Title :
Traffic masking in IPsec: architecture and implementation
Author :
Kiraly, Csaba ; Bianchi, Giuseppe ; Formisano, Fabrizio ; Teofili, Simone ; Lo Cigno, Renato
Author_Institution :
Univ. of Trento, Trento
Abstract :
Protection from statistical traffic analysis attacks calls for effective design of traffic flow confidentiality (TFC) mechanisms. These are devised to alter the traffic pattern in order to hide information about contents transmitted, which, despite encryption, can be revealed by malicious users through statistical analysis. Widespread diffusion of these mechanisms requires embedding them in widely deployed protocols. This paper proposes an IPsec based framework aimed at enforcing TFC. This is characterized by two key components: i) a module designed to enforce packet padding, fragmentation, dummy packet generation, and artificial alteration of the packet forwarding delay, and ii) a TFC header devised to carry information across the IPsec tunnel to allow packet handling at the receiver side. The proposed approach has been implemented in a Linux 2.6 Kernel, and preliminary experimental results are reported to show its operation.
Keywords :
IP networks; telecommunication security; telecommunication traffic; IPsec based framework; dummy packet generation; packet forwarding delay; packet padding; statistical traffic analysis attacks; traffic flow confidentiality; traffic masking; traffic pattern; Character generation; Cryptography; Electrostatic precipitators; Information security; Kernel; Linux; Privacy; Protection; Routing protocols; Statistical analysis; IPsec; Traffic Flow Confidentiality; experimental assessment; privacy; security;
Conference_Titel :
Mobile and Wireless Communications Summit, 2007. 16th IST
Conference_Location :
Budapest
Print_ISBN :
963-8111-66-6
Electronic_ISBN :
963-8111-66-6
DOI :
10.1109/ISTMWC.2007.4299299
