research-article

Free access

Balancing accountability and privacy in the network

Authors:

Matthew K. Mukerjee,

Peter SteenkisteAuthors Info & Claims

SIGCOMM '14: Proceedings of the 2014 ACM conference on SIGCOMM

Pages 75 - 86

https://doi.org/10.1145/2619239.2626306

Published: 17 August 2014 Publication History

Abstract

Though most would agree that accountability and privacy are both valuable, today's Internet provides little support for either. Previous efforts have explored ways to offer stronger guarantees for one of the two, typically at the expense of the other; indeed, at first glance accountability and privacy appear mutually exclusive. At the center of the tussle is the source address: in an accountable Internet, source addresses undeniably link packets and senders so hosts can be punished for bad behavior. In a privacy-preserving Internet, source addresses are hidden as much as possible.

In this paper, we argue that a balance is possible. We introduce the Accountable and Private Internet Protocol (APIP), which splits source addresses into two separate fields --- an accountability address and a return address --- and introduces independent mechanisms for managing each. Accountability addresses, rather than pointing to hosts, point to accountability delegates, which agree to vouch for packets on their clients' behalves, taking appropriate action when misbehavior is reported. With accountability handled by delegates, senders are now free to mask their return addresses; we discuss a few techniques for doing so.

References

[1]

Mining Hardware Comparison. https://en.bitcoin.it/wiki/Mininghardwarecomparison.

[2]

University of Oregon Route Views Project. http://www.routeviews.org.

[3]

Wikipedia qatar ban 'temporary'. http://news.bbc.co.uk/2/hi/technology/6224677.stm, Jan. 2007.

[4]

D. G. Andersen, H. Balakrishnan, N. Feamster, et al. Accountable internet protocol (AIP). SIGCOMM '08, pages 339--350, New York, NY, USA, 2008. ACM.

Digital Library

[5]

K. J. Argyraki and D. R. Cheriton. Active internet traffic filtering: Real-time response to denial-of-service attacks. In USENIX Annual Technical Conference, General Track, pages 135--148, 2005.

Digital Library

[6]

T. Aura. Cryptographically Generated Addresses (CGA). RFC 3972 (Proposed Standard), Mar. 2005. Updated by RFCs 4581, 4982.

[7]

A. Bender, N. Spring, D. Levin, and B. Bhattacharjee. Accountability as a service. SRUTI, 7:1--6, 2007.

Digital Library

[8]

D. J. Bernstein, N. Duif, T. Lange, P. Schwabe, and B.-Y. Yang. High-speed high-security signatures. Journal of Cryptographic Engineering, 2(2):77--89, 2012.

[9]

M. B. Braun and J. Crowcroft. SNA: Sourceless Network Architecture. Technical Report UCAM-CL-TR-849, University of Cambridge, Computer Laboratory, Mar. 2014.

[10]

J. Camenisch and A. Lysyanskaya. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In Advances in Cryptology-EUROCRYPT 2001, pages 93--118. Springer, 2001.

[11]

C. Candolin and P. Nikander. IPv6 source addresses considered harmful. In NordSec '01, pages 54--68, 2001.

[12]

D. Chaum. Untraceable electronic mail, return address, and digital pseudonyms. Communications of the ACM, 24(2):84--88, 1981.

Digital Library

[13]

D. D. Clark, J. Wroclawski, K. R. Sollins, and R. Braden. Tussle in cyberspace: defining tomorrow's internet. SIGCOMM '02, pages 347--356, New York, NY, USA, 2002. ACM.

Digital Library

[14]

Z. Duan, X. Yuan, and J. Chandrashekar. Constructing inter-domain packet filters to control ip spoofing based on bgp updates. In INFOCOM, 2006.

[15]

D. Farinacci, V. Fuller, D. Meyer, and D. Lewis. The Locator/ID Separation Protocol (LISP). RFC 6830 (Experimental), Jan. 2013.

[16]

P. Ferguson and D. Senie. Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. RFC 2827 (Best Current Practice), May 2000. Updated by RFC 3704.

Digital Library

[17]

D. Han, A. Anand, F. Dogar, et al. XIA: efficient support for evolvable internetworking. NSDI'12, pages 23--23, Berkeley, CA, USA, 2012. USENIX Association.

Digital Library

[18]

D. Harkins and D. Carrel. The Internet Key Exchange (IKE). RFC 2409 (Proposed Standard), Nov. 1998. Obsoleted by RFC 4306, updated by RFC 4109.

Digital Library

[19]

H.-C. Hsiao, T.-J. Kim, A. Perrig, et al. Lap: Lightweight anonymity and privacy. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 506--520. IEEE, 2012.

Digital Library

[20]

V. Jacobson, D. K. Smetters, J. D. Thornton, et al. Networking named content. CoNEXT '09, pages 1--12, New York, NY, USA, 2009. ACM.

