lecture11-accountability

lecture11-accountability - 2/17/09 Lecture 11...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
2/17/09 1 1 Lecture 11 Accountability Adrian Perrig 18-731: Network Security Spring 2009 2 Overview Administrative issues Homework 1 due now Miniproject 1 out today Research project update Hash visualization user study
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2/17/09 2 3 Levels of Accountability Accountability at what level? End host Originating domain Originating ISP Forwarding ISP Accountability for what? Data origination Correctness of forwarding Absence of delay, dropping, etc. What security approach does accountability belong to? 4 Accountability as a Service Paper by Bender, Spring, Levin, Bhattacharjee Published at SRUTI 2007
Background image of page 2
2/17/09 3 5 Goals of Proposed Approach Provide accountability for originating traffic Identify the source to enable filtering of unwanted traffic Provide limited sender anonymity Multiple identities provide unlinkability across multiple destinations Problems with this approach? Non-repudiation of data origin 6 Architecture Independent, trusted Accountability Service Services provided Issues identities to clients Vouches for traffic of its clients Block unwanted traffic when victim reports abuse Only discloses identities in case of severe, proven abuse, legal action, etc. Provide funds to victims out of clients’ funded escrowed deposit
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2/17/09 4 7 Straw-man Protocol Client obtains certificate from CA and signs every packet Assume CA’s public key K CA is well known Client C’s certificate: {C, K C } K CA -1 C D: M, {C, K C } K CA -1 , {H(M)} K C -1 Result: all routers and destination can verify origin of message M Strong property: provides non-repudiation for every message 8 More Efficient Protocol Leverage packet passports, which is an approach where any ISP can verify previous ISPs Global Diffie-Hellman public-key certificates enables pair-wise key establishment without communication Assumption: ISPs and clients own certificates of their Diffie-Hellman public keys: {C, g c } K CA -1 Approach First ISP authenticates packet, inserts authenticators for each subsequent ISP on path Subsequent ISPs authenticate first ISP Destination authenticates source of packet
Background image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/31/2009 for the course ECE 18731 taught by Professor Perrig during the Spring '08 term at Carnegie Mellon.

Page1 / 12

lecture11-accountability - 2/17/09 Lecture 11...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online