Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
IA&S TP2.1.1, Yong Guan, et. al., Texas A&M U. Camouflaging network traffic at right time and right place Y. Guan, X. Fu, R. Bettati and W. Zhao Department of Computer Science Texas A&M University http://www.cs.tamu.edu/research/realtime June 6, 2000 Title: Efficient Traffic Camouflaging in Mission Critical QoS guaranteed Networks IA&S TP2.1.2, Yong Guan, et. al., Texas A&M U. Motivations It is often thought that communication may be secured by encrypting the traffic, but this has rarely been adequate in practice. Encryption makes crypto-analysis very difficult, if not impossible. – E.g., IPsec makes content of the traffic inaccessible. – 85% of the IP traffic will be encrypted in the near future. (VPN, SSL, etc.) An encrypted email message between a customer service center and its ordinary user is not under suspicion, however, the one between an employee of a defense contractor and the embassy of a hostile power has obvious implication. The changes of traffic pattern between the military command center and some military units under different alertness states often indicate some meaningful information to the observers. Traffic analysis can still be used to trace the user’s on-line/off-line periods, uncover the location of military command center, determine operation mode or alertness state of military units, and analyze the intentions of communications. IA&S TP2.1.3, Yong Guan, et. al., Texas A&M U. Mission Critical Environment Applications – – – – Flight Control System Supervisory Command and Control of defense system Hiper-D system (NSWC) ... Security Quality of Service IA&S TP2.1.4, Yong Guan, et. al., Texas A&M U. Objectives Keep network traffic pattern unobservable Provide QoS-guaranteed communication services Be upward and downward compatible with existing operating systems, applications, and network technologies Be scalable and evolutionary IA&S TP2.1.5, Yong Guan, et. al., Texas A&M U. Basic Model Features of IP-based network • Header of the packet are readable by an observer. • The underlying routing subsystem determines unique path between any pairs of hosts. Basic theorem: If the traffic entering into and exiting from each host is stable, all the traffic in the system are stable. Host 1 Host 3 Router A Router C Router B Router D Host 4 Host 2 Fig. 1 Network Topology Host 1 Host 3 Host 2 Host 4 Fig. 2 Fully Connected Directed Graph IA&S TP2.1.6, Yong Guan, et. al., Texas A&M U. Example 0 0 3 3 3 0 3 3 A 2 0 0 2 3 3 3 0 Existing Traffic Pattern Matrix The Existing traffic pattern among the hosts are: Host1 Host 1 Host 2 Host 3 Host 4 0 3MB/sec 2MB/sec 3MB/sec Host2 0 0 0MB/sec 3MB/sec Host3 Host4 3MB/sec 3MB/sec 3MB/sec 3MB/sec 0 2MB/sec 3MB/sec 0 The stable traffic pattern among the hosts are: Host 1 Host 2 Host 3 Host 4 0 3 A 2 3 Host1 Host2 Host3 Host4 0 3MB/sec 3MB/sec 3MB/sec 3MB/sec 0 3MB/sec 3MB/sec 3MB/sec 3MB/sec 0 3MB/sec 3MB/sec 3MB/sec 3MB/sec 0 0 3 3 0 3 3 0 0 2 2 3 0 Manipulation New Connection (H3 to H2) 5 MB/sec 0 3 2 3 0 3 3 0 0 3 3 0 3 0 2 1 2 3 0 0 Direct 1 0 0 0 0 0 0 0 + 0 0 1 0 1 0 0 0 Host-based Rerouting 0 3 B 3 3 3 0 3 3 3 3 0 3 3 3 3 0 Stable Traffic Pattern Matrix 2 0 0 0 0 0 . 