| Author | Sadeghi, Ahmad-Reza; Schulz, Steffen; Varadharajan, Vijay |
|---|
| Date | 2012 |
|---|
| Type | Conference Proceedings |
|---|
| Abstract | Virtual Private Networks (VPNs) are increasingly used to
build logically isolated networks. However, existing VPN designs and
deployments neglect the problem of traffic analysis and covert channels.
Hence, there are many ways to infer information from VPN traffic with-
out decrypting it. Many proposals were made to mitigate network covert
channels, but previous works remained largely theoretical or resulted in
prohibitively high padding overhead and performance penalties.
In this work, we (1) analyse the impact of covert channels in IPsec,
(2) present several improved and novel approaches for covert channel mit-
igation in IPsec, (3) propose and implement a system for dynamic perfor-
mance trade-offs, and (4) implement our design in the Linux IPsec stack
and evaluate its performance for different types of traffic and mitigation
policies. At only 24% overhead, our prototype enforces tight information-
theoretic bounds on all information leakage. |
|---|
| Isbn | 978-3-642-33166-4 |
|---|
| Serie | Lecture Notes in Computer Science |
|---|
| In | European Symposium on Research in Computer Science (ESORICS), p.253-270 |
|---|
| Publisher | Springer Verlag |
|---|
| Partn | TUD-CS-2012-0117 |
|---|
| Url | https://tubiblio.ulb.tu-darmstadt.de/id/eprint/104342 |
|---|
