ing, Clue’s implementation of the default “Sign+Verify” attribution process
restricts bulk TCP throughput to approximately 0.33Mbps independent of
The poor performance of
“Sign+Verify” motivates the optimizations described earlier. While precomputation dramatically decreases
the overhead at the sender, it has only
modest effect in isolation on TCP
throughput, as performance is still
receiver-limited. Similarly, asynchronous verification allows the receiver to
issue ACKs immediately, but the potential for improvement is bounded by
the effective decrease in flow RTT. Indeed, precomputation and asynchronous verification are most effective
when combined with windowed verification and has the potential to move
the performance bottleneck back to
The line in Figure 2 labeled
“Precomp+Async+Win- 8” is the performance of the Clue prototype when
combining the three optimizations
while using a fixed window size of
eight packets. In theory, the larger
the window size, the less overhead
verification imposes. Indeed, progressively increasing the window
size continues to increase throughput performance—to a point; most
benefits are achieved with a window of 64 packets, as indicated by
the line “Precomp+Async+Win- 64”
in Figure 2, exceeding 17.5Mbps at
20ms. Recall that windowed verification proceeds only in the absence of
loss; if a packet is lost in a window,
the remaining packets must be verified individually, negating any potential for improvement. Hence, our
Clue implementation dynamically
adjusts the window size to match the
sender’s TCP congestion window. The
in Figure 2 shows its performance approaches the baseline for all but the
smallest RTTs; at an RTT of 80ms—
typical of TCP connections on the Internet18—this combination achieves a
throughput of 9.6Mbps, within a factor of 1. 2 of “Proxy” itself, and exceeds
the capacity of most consumer broadband links.
Much of the Internet’s success can
be attributed to its minimalist archi-
tecture. However, the related archi-
tectural freedoms also represent ripe
vulnerabilities for adversaries trying to
exploit the network to their own ends.
Chief among them is the lack of ac-
countability for user actions. Without
a plausible threat of accountability, the
normal social processes that disincen-
tivize criminal behavior cannot func-
tion. We suggest modifying the Inter-
net architecture to proactively enable
network forensics while preserving the
privacy of network participants under
We thank Hovav Shacham of the University of California, San Diego, for
advice and comments. This work is
funded in part by National Science
Foundation grants CNS-0627157 and
1. andersen, D., Balakrishnan, H., Feamster, n., Koponen,
T., Moon, D., and Shenker, S. accountable Internet
Protocol. In Proceedings of the ACM SIGCOMM
Conference (Seattle, aug. 19–21). aCM Press, new
2. ateniese, G., Tsudik, G., and Song, D. Quasi-efficient
revocation of group signatures. In Financial
Cryptography, M. Blaze, ed. (Southampton, Bermuda,
Mar. 11–14). Springer-Verlag, Berlin, 2002, 183–197.
3. aucsmith, D. The digital crime scene: a software
prospective. In Proceedings of the CyberCrime and
Digital Law Enforcement Conference (new Haven, C T,
Mar. 26–28, 2004).
4. Baric, n. and Pfitzmann, B. Collision-free accumulators
and fail-stop signature schemes without trees. In
Advances in Cryptology EUROCRYPT ‘ 97, W. Fumy,
ed. (Konstanz, Germany, May 11–15). Springer-Verlag,
Berlin, 1997, 480–494.
5. Bellare, M., Micciancio, D., and Warinschi, B.
Foundations of group signatures: Formal definitions,
simplified requirements, and a construction based
on general assumptions. In Advances in Cryptology
EUROCRYPT ‘03, e. Biham, ed. (Warsaw, May 4–8).
Springer-Verlag, Berlin, 2003, 614–629.
6. Bellare, M. and rogaway, P. random oracles are
practical: a paradigm for designing efficient protocols.
In Proceedings of the ACM Conference on Computer
and Communications Security (Fairfax, Va, nov. 3–5).
aCM Press, new york, 1993, 62–73.
Mikhail Afanasyev ( firstname.lastname@example.org) is
a postdoctoral fellow in the autonomous Systems
laboratory of the australian Commonwealth Scientific
and research organization (CSIro), Brisbane, australia.
Tadayoshi Kohno ( email@example.com) is an
assistant professor in the Computer Science and
engineering Department of the university of Washington,
Justin Ma ( firstname.lastname@example.org) is a postdoctoral
scholar in the aMP lab of the university of California,
nicholas Murphy ( email@example.com) is a
doctoral candidate in the School of engineering and
applied Sciences of Harvard university, Cambridge, Ma.
Stefan Savage ( firstname.lastname@example.org) is a professor in
the Computer Science and engineering Department of the
university of California, San Diego.
Alex C. Snoeren ( email@example.com) is an associate
professor in the Computer Science and engineering
Department of the university of California, San Diego.
Geoffrey M. Voelker ( firstname.lastname@example.org) is a professor
in the Computer Science and engineering Department of
the university of California, San Diego.