Behavior Shaver: An Application Based Layer 3 VPN that Conceals Traffic Patterns Using SCTP

2010 International Conference on Broadband, Wireless Computing, Communication and Applications Pub Date : 2010-11-04 DOI:10.1109/BWCCA.2010.152

M. Mimura, Hidehiko Tanaka

{"title":"Behavior Shaver: An Application Based Layer 3 VPN that Conceals Traffic Patterns Using SCTP","authors":"M. Mimura, Hidehiko Tanaka","doi":"10.1109/BWCCA.2010.152","DOIUrl":null,"url":null,"abstract":"In recent years, distributed systems are connected by VPN (Virtual Private Network) through the Internet, and construct complicated information systems. These information systems bring benefit and security risks to many users. Representative security risks, vulnerabilities are closely related to application software installed in information systems. If a malicious adversary identifies the application software, he can seek the vulnerabilities easily. Thus, to ensure security of information systems, it is necessary to conceal application software installed in information systems. On the other hand, some attempts have been proposed to identify application software or protocol without scanning the payload. These proposed methods can analyze encrypted traffic, because the methods scan traffic patterns such as packet sizes and transmission intervals. While there are some legitimate uses for encrypted traffic analysis, these methods also raise problems about the confidentiality of encrypted traffic. Many researchers proposed countermeasures against traffic analysis to ensure anonymity in a public network. They indicated how to alter traffic patterns in the main. However, a few researcher indicated how to implement the method. Indeed, though previous VPN applications protect payloads against an eavesdropper, do not conceal side channel information including traffic patterns. Our work applies these proposed countermeasures and shows how to implement a secure VPN application that conceals traffic patterns. To alter traffic patterns, it is necessary to control packet sizes. Many popular application based VPN encapsulates packets by TCP or UDP. However, TCP cannot control packet sizes strictly. Though UDP can control packet sizes without difficulty, does not ensure reliable data transmission. A secure application based VPN requires a protocol that can control packet sizes strictly and can ensure reliable data transmission in untrusted networks. SCTP (Stream Control Transmission Protocol) is a suitable solution for these requirements. This paper proposes the behavior shaver, an application based layer 3 VPN that conceals traffic patterns using SCTP. The results of experiments show the performance.","PeriodicalId":196401,"journal":{"name":"2010 International Conference on Broadband, Wireless Computing, Communication and Applications","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Broadband, Wireless Computing, Communication and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BWCCA.2010.152","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

In recent years, distributed systems are connected by VPN (Virtual Private Network) through the Internet, and construct complicated information systems. These information systems bring benefit and security risks to many users. Representative security risks, vulnerabilities are closely related to application software installed in information systems. If a malicious adversary identifies the application software, he can seek the vulnerabilities easily. Thus, to ensure security of information systems, it is necessary to conceal application software installed in information systems. On the other hand, some attempts have been proposed to identify application software or protocol without scanning the payload. These proposed methods can analyze encrypted traffic, because the methods scan traffic patterns such as packet sizes and transmission intervals. While there are some legitimate uses for encrypted traffic analysis, these methods also raise problems about the confidentiality of encrypted traffic. Many researchers proposed countermeasures against traffic analysis to ensure anonymity in a public network. They indicated how to alter traffic patterns in the main. However, a few researcher indicated how to implement the method. Indeed, though previous VPN applications protect payloads against an eavesdropper, do not conceal side channel information including traffic patterns. Our work applies these proposed countermeasures and shows how to implement a secure VPN application that conceals traffic patterns. To alter traffic patterns, it is necessary to control packet sizes. Many popular application based VPN encapsulates packets by TCP or UDP. However, TCP cannot control packet sizes strictly. Though UDP can control packet sizes without difficulty, does not ensure reliable data transmission. A secure application based VPN requires a protocol that can control packet sizes strictly and can ensure reliable data transmission in untrusted networks. SCTP (Stream Control Transmission Protocol) is a suitable solution for these requirements. This paper proposes the behavior shaver, an application based layer 3 VPN that conceals traffic patterns using SCTP. The results of experiments show the performance.

查看原文本刊更多论文

行为剃须刀:基于应用程序的第三层VPN，使用SCTP隐藏流量模式

近年来，分布式系统通过Internet通过VPN (Virtual Private Network)进行连接，构建了复杂的信息系统。这些信息系统给许多用户带来了利益和安全风险。具有代表性的安全风险、漏洞与信息系统中安装的应用软件密切相关。如果恶意攻击者识别了应用软件，他就可以很容易地找到漏洞。因此，为了保证信息系统的安全，有必要对信息系统中安装的应用软件进行隐藏。另一方面，已经提出了一些不扫描有效负载就可以识别应用软件或协议的尝试。这些方法可以分析加密的流量，因为这些方法扫描流量模式，如数据包大小和传输间隔。虽然加密流量分析有一些合法的用途，但这些方法也引起了加密流量的机密性问题。许多研究人员提出了对抗流量分析的对策，以确保公共网络中的匿名性。他们指出如何大体上改变交通模式。然而，一些研究者指出了如何实现该方法。事实上，尽管以前的VPN应用程序保护有效负载免受窃听者的攻击，但并不隐藏包括流量模式在内的侧信道信息。我们的工作应用了这些建议的对策，并展示了如何实现一个隐藏流量模式的安全VPN应用程序。为了改变流量模式，有必要控制数据包大小。许多流行的基于VPN的应用都采用TCP或UDP封装数据包。但是，TCP不能严格控制数据包的大小。虽然UDP可以很容易地控制数据包的大小，但不能保证可靠的数据传输。基于安全应用的VPN需要一个严格控制报文大小的协议，保证在非信任网络中数据的可靠传输。SCTP(流控制传输协议)是满足这些需求的合适解决方案。本文提出了一种基于应用程序的第三层VPN，使用SCTP隐藏流量模式。实验结果表明了该方法的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 International Conference on Broadband, Wireless Computing, Communication and Applications

自引率

0.00%

发文量