problems such as preventing and tracing attacks often do not have clean or easy solutions. However, it is important to still attempt to tackle a small portion of the problem, laying the foundation for future work.