Optimum packet length masking

Application level traffic classification has been addressed in demonstrated recently based on statistical features of packet flows. Among the most significant characteristics is packet length. Even ciphered flows leak information about their content through the sequence of packet length values. There are obvious ways to destroy such side information, e.g. by setting all packet at maximum allowed length. This approach could ential an extremely large overhead, which makes it impractical. There is room to investigate the optimal trade-off between overhead/complexity of packet length masking and suppression of information leakage about flow content through packet length values. In this work we characterize the optimum first order statistical padding technique which guarantees indistinguishability of different application flows. We also discuss how to account for subsequent packet length correlation. Numerical results are shown with reference to real network traffic traces, specifically flows of HTTP, POP3, SSH, and FTP (control session) traffic.