Traffic masking in IPsec: architecture and implementation

Author

Kiraly, Csaba ; Bianchi, Giuseppe ; Formisano, Fabrizio ; Teofili, Simone ; Lo Cigno, Renato

Author_Institution

Univ. of Trento, Trento

fYear

2007

fDate

1-5 July 2007

Firstpage

1

Lastpage

5

Abstract

Protection from statistical traffic analysis attacks calls for effective design of traffic flow confidentiality (TFC) mechanisms. These are devised to alter the traffic pattern in order to hide information about contents transmitted, which, despite encryption, can be revealed by malicious users through statistical analysis. Widespread diffusion of these mechanisms requires embedding them in widely deployed protocols. This paper proposes an IPsec based framework aimed at enforcing TFC. This is characterized by two key components: i) a module designed to enforce packet padding, fragmentation, dummy packet generation, and artificial alteration of the packet forwarding delay, and ii) a TFC header devised to carry information across the IPsec tunnel to allow packet handling at the receiver side. The proposed approach has been implemented in a Linux 2.6 Kernel, and preliminary experimental results are reported to show its operation.

Keywords

IP networks; telecommunication security; telecommunication traffic; IPsec based framework; dummy packet generation; packet forwarding delay; packet padding; statistical traffic analysis attacks; traffic flow confidentiality; traffic masking; traffic pattern; Character generation; Cryptography; Electrostatic precipitators; Information security; Kernel; Linux; Privacy; Protection; Routing protocols; Statistical analysis; IPsec; Traffic Flow Confidentiality; experimental assessment; privacy; security;

fLanguage

English

Publisher

ieee

Conference_Titel

Mobile and Wireless Communications Summit, 2007. 16th IST

Conference_Location

Budapest

Print_ISBN

963-8111-66-6

Electronic_ISBN

963-8111-66-6

Type

conf

DOI

10.1109/ISTMWC.2007.4299299

Filename

4299299