skip to main content
research-article
Free access

Privacy-preserving network forensics

Published: 01 May 2011 Publication History

Abstract

Privacy-preserving attribution of IP packets can help balance forensics with an individual's right to privacy.

References

[1]
Andersen, D., Balakrishnan, H., Feamster, N., Koponen, T., Moon, D., and Shenker, S. Accountable Internet Protocol. In Proceedings of the ACM SIGCOMM Conference (Seattle, Aug. 19--21). ACM Press, New York, 339--350.
[2]
Ateniese, G., Tsudik, G., and Song, D. Quasi-efficient revocation of group signatures. In Financial Cryptography, M. Blaze, Ed. (Southampton, Bermuda, Mar. 11--14). Springer-Verlag, Berlin, 2002, 183--197.
[3]
Aucsmith, D. The digital crime scene: A software prospective. In Proceedings of the CyberCrime and Digital Law Enforcement Conference (New Haven, CT, Mar. 26--28, 2004).
[4]
Baric, N. and Pfitzmann, B. Collision-free accumulators and fail-stop signature schemes without trees. In Advances in Cryptology EUROCRYPT '97, W. Fumy, Ed. (Konstanz, Germany, May 11--15). Springer-Verlag, Berlin, 1997, 480--494.
[5]
Bellare, M., Micciancio, D., and Warinschi, B. Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions. In Advances in Cryptology EUROCRYPT '03, E. Biham, Ed. (Warsaw, May 4--8). Springer-Verlag, Berlin, 2003, 614--629.
[6]
Bellare, M. and Rogaway, P. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the ACM Conference on Computer and Communications Security (Fairfax, VA, Nov. 3--5). ACM Press, New York, 1993, 62--73.
[7]
Bellovin, S.M. Security problems in the TCP/IP protocol suite. ACM SIGCOMM Computer Communication Review 19, 2 (Apr. 1989), 32--48.
[8]
Boneh, D., Boyen, X., and Shacham, H. Short group signatures. In Advances in Cryptology CRYPTO 2004, M. Franklin, Ed. (Santa Barbara, CA, Aug. 15--19). Springer-Verlag, Berlin, 2004, 41--55.
[9]
Camenisch, J. and Lysyanskaya, A. Dynamic accumulators and applications to efficient revocation of anonymous credentials. In Advances in Cryptology CRYPTO 2002, M. Yung, Ed. (Santa Barbara, CA, Aug. 18--2). Sringer-Verlag, Berlin, Germany, 2002, 61--76.
[10]
Carson, M. and Santay, D. NIST Net: A Linux-based network-emulation tool. ACM SIGCOMM Computer Communication Review 33, 3 (July 2003), 111--126.
[11]
Chaum, D. and van Heyst, E. Group signatures. In Advances in Cryptology EUROCRYPT '91, D.W. Davies, Ed. (Santa Barbara, CA, Apr. 8--11). Springer-Verlag, Berlin, 1991, 257--265.
[12]
International Telecommunications Union. Traceback Use Cases and Requirements; http://politechbot.com/docs/itu.traceback.use.cases.requirements.091108.txt
[13]
Kohler, E., Morris, R., Chen, B., Jannotti, J., and Kaashoek, M.F. The Click modular router. ACM Transactions on Computer Systems 18, 3 (Aug. 2000), 263--297.
[14]
Liu, X., Yang, X., Weatherall, D., and Anderson, T. Efficient and secure source authentication with packet passports. In Proceedings of the Second Workshop on Steps to Reducing Unwanted Traffic on the Internet (San Jose, CA, July 7). USENIX, Berkeley, CA, 2006.
[15]
Lynn, B. Pairing-Based Cryptography Library. Stanford University, Palo Alto, CA, 2006; http://crypto.stanford.edu/pbc/
[16]
Moore, D., Voelker, G.M., and Savage, S. Inferring Internet denial of service activity. In Proceedings of the USENIX Security Symposium (Washington, D.C., Aug. 13--17). USENIX, Berkeley, CA, 2001, 9--22.
[17]
Savage, S., Wetherall, D., Karlin, A.R., and Anderson, T. Practical network support for IP traceback. In Proceedings of the ACM SIGCOMM Conference (Stockholm, Aug. 28--Sept. 1), ACM Press, New York, 2000, 295--306.
[18]
Shalunov, S. TCP Over WAN Performance Tuning and Troubleshooting, 2005; http://shlang.com/writing/tcp-perf.html
[19]
Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Schwartz, B., Kent, S.T., and Strayer, W.T. Single-packet IP traceback. IEEE/ACM Transactions on Networking 10, 6 (Dec. 2002), 721--734.
[20]
Zhang, Y. and Paxson, V. Detecting stepping stones. In Proceedings of the USENIX Security Symposium (Denver, Aug. 14--17). USENIX, Berkeley, CA, 2000, 171--184.

