Paper review:  Hash-Based IP Traceback  

Reviewer: Kevin Hofstra

1. How can we efficiently and reliably identify the originator of an IP packet?  What kind of implementation latency and storage requirements are we willing to sacrifice?  Can this be done locally or must the responsibility be distributed?
2. A proposal for Hash-based IP traceback.  Hash based makes the lookup very quick, and greatly reduces the storage requirements.

3.

A.         A traceback system should meet some certain conditions:

i.                     Packets can be addressed to any number of hosts.

ii.                   Packet size must not be increased.

iii.                  Traces are infrequent.

iv.                 End hosts do not need to have all the resources.

B.                 The ultimate goal is to find the originator of the packet.  In certain cases it is only reasonable to trace the packet back to the last misbehaving link.  Transformations that are performed due to valid processing can be mapped back to its originator, but transformation due to router error or malicious intent can only be traced back to the closest occurrences.

C.                 SPIE (Source Path Isolation Engine) can be considered a breakthrough.  Instead of keeping the entire packet which leads to storage and privacy problems, the routers audit the source addresses only.  This decreases the packet storage from very large packets to a 32-bit packet digest.  This also alleviates the problem of privacy since the packet information is not stored.

D.                 Bloom filters keep track of the packet digests.  It computes k distinct digests using a hashing function and uses the n bit results to index to a 2^n sized array.

3. Critique the main contribution
• Significance- 4  This paper is significant because it creates a method of ensuring accountability over the internet of packets on the individual level.  This is important because it allows us to punish end hosts that are causing a detriment to the network.  SPIE allows traceback of individual packets with an order of magnitude less storage and high reliability.
• Convincing-  1  Although they present many solutions in theory, most are impractical in implementation.  The routers that will perform the auditing may not find the traceback function worth the additional processing.  The system is dependant on all the others along the link to be doing its job properly which is likely to unreasonable in a heterogeneous environment like the internet.
4. System researchers and builders should recognize that although per packet accountability on the internet would lead to increased stability, it is dependant on everyone agreeing on its importance and helping each other to implement it.  Older routes may not have neither the processing capability nor the incentive to audit every packet.  In a system such as this, the traceback is only as good as its weakest link, which in the case of the internet may be completely unresponsive.  The problem of creating an environment with accountability when it was never intended may turn out to be unfeasible until every member of the network agrees on its importance.