Fabrice Tchakountio

Hash-based IP traceback

The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet. Even in the absence of any deliberate attempt to disguise a packets origin, wide-spread packet forwarding techniques such as NAT and encapsulation may obscure the packets true source. Techniques have been developed to determine the source of large packet flows, but, to date, no system has been presented to track individual packets in an efficient, scalable fashion.We present a hash-based technique for IP traceback that generates audit trails for traffic within the network, and can trace the origin of a single IP packet delivered by the network in the recent past. We demonstrate that the system is effective, space-efficient (requiring approximately 0.5% of the link capacity per unit time in storage), and implementable in current or next-generation routing hardware. We present both analytic and simulation results showing the systems effectiveness.

Single-packet IP traceback

The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet. Even in the absence of any deliberate attempt to disguise a packets origin, widespread packet forwarding techniques such as NAT and encapsulation may obscure the packets true source. Techniques have been developed to determine the source of large packet flows, but, to date, no system has been presented to track individual packets in an efficient, scalable fashion. We present a hash-based technique for IP traceback that generates audit trails for traffic within the network, and can trace the origin of a single IP packet delivered by the network in the recent past. We demonstrate that the system is effective, space efficient (requiring approximately 0.5% of the link capacity per unit time in storage), and implementable in current or next-generation routing hardware. We present both analytic and simulation results showing the systems effectiveness.

Hardware support for a hash-based IP traceback

The Source Path Isolation Engine (SPIE) is a system capable of tracing a single IP packet to its point of origin or point of ingress into a network. SPIE supports tracing by scoring a few bits of unique information about each packet for a period of time as the packets traverse the network. Software implementations of SPIE can trace packets through networks comprised of slow-to-medium speed routers (up to OC-12), but higher-speed routers (OC-48 and faster) require hardware support. In this paper, we discuss these hardware design aspects of SPIE. Most of the hardware resides in a self-contained SPIE processing unit, which may be implemented in a line card form factor for insertion into the router itself or as a stand-alone unit that connects to the router through an external interface.

Traceback of single IP packets using SPIE

The design of the Internet protocol makes it difficult to reliably identify the originator of an IP packet. IP traceback techniques have been developed to determine the source of large packet flows, but, to date, no system has been presented to track individual packets in an efficient, scalable fashion. We present SPIE, the Source Path Isolation Engine, a hash-based technique for IP traceback that generates audit trails for traffic within the network, and can trace the origin of a single IP packet delivered by the network in the recent past.

Channel Access over Path Segments for Ultra Low Latency MANETs

While the capacity of Mobile Ad Hoc Networks (MANETs) has received considerable attention, the issue of end-to-end latency has been largely ignored. As military MANETs get larger and denser with an increasing number of end-to-end hops, the latency and jitter experienced by packets will be prohibitively high for existing and emerging real-time applications. We present and study a novel mechanism called CAPS (Channel Access over Path Segments) for reducing end-to-end latency. The key idea behind CAPS is to reserve the floor multiple hops (a path segment) at a time. This is accomplished by using multi-hop RTS and CTS frames that acquire the access rights for an entire segment toward the destination, with virtual carrier sense acting on a path basis. Our architecture also includes a cut-through physical layer that pipelines a bit stream through the receive and transmit chains. We present a numerical analysis of the relative performance gain from our ideas, complemented by a simulation-based analysis. Our study shows that, depending upon the parameters used, a 3x to 8x reduction in latency over current systems is possible.

SPIE demonstration: single packet traceback

SPIE, the Source Path Isolation Engine, is a DARPA-funded system for tracing single IP packets back through a network of instrumented routers or tap boxes that are associated with the routers. Historically, tracing individual packets by keeping packet logs at each router has required prohibitive amounts of memory; one of SPIEs key innovations is to reduce the memory requirement (down to 0.5% of link capacity) by storing only packet digests, that is, hashes of the packets rather than the packet itself. SPIE-enhanced routers maintain a cache of packet digests for recently forwarded traffic. If a packet is determined to be offensive by an intrusion detection system (or judged interesting by some other metric), a query is dispatched to the SPIE system that, in turn, queries routers for packet digests of the relevant time periods. ne results of this query are used in a simulated reverse-path flooding algorithm to build a highly reliable and accurate attack graph that identifies the packets source or sources.