TU Darmstadt / ULB / TUbiblio

The Silence of the LANs: Efficient Leakage Resilience for IPsec VPNs

Sadeghi, Ahmad-Reza ; Schulz, Steffen ; Varadharajan, Vijay
Foresti, Sara ; Yung, Moti (eds.) :

The Silence of the LANs: Efficient Leakage Resilience for IPsec VPNs.
In: LNCS . Springer Verlag
[Konferenz- oder Workshop-Beitrag] , (2012)

Kurzbeschreibung (Abstract)

Virtual Private Networks (VPNs) are increasingly used to build logically isolated networks. However, existing VPN designs and deployments neglect the problem of traffic analysis and covert channels. Hence, there are many ways to infer information from VPN traffic with- out decrypting it. Many proposals were made to mitigate network covert channels, but previous works remained largely theoretical or resulted in prohibitively high padding overhead and performance penalties. In this work, we (1) analyse the impact of covert channels in IPsec, (2) present several improved and novel approaches for covert channel mit- igation in IPsec, (3) propose and implement a system for dynamic perfor- mance trade-offs, and (4) implement our design in the Linux IPsec stack and evaluate its performance for different types of traffic and mitigation policies. At only 24% overhead, our prototype enforces tight information- theoretic bounds on all information leakage.

Typ des Eintrags: Konferenz- oder Workshop-Beitrag (Keine Angabe)
Erschienen: 2012
Herausgeber: Foresti, Sara ; Yung, Moti
Autor(en): Sadeghi, Ahmad-Reza ; Schulz, Steffen ; Varadharajan, Vijay
Titel: The Silence of the LANs: Efficient Leakage Resilience for IPsec VPNs
Sprache: Deutsch
Kurzbeschreibung (Abstract):

Virtual Private Networks (VPNs) are increasingly used to build logically isolated networks. However, existing VPN designs and deployments neglect the problem of traffic analysis and covert channels. Hence, there are many ways to infer information from VPN traffic with- out decrypting it. Many proposals were made to mitigate network covert channels, but previous works remained largely theoretical or resulted in prohibitively high padding overhead and performance penalties. In this work, we (1) analyse the impact of covert channels in IPsec, (2) present several improved and novel approaches for covert channel mit- igation in IPsec, (3) propose and implement a system for dynamic perfor- mance trade-offs, and (4) implement our design in the Linux IPsec stack and evaluate its performance for different types of traffic and mitigation policies. At only 24% overhead, our prototype enforces tight information- theoretic bounds on all information leakage.

Buchtitel: European Symposium on Research in Computer Science (ESORICS)
Reihe: LNCS
Verlag: Springer Verlag
Freie Schlagworte: Secure Things;Secure Models
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Fachbereich Informatik > EC SPRIDE
Hinterlegungsdatum: 04 Aug 2016 10:13
ID-Nummer: TUD-CS-2012-0117
Verwandte URLs:
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen