Traffic Flow Confidentiality in IPsec: Protocol and Implementation

Király, Csaba; Teofili, Simone; Bianchi, Giuseppe; Cigno, Renato Lo; Nardelli, Matteo; Delzeri, Emanuele

doi:10.1007/978-0-387-79026-8_22

Cited by 14 publications

(9 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Relaxing other assumptions is more problematic, e. g. due to the cost of false alarms 17 , when not all of the URLs in the pool are known to the attacker. A false alarm is a classification for a URL that is in the set of uninteresting instances.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Website fingerprinting

Herrmann

Wendolsky²,

Federrath

2009

Proceedings of the 2009 ACM Workshop on Cloud Computing Security

290

View full text Add to dashboard Cite

Privacy enhancing technologies like OpenSSL, OpenVPN or Tor establish an encrypted tunnel that enables users to hide content and addresses of requested websites from external observers This protection is endangered by local traffic analysis attacks that allow an external, passive attacker between the PET system and the user to uncover the identity of the requested sites. However, existing proposals for such attacks are not practicable yet.We present a novel method that applies common text mining techniques to the normalised frequency distribution of observable IP packet sizes. Our classifier correctly identifies up to 97 % of requests on a sample of 775 sites and over 300,000 real-world traffic dumps recorded over a two-month period. It outperforms previously known methods like Jaccard's classifier and Naïve Bayes that neglect packet frequencies altogether or rely on absolute frequency values, respectively. Our method is system-agnostic: it can be used against any PET without alteration. Closed-world results indicate that many popular single-hop and even multi-hop systems like Tor and JonDonym are vulnerable against this general fingerprinting attack. Furthermore, we discuss important real-world issues, namely false alarms and the influence of the browser cache on accuracy.

show abstract

Section: Discussionmentioning

confidence: 99%

“…We are aware of the efforts of Kiraly et al, though. They describe Traffic Flow Confidentiality [17], an extension to the IPsec code of the Linux kernel offering sophisticated padding and packet clocking schemes. However, they have not yet provided a thorough evaluation of their schemes against website fingerprinting attacks.…”

Section: Related Workmentioning

confidence: 99%

Website fingerprinting

Herrmann

Wendolsky²,

Federrath

2009

Proceedings of the 2009 ACM Workshop on Cloud Computing Security

290

View full text Add to dashboard Cite

show abstract

“…To limit a covert channel capacity, the random increase of packet lengths and generation of dummy packets can be used. Kiraly suggested the realization of the methods based on IPsec in 2008 in order to make traffic nontraceable [23].…”

Section: Related Workmentioning

confidence: 99%

A Random Traffic Padding to Limit Packet Size Covert Channels

Epishkina

Kogos

2015

Annals of Computer Science and Information Systems

View full text Add to dashboard Cite

Abstract-This paper observes different methods for network covert channels constructing and describes the scheme of the packet length covert channel. The countermeasure based on random traffic padding generating is proposed. The capacity of the investigated covert channel is estimated and the relation between parameter of covert channel and counteraction tool is examined. Practical recommendation for using the obtained results are given.

show abstract

“…We follow [5], [6], and focus on a special case, which we refer to as isolated virtual private network (isolated VPN); see Fig. 1.…”

Section: Introductionmentioning

confidence: 99%

“…For example, Chen et al [8] show how an attacker on the Internet may expose confidential data sent (encrypted) to trusted, benign websites, exploiting the fact that encryption does not hide the size of the plaintext or the timing information. Even more powerful accompliceto-attacker covert channels, and prevention mechanisms, are studied in [5], [6].…”

Section: Introductionmentioning

confidence: 99%

Limiting MitM to MitE Covert-Channels

Herzberg

Shulman

2013

2013 International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

We study covert channels between a MitM attacker, and her MitE 'malware', running within the protected network of a victim organisation, and how to prevent or limit such channels. Our focus is on advanced timing channels, that allow communication between the MitM and MitE, even when hosts inside the protected network are restricted to only communicate to other (local and remote) hosts in the protected network. Furthermore, we assume communication is encrypted with fixed packet size (padding). We show that these do not suffice to prevent covert channels between MitM and MitE; furthermore, we show that even if we restrict communication to a constant rate, e.g., one packet every second, communication from MitE to MitM is still possible.We present efficient traffic shapers against covert channels between MitM and MitE. Our solutions preserve efficiency and bounded delay (QoS), while limiting covert traffic leakage, in both directions.

show abstract

Traffic Flow Confidentiality in IPsec: Protocol and Implementation

Cited by 14 publications

References 21 publications

Website fingerprinting

Website fingerprinting

A Random Traffic Padding to Limit Packet Size Covert Channels

Limiting MitM to MitE Covert-Channels

Contact Info

Product

Resources

About