Visible to the public Covert-channel-resistant congestion control for traffic normalization in uncontrolled networks

TitleCovert-channel-resistant congestion control for traffic normalization in uncontrolled networks
Publication TypeConference Paper
Year of Publication2017
AuthorsByrenheid, M., Rossberg, M., Schaefer, G., Dorn, R.
Conference Name2017 IEEE International Conference on Communications (ICC)
Date Publishedmay
PublisherIEEE
KeywordsBandwidth, compositionality, covert channels, covert-channel-resistant congestion control, cryptography, local network testbed, Logic gates, network congestion avoidance, overlay networks, overlay topology, Packet loss, pubcrawl, rate-based congestion control mechanism, Resiliency, Scalability, TCP flows, telecommunication congestion control, telecommunication network topology, telecommunication traffic, Traffic analysis, traffic normalization, traffic pattern automatic adjustment, transport capacity, transport protocols, uncontrolled networks, Virtual private networks, vpn
Abstract

Traffic normalization, i.e. enforcing a constant stream of fixed-length packets, is a well-known measure to completely prevent attacks based on traffic analysis. In simple configurations, the enforced traffic rate can be statically configured by a human operator, but in large virtual private networks (VPNs) the traffic pattern of many connections may need to be adjusted whenever the overlay topology or the transport capacity of the underlying infrastructure changes. We propose a rate-based congestion control mechanism for automatic adjustment of traffic patterns that does not leak any information about the actual communication. Overly strong rate throttling in response to packet loss is avoided, as the control mechanism does not change the sending rate immediately when a packet loss was detected. Instead, an estimate of the current packet loss rate is obtained and the sending rate is adjusted proportionally. We evaluate our control scheme based on a measurement study in a local network testbed. The results indicate that the proposed approach avoids network congestion, enables protected TCP flows to achieve an increased goodput, and yet ensures appropriate traffic flow confidentiality.

URLhttp://ieeexplore.ieee.org/document/7996936/
DOI10.1109/ICC.2017.7996936
Citation Keybyrenheid_covert-channel-resistant_2017