Optimum packet length masking

Iacovazzi, Alfonso; Baiocchi, Andrea

doi:10.1109/itc.2010.5608728

Cited by 19 publications

(13 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…With additive masking the masked featureṼ is built asṼ ¼ V ðiÞ þ U ðiÞ , with U ðiÞ a suitable nonnegative random variable such that the pdf ofṼ is independent of i (1 i M). In [15], it is shown that minimum overhead additive masking is obtained by choosing FṼ ðvÞ ¼ minfF This choice minimizes E½Ṽ , hence E½U ðiÞ for a given value of E½V ðiÞ , 1 i M. Once FṼ ðvÞ is computed, the pdf of the U ðiÞ s can be calculated. Given a sample v of V ðiÞ , the masking quantity is sampled from the pdf of U ðiÞ , say u, and the masked feature value is v þ u, with u !…”

Section: Practical Masking Of the Whole Flowmentioning

confidence: 99%

Internet Traffic Privacy Enhancement with Masking: Optimization and Tradeoffs

Iacovazzi

Baiocchi

2014

IEEE Trans. Parallel Distrib. Syst.

Self Cite

View full text Add to dashboard Cite

An increasing number of recent experimental works have demonstrated that the supposedly secure channels in the Internet are prone to privacy breaking under many respects, due to packet traffic features leaking information on the user activity and traffic content. We aim at understanding if and how complex it is to obfuscate the information leaked by packet traffic features, namely packet lengths, directions, and times: we call this technique traffic masking. We define a security model that points out what the ideal target of masking is, and then define the optimized traffic masking algorithm that removes any leaking ( full masking). Further, we investigate the tradeoff between traffic privacy protection and masking cost, namely required amount of overhead and realization complexity/feasibility. Numerical results are based on measured Internet traffic traces. Major findings are that: 1) optimized full masking achieves similar overhead values with padding only and in case fragmentation is allowed, and 2) if practical realizability is accounted for, optimized statistical masking attains only moderately better overhead than simple fixed pattern masking does, while still leaking correlation information that can be exploited by the adversary

show abstract

Section: Practical Masking Of the Whole Flowmentioning

confidence: 99%

Internet Traffic Privacy Enhancement with Masking: Optimization and Tradeoffs

Iacovazzi

Baiocchi

2014

IEEE Trans. Parallel Distrib. Syst.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Although this approach may alleviate the problem, it is usually inefficient and easy to incur high overheads. Iacovazzi et al . characterized the optimum first‐order statistical padding technique, which makes different application flows indistinguishable.…”

Section: Related Workmentioning

confidence: 99%

“…Although this approach may alleviate the problem, it is usually inefficient and easy to incur high overheads. Iacovazzi et al [13] characterized the optimum first-order statistical padding technique, which makes different application flows indistinguishable. Shui Yu et al [14] implement a strategy to introduce dummy packet padding into a flow in order to guarantee perfect anonymity on web browsing.…”

Section: B Traffic Manipulatingmentioning

confidence: 99%

Concurrent multipath traffic impersonating for enhancing communication privacy

Liu

Wang

Miao

2013

Int J Communication

View full text Add to dashboard Cite

Network communication traditionally only uses encryption techniques for privacy and a single path for routing, which makes the communication vulnerable to attackers. Attackers easily obtain much important information by eavesdropping on the path and analyzing the communication traffic. To overcome the problem, we propose concurrent multipath traffic impersonating (CMTI), which obscures traffic features by camouflaging the traffic flow and dividing it into multiple parts. We propose a traffic impersonating technique based on statistical simulation, which make the secret traffic look like another normal and inconspicuous class to deceive attackers. And we present the packet scheduling algorithm to transfer the impersonating flows on multipath, for enhancing the communication efficiency and further increasing significantly the cost inflicted on attackers who wish to eavesdrop communication sessions. The empirical analysis demonstrates that concurrent multipath traffic imitating can effectively thwart traffic analysis and enhance communication efficiency. Copyright © 2013 John Wiley & Sons, Ltd.

show abstract

“…Besides that, knowledge of the applications used by the subscribers may be of interest for application-based accounting and charging or even for the Internet Service Provider (ISP) to offer new products [1]- [6]. Characterization of Internet traffic is an important issue for telecommunications networks [7]. The literature presents several traffic identification techniques, and those using packet length (size) are important strategies [1]- [24].…”

Section: Introductionmentioning

confidence: 99%

“…Li Bo, for example, indicates that the packet size (or length) distribution can be used to identify many Transport Control Protocol (TCP) applications [18]. Alfonso Iacovazzi reports that statistical traffic classification is possible based on some features of the Internet Protocol (IP) flow and that the packet length is a key feature to classify the application level content of a packet flow and that this classification can be useful for security policies, traffic filtering and support to the quality of service mechanisms [7]. Mushtaq mentioned that the probability density function and the cumulative distribution function can be used to design, control, manage, interpolate and extrapolate the network traffic.…”

Section: Introductionmentioning

confidence: 99%

Probability Density Functions of the Packet Length for Computer Networks with Bimodal Traffic

Castro¹,

Alencar²,

Fonseca³

2013

IJCNC

View full text Add to dashboard Cite

The research on Internet traffic classification and identification, with application on prevention of attacks and intrusions, increased considerably in the past years. Strategies based on statistical characteristics of the Internet traffic, that use parameters such as packet length (size) and inter-arrival time and their probability density functions, are popular. This paper presents a new statistical modeling for packet length, which shows that it can be modeled using a probability density function that involves a normal or a beta distribution, according to the traffic generated by the users. The proposed functions has parameters that depend on the type of traffic and can be used as part of an Internet traffic classification and identification strategy. The models can be used to compare, simulate and estimate the computer network traffic, as well as to generate synthetic traffic and estimate the packets processing capacity of Internet routers KEYWORDS Packet-switching networks, Measurement, Modeling, Statistical methods & Packet length.

show abstract

Optimum packet length masking

Cited by 19 publications

References 13 publications

Internet Traffic Privacy Enhancement with Masking: Optimization and Tradeoffs

Internet Traffic Privacy Enhancement with Masking: Optimization and Tradeoffs

Concurrent multipath traffic impersonating for enhancing communication privacy

Probability Density Functions of the Packet Length for Computer Networks with Bimodal Traffic

Contact Info

Product

Resources

About