Title page for ETD etd-11282006-130305


Type of Document Master's Thesis
Author Snow, Michael Thomas
Author's Email Address misnow1@vt.edu
URN etd-11282006-130305
Title Data-Link Layer Traceback in Ethernet Networks
Degree Master of Science
Department Electrical and Computer Engineering
Advisory Committee
Advisor Name Title
Park, Jung-Min Jerry Committee Chair
Hou, Yiwei Thomas Committee Member
Shukla, Sandeep K. Committee Member
Keywords
  • Traceback
  • Link Layer
  • Ethernet
  • Wired Networks
Date of Defense 2006-11-27
Availability unrestricted
Abstract
The design of the most commonly-used Internet and Local Area Network protocols provide no way of verifying the sender of a packet is who it claims to be. Protocols and applications exist that provide authentication but these are generally for special use cases. A malicious host can easily launch an attack while pretending to be another host to avoid being discovered. At worst, the behavior may implicate a legitimate host causing it and the user to be kicked off the network. A malicious host may further conceal its location by sending the attack packets from one or more remotely-controlled hosts. Current research has provided techniques to support traceback, the process of determining the complete attack path from the victim back to the attack coordinator. Most of this research focuses on IP traceback, from the victim through the Internet to the edge of the network containing the attack packet source, and Stepping-Stone traceback, from source to the host controlling the attack. However, little research has been conducted on the problem of Data-Link Layer Traceback (DLT), the process of tracing frames from the network edge to the attack source, across what is usually a layer-2 network. We propose a scheme called Tagged-fRAme tracebaCK (TRACK) that provides a secure, reliable DLT technique for Ethernet networks. TRACK defines processes for Ethernet switches and a centralized storage and lookup host. As a frame enters a TRACK-enabled network, a tag is added indicating the switch and port on which the frame entered the network. This tag is collected at the network edge for later use in the traceback operation. An authentication method is defined to prevent unauthorized entities from generating or modifying tag data. Simulation results indicate that TRACK provides accurate DLT operation while causing minimal impact on network and application performance.
Files
  Filename       Size       Approximate Download Time (Hours:Minutes:Seconds) 
 
 28.8 Modem   56K Modem   ISDN (64 Kb)   ISDN (128 Kb)   Higher-speed Access 
  snow_thesis_etd_r1.pdf 1.07 Mb 00:04:56 00:02:32 00:02:13 00:01:06 00:00:05

Browse All Available ETDs by ( Author | Department )

dla home
etds imagebase journals news ereserve special collections
virgnia tech home contact dla university libraries

If you have questions or technical problems, please Contact DLA.