Digital Library

[21]

C. Jin, H. Wang, and K. G. Shin. Hop-count filtering: an effective defense against spoofed ddos traffic. In CCS '03, pages 30--41. ACM, 2003.

Digital Library

[22]

V. Ka e, K. Nakauchi, and M. Inoue. Generic identifiers for id/locator split internetworking. In K-INGN 2008., pages 299--306, 2008.

[23]

S. Kandula, D. Katabi, M. Jacob, and A. Berger. Botz-4-sale: Surviving organized ddos attacks that mimic ash crowds. In NSDI '05.

Digital Library

[24]

T. Killalea. Recommended Internet Service Provider Security Services and Procedures. RFC 3013 (Best Current Practice), Nov. 2000.

Digital Library

[25]

V. Liu, S. Han, A. Krishnamurthy, and T. Anderson. Tor instead of ip. In HotNets '11.

Digital Library

[26]

D. Meyer, L. Zhang, and K. Fall. Report from the IAB Workshop on Routing and Addressing. RFC 4984 (Informational), Sept. 2007.

[27]

R. Moskowitz and P. Nikander. Host Identity Protocol (HIP) Architecture. RFC 4423 (Informational), May 2006.

[28]

J. Naous, M. Walfish, A. Nicolosi, et al. Verifying and enforcing network paths with icing. CoNEXT '11, pages 30:1--30:12, New York, NY, USA, 2011. ACM.

Digital Library

[29]

K. Park and H. Lee. On the effectiveness of route-based packet filtering for distributed dos attack prevention in power-law internets. In SIGCOMM CCR, volume 31, pages 15--26. ACM, 2001.

Digital Library

[30]

B. Raghavan, T. Kohno, A. C. Snoeren, and D. Wetherall. Enlisting ISPs to improve online privacy: IP address mixing by default. PETS '09, pages 143--163, 2009.

Digital Library

[31]

M. G. Reed, P. F. Syverson, and D. M. Goldschlag. Anonymous connections and onion routing. IEEE Journal on Selected Areas in Communications, 1998.

Digital Library

[32]

M. K. Reiter and A. D. Rubin. Crowds: Anonymity for web transactions. TISSEC, 1(1):66--92, 1998.

Digital Library

[33]

E. J. Schwartz, D. Brumley, and J. M. McCune. A contractual anonymity system. In NDSS '10, 2010.

[34]

M. Shaw. Leveraging good intentions to reduce unwanted network traffic. In Proc. USENIX Steps to Reduce Unwanted Traffic on the Internet workshop, page 8, 2006.

Digital Library

[35]

P. Srisuresh and K. Egevang. Traditional IP Network Address Translator (Traditional NAT). RFC 3022 (Informational), Jan. 2001.

Digital Library

[36]

X. Yang, D. Wetherall, and T. Anderson. TVA: A DoS-limiting network architecture. Networking, IEEE/ACM Transactions on, 16(6):1267--1280, 2008.

Digital Library

[37]

X. Zhang, H.-C. Hsiao, G. Hasker, et al. SCION: Scalability, control, and isolation on next-generation networks. In Security and Privacy 2011(SP), 2011 IEEE Symposium on, pages 212--227, 2011.

Digital Library

[38]

D. Zhou, B. Fan, H. Lim, M. Kaminsky, and D. G. Andersen. Scalable, high performance ethernet forwarding with cuckooswitch. CoNEXT '13, pages 97--108, New York, NY, USA, 2013. ACM.

Digital Library

Cited By

Niu CWu FTang SMa SChen G(2022)Toward Verifiable and Privacy Preserving Machine Learning PredictionIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.303559119:3(1703-1721)Online publication date: 1-May-2022
https://doi.org/10.1109/TDSC.2020.3035591
Li PSu JWang XXing Q(2021)DIIASecurity and Communication Networks10.1155/2021/19744932021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/1974493
Li YLi HLv ZYao XLi QWu JKim YKim JVigna GShi E(2021)Deterrence of Intelligent DDoS via Multi-Hop Traffic DivergenceProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484737(923-939)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484737
Show More Cited By

Index Terms

Balancing accountability and privacy in the network
1. Networks
  1. Network types
    1. Packet-switching networks

Recommendations

Balancing accountability and privacy in the network
SIGCOMM'14

Though most would agree that accountability and privacy are both valuable, today's Internet provides little support for either. Previous efforts have explored ways to offer stronger guarantees for one of the two, typically at the expense of the other; ...
Source Accountability with Domain-brokered Privacy
CoNEXT '16: Proceedings of the 12th International on Conference on emerging Networking EXperiments and Technologies

