DOC PREVIEW
MTU CS 6461 - Normalizing Traffic Pattern with Anonymity for Mission Critical Applications

This preview shows page 1-2 out of 7 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 7 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 7 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 7 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Normalizing Traffic Pattern with Anonymity for Mission Critical Applications Dongxi Liu, Chi-Hung Chi, Ming Li School of Computing National University of Singapore Lower Kent Ridge Road Singapore 119260 Emails: [email protected] Abstract Intruders often want to analyze traffic pattern to get information for his some malicious activities in ultra-secure network. This paper presents a general approach to prevent traffic pattern of IP-based network from being analyzed. It is an isolated scheme which can be used to prevent traffic analysis in overall network by achieving the same goal in each network segment independently. On each network segment, complementary traffic is generated according to its real traffic, and the combination of these two kinds of traffic constitutes the normalized traffic on each link. Main advantages of our approach are, from the performance viewpoint, 1) complementary traffic does not compete on the bandwidth with real traffic actively, and 2) complementary traffic does not consume the bandwidth of other network segment at all. In addition, by encrypting source and destination IP addresses of each packet, anonymous communication can be achieved and anonymous normalized traffic loses its value for the analysis of eavesdropped traffic by intruders. 1. Introduction Generally, information security in the Internet is guaranteed by using security protocols, such as IP security protocol (IPSec) [1] and transport layer security (TLS) [2]. However, it is not enough for an ultra-secure communication network, such as a military network, to just encrypt and authenticate transmitted data. It is because in computer communication networks, a traffic series has its statistical patterns, which can provide extra useful information for intruders. For example, the research in traffic analysis exhibits ample evidence that traffic is a second-order stationary series with the statistical properties of long-range dependence (LRD), (asymptotical) self-similarity and heavy-tailed distribution at different layers [3-6]. Thus, intruders may obtain the statistical traffic pattern between any two network nodes, such as hosts or routers, by processing monitored data series. Using the known traffic patterns, he can distinguish special events happening from the pattern variations of a traffic series. Consequently, any methods used to prevent traffic pattern analysis on a packet-by-packet basis are beneficial for ultra-secure distributed systems. Several approaches have been reported in this area, see for examples [7-11]. In this paper, we propose a novel approach based on normalizing traffic pattern with anonymity. Our scheme to prevent traffic pattern analysis for IP-based network is based on the following two aspects: 1) steadily normalizing traffic, and 2) hiding IP addresses in packets. By steadily normalizing traffic, we mean that traffic pattern remains unchanged regardless of what happens to it. By hiding IP address in every packet, we mean the IP address in every packet is confidential to intruders. To achieve our goal, we insert a thin layer between the network layer and the link layer. Thus, during every unit time period, only one packet is sent (either a regular packet from the network layer or a padded packet when no regular packet is available, i.e. a dummy packet). Moreover, if the packet to be sent is shorter than an expected length, some extra bytes are padded to its rear so that packets sent by one network node always have constant size with constant rate, i.e., normalized traffic, in which dummy packet and extra bytes together make up the complementary traffic. In addition, when sending a packet, its source and destination IP addresses will be encrypted for anonymity so that intruders cannot trace the packet flow in network. Upon receiving a packet, a reverse procedure should be taken to recover the real packet. In this way, a normalized anonymous traffic is generated such that traffic pattern losses its analysis value for intruders from the security view. This paper is organized as follows. Section 2 introduces some work related our study. Our scheme is discussed in Section 3. Conclusions are given in Section 4.Proceedings of the 37th Annual Simulation Symposium (ANSS’04) 1080-241X/04 $ 20.00 © 2004 IEEE2. Related Work There are two categories of countermeasures to resist traffic analysis. One is anonymous communication and the other traffic camouflaging. Anonymous communication can prevent intruders from knowing who is communicating with whom, such as Onion Routing project [10-11], but it cannot hide the traffic pattern of the overall network. Traffic camouflaging [7-8] can prevent traffic analysis by padding and rerouting so that the traffic pattern between two hosts are not related to the operation status of application for intruders. However, it cannot provide anonymity and intruders can infer the differences of traffic patterns between the two hosts. In comparison with the previous work, the main advantage of our approach in function is that it can provide anonymous communication and hide traffic pattern simultaneously. Moreover, our approach is an isolated scheme. By isolated scheme, we mean two points: 1) to achieve its goal in the overall network by achieving the same goal in each network segment, and 2) not to assume any global parameters, such as the capacity between any two hosts like that in [7-8]. Being an isolated scheme, our approach, from the performance viewpoint, has two additional advantages: 1) complementary traffic does not compete on the bandwidth with the real traffic actively, and 2) complementary traffic does not consume the bandwidth of other network segment at all. Our approach can be deployed in an overall network by deploying it in each network segment gradually, thus making it to be practical in engineering. It should be mentioned that the link cover mode in [9] is to achieve constant traffic rate on each link, too. However, it depends on a finite end-to-end flow set to compute the link cover mode. We argue that this parameter is very difficult (if not impossible) to get because the two ends may have infinite flows. In [14], Kung et. al. propose an IP-layer anonymizing infrastructure to hide the server address from all clients to resist DOS attack, which is different from the anonymity in this paper. 3. Methodologies Our approach consists of three components: a protocol to negotiate the parameters, such as the encryption


View Full Document

MTU CS 6461 - Normalizing Traffic Pattern with Anonymity for Mission Critical Applications

Documents in this Course
Tapestry

Tapestry

13 pages

Load more
Download Normalizing Traffic Pattern with Anonymity for Mission Critical Applications
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Normalizing Traffic Pattern with Anonymity for Mission Critical Applications and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Normalizing Traffic Pattern with Anonymity for Mission Critical Applications 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?