Security vulnerabilities and solutions for packet sampling

Sharon Goldberg, Jennifer L. Rexford

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Scopus citations

Abstract

Packet sampling supports a range of Internet measurement applications including characterizing the spatial flow of traffic through a network for traffic engineering purposes, identifying the flows utilizing a link for billing purposes or for intrusion detection, and monitoring end-to-end data-path quality. However, packet-sampling mechanisms must be robust to adversarial hosts that craft packet streams that are disproportionately selected by a packet sampler. For example, a botnet flooding a network with packets in a denial-of-service attack, or a greedy customer trying to avoid being billed for network utilization, each have a strong incentive to craft packet streams that evade selection by the packet sampler. In this paper, we focus on securing the passive packet sampling mechanisms recommended by PSAMP (the IETF Packet Sampling working group [1]) against adversarial hosts. We show that (1) some of the packet sampling techniques suggested in current drafts of the PSAMP charter have security vulnerabilities, (2) secure uncoordinated sampling can be achieved using random sampling with a cryptographic random number generator, and (3) secure coordinated sampling requires a cryptographic pseudorandom function, keyed with a secret key that should be changed each time the sampler leaks information to the hosts.

Original languageEnglish (US)
Title of host publication2007 IEEE Sarnoff Symposium, SARNOFF
DOIs
StatePublished - 2007
EventIEEE Sarnoff Symposium, SARNOFF 2007 - Princeton, NJ, United States
Duration: Apr 30 2007May 2 2007

Publication series

Name2007 IEEE Sarnoff Symposium, SARNOFF

Other

OtherIEEE Sarnoff Symposium, SARNOFF 2007
Country/TerritoryUnited States
CityPrinceton, NJ
Period4/30/075/2/07

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems
  • Electrical and Electronic Engineering
  • Communication

Fingerprint

Dive into the research topics of 'Security vulnerabilities and solutions for packet sampling'. Together they form a unique fingerprint.

Cite this