CDCAssignment One
The End-End Argument
S.Khizar Bin Aamir Omer Kahoot Muhammad Ahsan Ahsan Ali Adil Mirrani 09-0008 09-0057 09-0210 09-0000 09-0920
�Justification of End to End Argument
Banking sector requires reliable delivery of data pertaining to all its transactions but most of all it needs secure transmission of data over any network as it is prone to packet sniffing and malicious users tapping into the transmission to use this for notorious purposes. Therefore we have identified the end systems where there is a bank terminal at one end such as an ATM machine, Credit Card Reader, or simple online banking Application on a mobile device or an ordinary desktop computer. Similarly on the other side a similar banking machine, a bank server or a client terminal could be placed. Encryption of data is the function in question and according to the end to end argument it is only feasible to place this function on end systems. Data shall only be encrypted and decrypted at end machines such as the ATM machine, banks server or the client terminal rather than encrypting or decrypting the data at network level where placement of such a function might turn the network into a special purpose network rather than a network that may carry traffic of all kinds. In addition to this malicious users might easily access the encryption keys present in communication devices all along the network. Furthermore it tends to over burden the network with the task of encrypting and decrypting such a large volume of transactions which may not be suitable based on the processing capabilities of the network hardware. Therefore to retain the generic nature of networks and allowing all kinds of banks and banking transactions irrespective of their end applications to make use of the already existing networks such a function be implemented at the application level on end systems of the communication process.
Application in Violation of End to End Argument
As we know that malicious users around the world have devised many different methods of bringing down web servers down to their knees. One such method of attacks is the Botnet attack as discussed in earlier classes. And we came to know that a network level or rather ISP level solution to such an attack is being researched upon by you presently. Which brings us to the concept of removing the function of detecting and preventing such attacks from the end systems such as client terminals, webservers etc. and employing it at communication level where such attacks can be detected in a more efficient manner. The example we have chosen is of DDoS or DoS attacks. There are currently solutions working in the real world that have successfully removed the function of detecting a DoS attack from the targeted server and have implemented it at the network level where the network detects patterns of DoS attacks from flowing traffic much more quickly than an end system would have. If an end node tries to detect and prevent such an attack it would in itself serve the purpose of the attack and bring down the server with such a heavy inflow of useless requests. The point here is to detect the packets before they reach the end system and kill them while they are in the network which can only be achieved if the function is implemented at communication level. One such example of such an implemented system is provided by Rackspace Hosting. http://www.rackspace.com/managed_hosting/services/security/ddosmitigation/ As they claim to have a technology that can examine and analyze over 30 million packets per second. With the help of cunning algorithms and marking techniques it filters out all malicious traffic at network level before it reaches the end system. Therefore it proves the point of implementing this functionality at communication level as opposed to the suggested end-end argument.
