Title :
Camouflage of network traffic to resist attack (CONTRA)
Author :
Weinstein, William ; Lepanto, Janet
Author_Institution :
Charles Stark Draper Lab. Inc., Cambridge, MA, USA
Abstract :
The CONTRA system camouflages traffic among a set of collaborating hosts, and camouflages critical hosts by spreading the identity of each across multiple IP addresses. One realization of this system comprises a virtual network topology and supporting protocols that operate on top of the network transport layer. The protocol employs a synergistic combination of multipath relay transmissions, K-out-of N message encoding, packet encryption, heteromorphic packet relay and dynamically assignable IP addresses. The characteristics of the virtual network topology and protocols together impede the attacker´s ability to analyze traffic patterns, limit the visibility of real IP addresses to those cooperating hosts that are topologically adjacent to a host whose traffic is being monitored, and allow hosts to spread their IP identities and to modify the IPs associated with a host. These system characteristics will reduce the ability of a hostile entity to mount a successful denial-of-service attack against the operations among the set of hosts.
Keywords :
Internet; cryptography; protocols; telecommunication security; telecommunication traffic; CONTRA system; Internet; assignable IP addresses; attack resistance; collaborating hosts; denial-of-service attack; heteromorphic packet relay; message encoding; multipath relay transmissions; multiple IP addresses; network traffic camouflaging; network transport layer; packet encryption; protocols; virtual network topology; Collaboration; Cryptography; Encoding; Impedance; Network topology; Pattern analysis; Relays; Resists; Telecommunication traffic; Transport protocols;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2003. Proceedings
Print_ISBN :
0-7695-1897-4
DOI :
10.1109/DISCEX.2003.1194945
