A recursive session token protocol for use in computer forensics and TCP traceback

Author

Carrier, Brian ; Shields, Clay

Author_Institution

Center for Educ. & Res. in Inf. Assurance & Security, Purdue Univ., West Lafayette, IN, USA

Volume

3

fYear

2002

fDate

2002

Firstpage

1540

Abstract

We introduce a new protocol designed to assist in the forensic investigation of malicious network-based activity, specifically addressing the stepping-stone scenario in which an attacker uses a chain of connections through many hosts to hide his or her identity. Our protocol, the Session TOken Protocol (STOP), enhances the Identification Protocol (ident) infrastructure by sending recursive requests to previous hosts on the connection chain. The protocol has been designed to protect user´s privacy by returning a token that is a hash of connection information; a system administrator can later decide whether to release the information relating to the token depending on the circumstances of the request.

Keywords

security of data; telecommunication security; transport protocols; IP packets; TCP traceback; computer forensics; ident protocol; identification protocol infrastructure; malicious network-based activity; recursive session token protocol; stepping-stone scenario; user privacy protection; Computer science; Computer science education; Computer security; Data security; Forensics; Information security; Intelligent networks; Privacy; Protection; Protocols;

fLanguage

English

Publisher

ieee

Conference_Titel

INFOCOM 2002. Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE

ISSN

0743-166X

Print_ISBN

0-7803-7476-2

Type

conf

DOI

10.1109/INFCOM.2002.1019405

Filename

1019405