Speaker: Dr. Dong Xuan, Ph.D.Associate Professor, Dept. of Computer Science and Engineering,The Ohio State UniversityThe Internet\'s prosperity has brought convenience to our daily lives and fueled prolific network-based business across the globe. However, it has also become a breeding ground for a variety of crimes. For example, Web file downloading can be disguised using anonymous Internet communication systems, preventing detection of illegal use in cases such as child pornography. Because crime is spreading and increasing in severity along with the fast-growing Internet, network-based forensics - in particular, a fundamental network-based forensic technique, i.e., traceback - has gained increasing importance as part of legal surveillance.Both accuracy and invisibility of traceback are essential for successful network forensics. Accuracy enables traceback, while invisibility prevents detection and loss of a valuable means to gather legal evidence. Invisibility refers to the difficulty of detecting the traceback by anyone other than the investigators. When traceback attempts are identified, the correspondents will simply stop communicating with each other, thereby evading further detection. They may even develop countermeasures to fool or mislead investigators (e.g., by abusing some targets and feigning communications). In any case, forensic evidence may be lost, damaged or contaminated. The needs addressing both accuracy and invisibility of traceback have been largely overlooked.In this talk, we first overview traceback techniques in the Internet, and then discuss our newly-designed flow-marking technique for invisible traceback. The technique is based on Direct Sequence Spread Spectrum (DSSS) utilizing a Pseudo-Noise (PN) code. By interfering with a sender\'s traffic and marginally varying its rate, an investigator can embed a secret spread-spectrum signal into the sender\'s traffic. The embedded signal is carried along with the traffic from the sender to the receiver, so the investigator can recognize the corresponding communication relationship, tracing the messages despite the use of anonymous networks. The secret PN code makes it difficult for others to detect the presence of such embedded signals, so the traceback, while available to investigators, is effectively invisible.Invisible traceback possesses many important applications in the real world. In this talk, we also discuss potential developments of our designed invisible traceback technique into an effective and practical surveillance tool. Law enforcement agencies may use the tool to conduct electronic surveillance to combat Internet-based crimes, terrorism, or other malicious activities.http://www.livetech.hk/article.php?uid=8&do=showone&itemid=2902&type=blog 2008, PolyNet, Security, Symposium