Covert-channel-resistant congestion control for traffic normalization in uncontrolled networks
Research output: Contribution to book/Conference proceedings/Anthology/Report › Conference contribution › Contributed › peer-review
Contributors
Abstract
Traffic normalization, i.e. enforcing a constant stream of fixed-length packets, is a well-known measure to completely prevent attacks based on traffic analysis. In simple configurations, the enforced traffic rate can be statically configured by a human operator, but in large virtual private networks (VPNs) the traffic pattern of many connections may need to be adjusted whenever the overlay topology or the transport capacity of the underlying infrastructure changes. We propose a rate-based congestion control mechanism for automatic adjustment of traffic patterns that does not leak any information about the actual communication. Overly strong rate throttling in response to packet loss is avoided, as the control mechanism does not change the sending rate immediately when a packet loss was detected. Instead, an estimate of the current packet loss rate is obtained and the sending rate is adjusted proportionally. We evaluate our control scheme based on a measurement study in a local network testbed. The results indicate that the proposed approach avoids network congestion, enables protected TCP flows to achieve an increased goodput, and yet ensures appropriate traffic flow confidentiality.
Details
Original language | English |
---|---|
Title of host publication | 2017 IEEE International Conference on Communications (ICC) |
Publisher | Wiley-IEEE Press |
Pages | 1-7 |
Number of pages | 7 |
ISBN (print) | 978-1-4673-9000-2 |
Publication status | Published - 25 May 2017 |
Peer-reviewed | Yes |
Conference
Title | 2017 IEEE International Conference on Communications |
---|---|
Abbreviated title | IEEE ICC 2017 |
Duration | 21 - 25 May 2017 |
City | Paris |
Country | France |
External IDs
Scopus | 85028357283 |
---|
Keywords
Keywords
- Virtual private networks, Bandwidth, Logic gates, Packet loss, Cryptography