0 0 0 0 0 0 Padding IA&S TP2.1.7, Yong Guan, et. al., Texas A&M U. Traffic Padding Flooding the network at right place and right time to make it appear to be constant rate network ? Challenge: How much? ? For link j, Si Fi,j( I ) + Sj( I ) = C(I) ? IA&S TP2.1.8, Yong Guan, et. al., Texas A&M U. Traffic Rerouting Indirect delivery of packets Challenge: How to reroute the traffic? Real Traffic: 5MB/sec from H3 to H2 H1 H4 1MB/sec H2 1MB/sec 3MB/sec H3 IA&S TP2.1.9, Yong Guan, et. al., Texas A&M U. QoS guarantee Traffic Padding and Rerouting Challenge: Can we still guarantee real-time delay bound? For for connection j, Si di,,j, < Dj IA&S TP2.1.10, Yong Guan, et. al., Texas A&M U. Approaches Traffic camouflaging: host-based rerouting and traffic padding based on real-time traffic modeling theory. Real-time communication: providing end-to-end delay guaranteed services to applications while having traffic camouflaged A middle-ware solution: compatibility, and scalability achieving effectiveness, IA&S TP2.1.11, Yong Guan, et. al., Texas A&M U. Traffic Planning: Correctness Constraints • Stabilization Constraints f ij c uv 1 u,v n Or f ij b uv 1 u,v n ij ij bij , (1) , (2) where 0 cij bij , ,0 f uv ij bij , bij is an element of the stable traffic matrix B, for 1 i, j n . • Link Capacity Constraints n b j 1 ij n b i 1 ij the capacity of the output link from host i. (3) the capacity of the input link into host j. (4) These conditions make sure that no bandwidth capacities are exceeded. IA&S TP2.1.12, Yong Guan, et. al., Texas A&M U. Traffic Planning: Correctness Constraints (cont.) • Conservation Constraints For each node v i, j , f uv f vu 0 uvE ij vuE ij (5) For node v i , where host i is the source of the traffic, f vu a vuE ij ij (6) For node v j , where host j is the destination of the traffic, f uv a uvE ij ij (7) • Delay Constraints d ijW C DLij for all the traffic flows in the real demand traffic matrix. (8) IA&S TP2.1.13, Yong Guan, et. al., Texas A&M U. Extensions Scalability – Hierarchical Model: Intra-domain and Inter-domain Domain 1 Domain 2 Domain 3 Easy deployment – Appliance-based method IA&S TP2.1.14, Yong Guan, et. al., Texas A&M U. NetCamo System Architecture Host Host H 3 2 3 NetCamo Traffic Manager A P I NetCamo Host Controller Router Agent Host Agent Router Agent Host Agent Host Manager A P I H 3 2 3 NetCamo Host Controller Host Manager Network Traffic Controller Router Router Client Applications Client Applications NetCamo Network Controller Traffic Controller IA&S TP2.1.15, Yong Guan, et. al., Texas A&M U. NetCamo Traffic Planner IA&S TP2.1.16, Yong Guan, et. al., Texas A&M U. NetCamo Traffic Controller IA&S TP2.1.17, Yong Guan, et. al., Texas A&M U. Status April 2000: Pre-release version * Support both CBR and VBR traffic * Support a fixed cover mode * Support a fixed sensor period for traffic padding * Support real-time monitoring August 2000: b version: * Support multiple cover modes * Support an adaptive sensor period for traffic padding * Support a semi-automatic traffic modeling tool * Provide installation and maintenance services August 2000: Integration with HiPer-D system (NSWC) IA&S TP2.1.18, Yong Guan, et. al., Texas A&M U. Network Camouflaging & QoSguaranteed Service Camouflage network elements and activity (wired and wireless) –Host, router and switch •Location •Liveliness •Movement traces –Connectivity •Connection •VPN tunnel –Topology –Traffic pattern QoS guaranteed –Deterministic QoS service –Statistical QoS service IA&S TP2.1.19, Yong Guan, et. al., Texas A&M U. Camouflaging, Concealment, and Decoy in Cyber Space Means Packet Conn. Traffic Router Topology Op Mode Hide Blend Encryption Flooding Disguising Disrupting Decoy ? Re-routing Neutral mode ? Multiple cover modes IA&S TP2.1.20, Yong Guan, et. al., Texas A&M U. Summary Current NetCamo system is the first step! We achieve our goal in a controlled way that traffic analysis prevention and QoS guaranteed service are obtained at the same time. We are working in this new research field, whose essence lies in hiding and camouflaging the information about the network in order to make it anonymous and unobservable. A new field! Much work to be done!