Title :
A recursive session token protocol for use in computer forensics and TCP traceback
Author :
Carrier, Brian ; Shields, Clay
Author_Institution :
Center for Educ. & Res. in Inf. Assurance & Security, Purdue Univ., West Lafayette, IN, USA
Abstract :
We introduce a new protocol designed to assist in the forensic investigation of malicious network-based activity, specifically addressing the stepping-stone scenario in which an attacker uses a chain of connections through many hosts to hide his or her identity. Our protocol, the Session TOken Protocol (STOP), enhances the Identification Protocol (ident) infrastructure by sending recursive requests to previous hosts on the connection chain. The protocol has been designed to protect user´s privacy by returning a token that is a hash of connection information; a system administrator can later decide whether to release the information relating to the token depending on the circumstances of the request.
Keywords :
security of data; telecommunication security; transport protocols; IP packets; TCP traceback; computer forensics; ident protocol; identification protocol infrastructure; malicious network-based activity; recursive session token protocol; stepping-stone scenario; user privacy protection; Computer science; Computer science education; Computer security; Data security; Forensics; Information security; Intelligent networks; Privacy; Protection; Protocols;
Conference_Titel :
INFOCOM 2002. Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE
Print_ISBN :
0-7803-7476-2
DOI :
10.1109/INFCOM.2002.1019405