In an ideal Internet, every packet would be attributable to its sender, while host identities and transmitted content would remain private. Designing such a network is challenging because source accountability and communication privacy are typically ...
POSTER: Preserving privacy and accountability for personal devices
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Using personal mobile devices for work gave rise to a trend called "bring your own device", or BYOD. BYOD brings a productivity boost for employees, but also headaches for employers: on the one hand, the business has a legitimate interest in monitoring ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGCOMM '14: Proceedings of the 2014 ACM conference on SIGCOMM

August 2014

662 pages

ISBN:9781450328364

DOI:10.1145/2619239

General Chairs:
Fabián E. Bustamante
Northwestern University, USA
,
Y. Charlie Hu
Purdue University, USA
,
Program Chairs:
Arvind Krishnamurthy
University of Washington, USA
,
Sylvia Ratnasamy
University of California, Berkeley, USA

ACM SIGCOMM Computer Communication Review Volume 44, Issue 4
SIGCOMM'14
October 2014
672 pages
ISSN:0146-4833
DOI:10.1145/2740070
Editors:
Konstantina Papagiannaki
Telefonica Research, Barcelona, Spain
,
Katerina Argyraki
EPFL, Switzerland
,
Hitesh Ballani
Microsoft Research Cambridge, UK
,
Fabián Bustamante
Northwestern University, USA
,
Joseph Camp
SMU, USA
,
Augustin Chaintreau
Columbia University, USA
,
Phillipa Gill
Stony Brook University, USA
,
Marco Mellia
Politecnico di Torino, Italy
,
Bhaskaran Raman
IIT Bombay, India
,
Joel Sommers
Colgate University, USA
,
Aline Carneiro Viana
INRIA, France
Issue’s Table of Contents

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

SIGCOMM'14

Sponsor:

SIGCOMM

SIGCOMM'14: ACM SIGCOMM 2014 Conference

August 17 - 22, 2014

Illinois, Chicago, USA

Acceptance Rates

SIGCOMM '14 Paper Acceptance Rate 45 of 242 submissions, 19%;

Overall Acceptance Rate 462 of 3,389 submissions, 14%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

30
Total Citations
View Citations
2,617
Total Downloads

Downloads (Last 12 months)143
Downloads (Last 6 weeks)26

Reflects downloads up to 28 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Niu CWu FTang SMa SChen G(2022)Toward Verifiable and Privacy Preserving Machine Learning PredictionIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.303559119:3(1703-1721)Online publication date: 1-May-2022
https://doi.org/10.1109/TDSC.2020.3035591
Li PSu JWang XXing Q(2021)DIIASecurity and Communication Networks10.1155/2021/19744932021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/1974493
Li YLi HLv ZYao XLi QWu JKim YKim JVigna GShi E(2021)Deterrence of Intelligent DDoS via Multi-Hop Traffic DivergenceProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484737(923-939)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484737
He LRen GLiu YYang J(2021)PAVI: Bootstrapping Accountability and Privacy to IPv6 InternetIEEE/ACM Transactions on Networking10.1109/TNET.2020.304766729:2(695-708)Online publication date: May-2021
https://doi.org/10.1109/TNET.2020.3047667
Xia YSu JChen RHuang X(2021)APGS: An Efficient Source-Accountable and Metadata-Private Protocol in the Network LayerIEEE Transactions on Information Forensics and Security10.1109/TIFS.2020.303229416(1245-1260)Online publication date: 2021
https://doi.org/10.1109/TIFS.2020.3032294
Ma YWu YGe JMa YWu YGe J(2020)A Flow-Based ArchitectureAccountability and Privacy in Network Security10.1007/978-981-15-6575-5_5(75-93)Online publication date: 16-Sep-2020
https://doi.org/10.1007/978-981-15-6575-5_5
Ma YWu YGe JMa YWu YGe J(2020)A Content-Based ArchitectureAccountability and Privacy in Network Security10.1007/978-981-15-6575-5_4(41-74)Online publication date: 16-Sep-2020
https://doi.org/10.1007/978-981-15-6575-5_4
Ma YWu YGe JMa YWu YGe J(2020)A Comprehensive SurveyAccountability and Privacy in Network Security10.1007/978-981-15-6575-5_2(11-25)Online publication date: 16-Sep-2020
https://doi.org/10.1007/978-981-15-6575-5_2
McCauley JHarchol YPanda ARaghavan BShenker SWu JHall W(2019)Enabling a permanent revolution in internet architectureProceedings of the ACM Special Interest Group on Data Communication10.1145/3341302.3342075(1-14)Online publication date: 19-Aug-2019
https://dl.acm.org/doi/10.1145/3341302.3342075
Pappas CLee TReischuk RSzalachowski PPerrig A(2019)Network Transparency for Better Internet SecurityIEEE/ACM Transactions on Networking10.1109/TNET.2019.293713227:5(2028-2042)Online publication date: 1-Oct-2019
https://dl.acm.org/doi/10.1109/TNET.2019.2937132
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten