Traffic Flow Confidentiality in IPsec: Protocol and Implementation
نویسندگان
چکیده
Traffic Flow Confidentiality (TFC) mechanisms are techniques devised to hide/masquerade the traffic pattern to prevent statistical traffic analysis attacks. Their inclusion in widespread security protocols, in conjunction with the ability for deployers to flexibly control their operation, might boost their adoption and improve privacy of future networks. This paper describes a TFC protocol integrated, as a security protocol, in the IPsec security architecture. A Linux-based implementation has been developed, supporting a variety of perpacket treatments (padding, fragmentation, dummy packet generation, and artificial alteration of the packet forwarding delay), in an easily combinable manner. Experimental results are reported to demonstrate the flexibility and the effectiveness of the TFC implementation.
منابع مشابه
An IPSec-Based Key Management Algorithm for Mobile IP Networks
The Mobile IP network environment for users is very vulnerable to malicious attacks, such as denial-of-service, man-in-the-middle, and other types of attacks. For protection, the IETF standard Mobile IP protocol is modified with IP security (IPSec) primitives, which control the packet flow from a mobile host through multiple security gateways. In addition, IPSec uses strong cryptographic authen...
متن کاملIPsec
Prior to the explosion of computer networks in the late 1980s, enterprise environments were largely isolated collections of hosts. The protocols used to connect those computers did not require much security. Indeed, few security issues were considered by original designers of the Internet Protocol (IP) suite upon which those and subsequent networks are based. While the openness of these protoco...
متن کاملDesign of IPsec and IKE version 1 and 2 ∗
IPsec is a collection of protocols that provides network layer data integrity and confidentiality services. IKEv1 is a versatile key agreement protocol that allows perfect forward secrecy and identity protection (among other things). IKEv2 has similar functionalities as IKEv1, but provides a simpler and better approach to key exchange. Additionally, IKEv2 provides new methods for authentication...
متن کاملTraffic Flow Confidentiality Enhancements in IPsec: Design and Preliminary Implementation
MOTIVATION Traditional communication security focuses on protecting the delivered contents through strong encryption means. However, extensive literature work demonstrates that encryption alone is insufficient to protect confidentiality. The statistical pattern of the traffic generated in a communication carries plenty of information, which can be maliciously gathered through specially devised ...
متن کاملPerformance Analysis of IP Security VPN
Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. . IPSec architecture requires the host to provide confidentiality using Encapsulating Security Payload and data integrity using either Authentication Header or Encapsulating Security Payload and anti-replay protection. IPSec ...
متن کامل