TY - GEN
T1 - Security vulnerabilities and solutions for packet sampling
AU - Goldberg, Sharon
AU - Rexford, Jennifer L.
PY - 2007
Y1 - 2007
N2 - Packet sampling supports a range of Internet measurement applications including characterizing the spatial flow of traffic through a network for traffic engineering purposes, identifying the flows utilizing a link for billing purposes or for intrusion detection, and monitoring end-to-end data-path quality. However, packet-sampling mechanisms must be robust to adversarial hosts that craft packet streams that are disproportionately selected by a packet sampler. For example, a botnet flooding a network with packets in a denial-of-service attack, or a greedy customer trying to avoid being billed for network utilization, each have a strong incentive to craft packet streams that evade selection by the packet sampler. In this paper, we focus on securing the passive packet sampling mechanisms recommended by PSAMP (the IETF Packet Sampling working group [1]) against adversarial hosts. We show that (1) some of the packet sampling techniques suggested in current drafts of the PSAMP charter have security vulnerabilities, (2) secure uncoordinated sampling can be achieved using random sampling with a cryptographic random number generator, and (3) secure coordinated sampling requires a cryptographic pseudorandom function, keyed with a secret key that should be changed each time the sampler leaks information to the hosts.
AB - Packet sampling supports a range of Internet measurement applications including characterizing the spatial flow of traffic through a network for traffic engineering purposes, identifying the flows utilizing a link for billing purposes or for intrusion detection, and monitoring end-to-end data-path quality. However, packet-sampling mechanisms must be robust to adversarial hosts that craft packet streams that are disproportionately selected by a packet sampler. For example, a botnet flooding a network with packets in a denial-of-service attack, or a greedy customer trying to avoid being billed for network utilization, each have a strong incentive to craft packet streams that evade selection by the packet sampler. In this paper, we focus on securing the passive packet sampling mechanisms recommended by PSAMP (the IETF Packet Sampling working group [1]) against adversarial hosts. We show that (1) some of the packet sampling techniques suggested in current drafts of the PSAMP charter have security vulnerabilities, (2) secure uncoordinated sampling can be achieved using random sampling with a cryptographic random number generator, and (3) secure coordinated sampling requires a cryptographic pseudorandom function, keyed with a secret key that should be changed each time the sampler leaks information to the hosts.
UR - http://www.scopus.com/inward/record.url?scp=51849106463&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=51849106463&partnerID=8YFLogxK
U2 - 10.1109/SARNOF.2007.4567339
DO - 10.1109/SARNOF.2007.4567339
M3 - Conference contribution
AN - SCOPUS:51849106463
SN - 1424424836
SN - 9781424424832
T3 - 2007 IEEE Sarnoff Symposium, SARNOFF
BT - 2007 IEEE Sarnoff Symposium, SARNOFF
T2 - IEEE Sarnoff Symposium, SARNOFF 2007
Y2 - 30 April 2007 through 2 May 2007
ER -