Cited By

View all
  • (2023)A Comprehensive Survey on Artifact Recovery from Social Media Platforms: Approaches and Future Research DirectionsInformation10.3390/info1412062914:12(629)Online publication date: 24-Nov-2023
  • (2022)Internet of Things Security and Forensics: Concern and Challenges for Inspecting Cyber Attacks2022 Second International Conference on Next Generation Intelligent Systems (ICNGIS)10.1109/ICNGIS54955.2022.10079829(1-6)Online publication date: 29-Jul-2022
  • (2022)Network Forensics in the Era of Artificial IntelligenceExplainable Artificial Intelligence for Cyber Security10.1007/978-3-030-96630-0_8(171-190)Online publication date: 19-Apr-2022
  • Show More Cited By

Recommendations

Reviews

Pieter Hartel

The Internet offers users some anonymity; at the network level, an Internet protocol (IP) address is only loosely associated with a device, and is not associated with a person. This article proposes the use of group signatures to bind the identity of the device responsible for sending a packet with the contents of the packet. The group signature allows anyone to check that the signature is valid, but requires a number of cooperating group members to reveal the identity of the device from a signed packet. The authors suggest that manufacturers might include a unique device ID in their products, which could then be linked to the owner via purchase and maintenance records. The article discusses some of the privacy issues, but does not consider the possible actions of a motivated offender. For example, an offender could hijack a computer and easily send IP packets from a machine that he controls, but that he does not own. In addition, laptops are already among the most coveted items for thieves. A clean device ID would make a laptop an even more attractive target. Finally, the billions of PCs, PDAs, and smartphones in use without device IDs would be preferred tools for offenders. The clever technology proposed by Afanasyev et al. may help to trace back IP packets in some cases, but it is questionable whether the benefits outweigh the disadvantages. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

cover image Communications of the ACM
Communications of the ACM  Volume 54, Issue 5
May 2011
134 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/1941487
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 May 2011
Published in CACM Volume 54, Issue 5

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Popular
  • Refereed

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)418
  • Downloads (Last 6 weeks)75
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)A Comprehensive Survey on Artifact Recovery from Social Media Platforms: Approaches and Future Research DirectionsInformation10.3390/info1412062914:12(629)Online publication date: 24-Nov-2023
  • (2022)Internet of Things Security and Forensics: Concern and Challenges for Inspecting Cyber Attacks2022 Second International Conference on Next Generation Intelligent Systems (ICNGIS)10.1109/ICNGIS54955.2022.10079829(1-6)Online publication date: 29-Jul-2022
  • (2022)Network Forensics in the Era of Artificial IntelligenceExplainable Artificial Intelligence for Cyber Security10.1007/978-3-030-96630-0_8(171-190)Online publication date: 19-Apr-2022
  • (2021)IoT ForensicsSecurity of Ubiquitous Computing Systems10.1007/978-3-030-10591-4_13(215-229)Online publication date: 15-Jan-2021
  • (2020)Packet analysis for network forensics: A comprehensive surveyForensic Science International: Digital Investigation10.1016/j.fsidi.2019.20089232(200892)Online publication date: Mar-2020
  • (2020)Privacy Preserving Threat Hunting in Smart Home EnvironmentsAdvances in Cyber Security10.1007/978-981-15-2693-0_8(104-120)Online publication date: 17-Jan-2020
  • (2019)Digesting Network Traffic for Forensic Investigation Using Digital Signal Processing TechniquesIEEE Transactions on Information Forensics and Security10.1109/TIFS.2019.291519014:12(3312-3321)Online publication date: 1-Dec-2019
  • (2019)A privacy preserved and credible network protocolJournal of Parallel and Distributed Computing10.1016/j.jpdc.2019.06.002132:C(150-159)Online publication date: 1-Oct-2019
  • (2018)IoT-Forensics Meets Privacy: Towards Cooperative Digital InvestigationsSensors10.3390/s1802049218:2(492)Online publication date: 7-Feb-2018
  • (2018)An Effective Payload Attribution Scheme for Cybercriminal Detection Using Compressed Bitmap Index Tables and Traffic DownsamplingIEEE Transactions on Information Forensics and Security10.1109/TIFS.2017.276901813:4(850-860)Online publication date: Apr-2018
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Full Access

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media