Covert-channel-resistant congestion control for traffic normalization in uncontrolled networks

Research output: Contribution to book/Conference proceedings/Anthology/ReportConference contributionContributedpeer-review

Contributors

  • Martin Byrenheid - , Chair of Privacy and Data Security, TUD Dresden University of Technology (Author)
  • Michael Rossberg - , Ilmenau University of Technology (Author)
  • Guenter Schaefer - , Ilmenau University of Technology (Author)
  • Robert Dorn - , secunet Security Networks AG (Author)

Abstract

Traffic normalization, i.e. enforcing a constant stream of fixed-length packets, is a well-known measure to completely prevent attacks based on traffic analysis. In simple configurations, the enforced traffic rate can be statically configured by a human operator, but in large virtual private networks (VPNs) the traffic pattern of many connections may need to be adjusted whenever the overlay topology or the transport capacity of the underlying infrastructure changes. We propose a rate-based congestion control mechanism for automatic adjustment of traffic patterns that does not leak any information about the actual communication. Overly strong rate throttling in response to packet loss is avoided, as the control mechanism does not change the sending rate immediately when a packet loss was detected. Instead, an estimate of the current packet loss rate is obtained and the sending rate is adjusted proportionally. We evaluate our control scheme based on a measurement study in a local network testbed. The results indicate that the proposed approach avoids network congestion, enables protected TCP flows to achieve an increased goodput, and yet ensures appropriate traffic flow confidentiality.

Details

Original languageEnglish
Title of host publication2017 IEEE International Conference on Communications (ICC)
PublisherWiley-IEEE Press
Pages1-7
Number of pages7
ISBN (print)978-1-4673-9000-2
Publication statusPublished - 25 May 2017
Peer-reviewedYes

Conference

Title2017 IEEE International Conference on Communications
Abbreviated titleIEEE ICC 2017
Duration21 - 25 May 2017
CityParis
CountryFrance

External IDs

Scopus 85028357283

Keywords

Keywords

  • Virtual private networks, Bandwidth, Logic gates, Packet loss, Cryptography