Privacy-preserving forensic attribution is a new architectural primitive we propose that allows individual network packets to be attributed, post-hoc, to the physical machines from which they were sent. Importantly, while our architecture allows any network element to verify that a packet has a valid forensic signature, only a trusted authority is able to reveal the sender's identity. In this way, the privacy of individual senders is protected from serendipitous use, while criminal actors cannot presume anonymity. We have developed a prototype implementation, called Clue, that demonstrates the fundamental feasibility of this approach while also illustrating the design challenges and opportunities in integrating this functionality with the network layer. We hope this work stimulates further technical investigations in this area, as well as broader political and sociological discussions on the criteria for network-based privacy-preserving forensic attribution and its ability to address the current tensions between the demand for strong privacy and the push towards greater, privacy-invasive forensic techniques.
The authors of these documents have submitted their reports to this technical report series for the purpose of non-commercial dissemination of scientific work. The reports are copyrighted by the authors, and their existence in electronic format does not imply that the authors have relinquished any rights. You may copy a report for scholarly, non-commercial purposes, such as research or instruction, provided that you agree to respect the author's copyright. For information concerning the use of this document for other than research or instructional purposes, contact the authors. Other information concerning this technical report series can be obtained from the Computer Science and Engineering Department at the University of California at San Diego, firstname.lastname@example.org.
[ Search ]