Covert-channel-resistant congestion control for traffic normalization in uncontrolled networks
Title | Covert-channel-resistant congestion control for traffic normalization in uncontrolled networks |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Byrenheid, M., Rossberg, M., Schaefer, G., Dorn, R. |
Conference Name | 2017 IEEE International Conference on Communications (ICC) |
Date Published | may |
Publisher | IEEE |
Keywords | Bandwidth, compositionality, covert channels, covert-channel-resistant congestion control, cryptography, local network testbed, Logic gates, network congestion avoidance, overlay networks, overlay topology, Packet loss, pubcrawl, rate-based congestion control mechanism, Resiliency, Scalability, TCP flows, telecommunication congestion control, telecommunication network topology, telecommunication traffic, Traffic analysis, traffic normalization, traffic pattern automatic adjustment, transport capacity, transport protocols, uncontrolled networks, Virtual private networks, vpn |
Abstract | Traffic normalization, i.e. enforcing a constant stream of fixed-length packets, is a well-known measure to completely prevent attacks based on traffic analysis. In simple configurations, the enforced traffic rate can be statically configured by a human operator, but in large virtual private networks (VPNs) the traffic pattern of many connections may need to be adjusted whenever the overlay topology or the transport capacity of the underlying infrastructure changes. We propose a rate-based congestion control mechanism for automatic adjustment of traffic patterns that does not leak any information about the actual communication. Overly strong rate throttling in response to packet loss is avoided, as the control mechanism does not change the sending rate immediately when a packet loss was detected. Instead, an estimate of the current packet loss rate is obtained and the sending rate is adjusted proportionally. We evaluate our control scheme based on a measurement study in a local network testbed. The results indicate that the proposed approach avoids network congestion, enables protected TCP flows to achieve an increased goodput, and yet ensures appropriate traffic flow confidentiality. |
URL | http://ieeexplore.ieee.org/document/7996936/ |
DOI | 10.1109/ICC.2017.7996936 |
Citation Key | byrenheid_covert-channel-resistant_2017 |
- Resiliency
- vpn
- Virtual private networks
- uncontrolled networks
- transport protocols
- transport capacity
- traffic pattern automatic adjustment
- traffic normalization
- Traffic analysis
- telecommunication traffic
- telecommunication network topology
- telecommunication congestion control
- TCP flows
- Scalability
- Bandwidth
- rate-based congestion control mechanism
- pubcrawl
- Packet loss
- overlay topology
- overlay networks
- network congestion avoidance
- Logic gates
- local network testbed
- Cryptography
- covert-channel-resistant congestion control
- covert channels
- Compositionality