TU Darmstadt / ULB / TUbiblio

The Silence of the LANs: Efficient Leakage Resilience for IPsec VPNs

Sadeghi, Ahmad-Reza and Schulz, Steffen and Varadharajan, Vijay
Foresti, Sara and Yung, Moti and Martinelli, Fabio (eds.) :

The Silence of the LANs: Efficient Leakage Resilience for IPsec VPNs.
In: European Symposium on Research in Computer Science (ESORICS). Lecture Notes in Computer Science (7459). Springer Verlag, Berlin, Heidelberg , pp. 253-270. ISBN 978-3-642-33166-4
[Book Section] , (2012)

Abstract

Virtual Private Networks (VPNs) are increasingly used to build logically isolated networks. However, existing VPN designs and deployments neglect the problem of traffic analysis and covert channels. Hence, there are many ways to infer information from VPN traffic with- out decrypting it. Many proposals were made to mitigate network covert channels, but previous works remained largely theoretical or resulted in prohibitively high padding overhead and performance penalties. In this work, we (1) analyse the impact of covert channels in IPsec, (2) present several improved and novel approaches for covert channel mit- igation in IPsec, (3) propose and implement a system for dynamic perfor- mance trade-offs, and (4) implement our design in the Linux IPsec stack and evaluate its performance for different types of traffic and mitigation policies. At only 24% overhead, our prototype enforces tight information- theoretic bounds on all information leakage.

Item Type: Book Section
Erschienen: 2012
Editors: Foresti, Sara and Yung, Moti and Martinelli, Fabio
Creators: Sadeghi, Ahmad-Reza and Schulz, Steffen and Varadharajan, Vijay
Title: The Silence of the LANs: Efficient Leakage Resilience for IPsec VPNs
Language: English
Abstract:

Virtual Private Networks (VPNs) are increasingly used to build logically isolated networks. However, existing VPN designs and deployments neglect the problem of traffic analysis and covert channels. Hence, there are many ways to infer information from VPN traffic with- out decrypting it. Many proposals were made to mitigate network covert channels, but previous works remained largely theoretical or resulted in prohibitively high padding overhead and performance penalties. In this work, we (1) analyse the impact of covert channels in IPsec, (2) present several improved and novel approaches for covert channel mit- igation in IPsec, (3) propose and implement a system for dynamic perfor- mance trade-offs, and (4) implement our design in the Linux IPsec stack and evaluate its performance for different types of traffic and mitigation policies. At only 24% overhead, our prototype enforces tight information- theoretic bounds on all information leakage.

Title of Book: European Symposium on Research in Computer Science (ESORICS)
Series Name: Lecture Notes in Computer Science
Number: 7459
Place of Publication: Berlin, Heidelberg
Publisher: Springer Verlag
Uncontrolled Keywords: Secure Things;Secure Models
Divisions: Department of Computer Science
Department of Computer Science > System Security Lab
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Department of Computer Science > EC SPRIDE
Date Deposited: 04 Aug 2016 10:13
Identification Number: TUD-CS-2012-0117
Related URLs:
Export:

Optionen (nur für Redakteure)

View Item View Item