Sadeghi, Ahmad-Reza ; Schulz, Steffen ; Varadharajan, Vijay (2012)
The Silence of the LANs: Efficient Leakage Resilience for IPsec VPNs (full version).
Report, Bibliographie
Abstract
Virtual Private Networks (VPNs) are increasingly used to build logically isolated networks. However, existing VPN designs and deployments neglect the problem of traffic analysis and covert channels. Hence, there are many ways to infer information from VPN traffic with- out decrypting it. Many proposals were made to mitigate network covert channels, but previous works remained largely theoretical or resulted in prohibitively high padding overhead and performance penalties. In this work, we (1) analyse the impact of covert channels in IPsec, (2) present several improved and novel approaches for covert channel mit- igation in IPsec, (3) propose and implement a system for dynamic perfor- mance trade-offs, and (4) implement our design in the Linux IPsec stack and evaluate its performance for different types of traffic and mitigation policies. At only 24% overhead, our prototype enforces tight information- theoretic bounds on all information leakage.
Item Type: | Report |
---|---|
Erschienen: | 2012 |
Creators: | Sadeghi, Ahmad-Reza ; Schulz, Steffen ; Varadharajan, Vijay |
Type of entry: | Bibliographie |
Title: | The Silence of the LANs: Efficient Leakage Resilience for IPsec VPNs (full version) |
Language: | German |
Date: | August 2012 |
Corresponding Links: | |
Abstract: | Virtual Private Networks (VPNs) are increasingly used to build logically isolated networks. However, existing VPN designs and deployments neglect the problem of traffic analysis and covert channels. Hence, there are many ways to infer information from VPN traffic with- out decrypting it. Many proposals were made to mitigate network covert channels, but previous works remained largely theoretical or resulted in prohibitively high padding overhead and performance penalties. In this work, we (1) analyse the impact of covert channels in IPsec, (2) present several improved and novel approaches for covert channel mit- igation in IPsec, (3) propose and implement a system for dynamic perfor- mance trade-offs, and (4) implement our design in the Linux IPsec stack and evaluate its performance for different types of traffic and mitigation policies. At only 24% overhead, our prototype enforces tight information- theoretic bounds on all information leakage. |
Uncontrolled Keywords: | Secure Things;Secure Models |
Identification Number: | TUD-CS-2012-0165 |
Divisions: | 20 Department of Computer Science 20 Department of Computer Science > System Security Lab Profile Areas Profile Areas > Cybersecurity (CYSEC) LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt 20 Department of Computer Science > EC SPRIDE |
Date Deposited: | 04 Aug 2016 10:13 |
Last Modified: | 03 Jun 2018 21:31 |
PPN: | |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Send an inquiry |
Options (only for editors)
Show editorial Details |