NetCamo Camouflaging network traffic at right time and right place

Slides:

Advertisements

Similar presentations

Encrypting Wireless Data with VPN Techniques

Advertisements

Texas A&M University Page 1 10/10/2014 5:19:49 PM Real-Time Traffic Modeling and its Application in Network Camouflaging W ei Zhao, Riccardo Bettati, Nitin.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

UWB UWB: High speed(>100Mbps), small area(WPAN), accurate positioning and distance measuring. Blue tooth: although it’s low speed, it has a more mature.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.

Denial of Service in Sensor Networks Szymon Olesiak.

Guide to Network Defense and Countermeasures Second Edition

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.

CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.

1 EL736 Communications Networks II: Design and Algorithms Class3: Network Design Modeling Yong Liu 09/19/2007.

Sponsored by the U.S. Department of Defense © 2005 by Carnegie Mellon University 1 Pittsburgh, PA Dennis Smith, David Carney and Ed Morris DEAS.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

1 EE 400 Asynchronous Transfer Mode (ATM) Abdullah AL-Harthi.

IPv6 and Overlays EE122 Introduction to Communication Networks Discussion Section.

1IMIC, 8/30/99 Constraint-Based Unicast and Multicast: Practical Issues Bala Rajagopalan NEC C&C Research Labs Princeton, NJ

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

Objectives Keep network activity anonymous and unobservable Provide QoS-guaranteed communication services Be upward and downward compatible with existing.

TAMU and NSWC July Objectives Keep network activity anonymous and unobservable Provide QoS-guaranteed communication services Be upward and downward.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Stealth Probing: Efficient Data- Plane Security for IP Routing Ioannis Avramopoulos Princeton University Joint work with Jennifer Rexford.

The Future of the Internet Jennifer Rexford ’91 Computer Science Department Princeton University

Building a Strong Foundation for a Future Internet Jennifer Rexford ’91 Computer Science Department (and Electrical Engineering and the Center for IT Policy)

Intrusion Detection System Marmagna Desai [ 520 Presentation]

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.

Network Topologies.

Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.

Network Planning & Capacity Management Frank Yeong-Sung Lin ( 林永松 ) Department of Information Management National Taiwan University Taipei, Taiwan, R.O.C.

Self-Organizing Adaptive Networks Hari Balakrishnan MIT Laboratory for Computer Science

Mobile IP Seamless connectivity for mobile computers.

Traffic Analysis Prevention Chris Conger CIS6935 – Cryptographic Protocols 11/16/2004.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Welcome to the Human Network Matt Duke 11/29/06.

Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.

A Mobile-IP Based Mobility System for Wireless Metropolitan Area Networks Chung-Kuo Chang; Parallel Processing, ICPP 2005 Workshops. International.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Happy Network Administrators  Happy Packets  Happy Users WIRED Position Statement Aman Shaikh AT&T Labs – Research October 16,

Chapter 1. Introduction. By Sanghyun Ahn, Deot. Of Computer Science and Statistics, University of Seoul A Brief Networking History §Internet – started.

Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.

Secure Sensor Data/Information Management and Mining Bhavani Thuraisingham The University of Texas at Dallas October 2005.

1 HAWAII- Handoff-Aware Wireless Access Internet Infrastructure Reporter ： Jing-Shiuan Hua Date ： 2005/4/26.

VPN. What is VPN An arrangement that provides connections between: An arrangement that provides connections between: –Offices –remote workers and –the.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.

Adaptive Web Caching CS411 Dynamic Web-Based Systems Flying Pig Fei Teng/Long Zhao/Pallavi Shinde Computer Science Department.

1 Presentation_ID © 1999, Cisco Systems, Inc. Cisco All-IP Mobile Wireless Network Reference Model Presentation_ID.

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

Resilient Overlay Networks Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS

APPLICATION LAYER MULTICASTING

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.

Computer networks Internet, Intranet, Extranet, Lan, Wan, characteristics and differences.

Securing Real-time Communication Services in Large Scale Networks Dong Xuan Dept. of Computer and Information Science Ohio-state University

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

Muhammad Mahmudul Islam Ronald Pose Carlo Kopp School of Computer Science & Software Engineering Monash University Australia.

Making the Neutral Traffic Matrix More Meaningful Joseph Choi.

SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.

Challenges in the Next Generation Internet Xin Yuan Department of Computer Science Florida State University

Making the Neutral Traffic Matrix More Meaningful Joseph Choi.

Confidentiality using Conventional Encryption Chapter 5.

K. Salah1 Security Protocols in the Internet IPSec.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.

USHA: A Practical Vertical Handoff Solution Ling-Jyh Chen, Tony Sun, Mario Gerla Computer Science Department, UCLA.

Jia Uddin Embedded System Lab.  MPLS  IMANET  IMANET network model  Proposed model of IMANET with MPLS  Conclusion.

1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.

CIS 700-5: The Design and Implementation of Cloud Networks

CONTRA Camouflage of Network Traffic to Resist Attack (Intrusion Tolerance Using Masking, Redundancy and Dispersion) DARPA OASIS PI Meeting – Hilton Head.

Net 412 (Practical Part) Networks and Communication Department LAB 2.

Chapter 8: Monitoring the Network

VPN: Virtual Private Network

Presentation transcript:

NetCamo Camouflaging network traffic at right time and right place Y. Guan, X. Fu, R. Bettati and W. Zhao Department of Computer Science Texas A&M University http://www.cs.tamu.edu/research/realtime June 6, 2000 Title: Efficient Traffic Camouflaging in Mission Critical QoS guaranteed Networks

Motivations It is often thought that communication may be secured by encrypting the traffic, but this has rarely been adequate in practice. Encryption makes crypto-analysis very difficult, if not impossible. E.g., IPsec makes content of the traffic inaccessible. 85% of the IP traffic will be encrypted in the near future. (VPN, SSL, etc.) An encrypted email message between a customer service center and its ordinary user is not under suspicion, however, the one between an employee of a defense contractor and the embassy of a hostile power has obvious implication. The changes of traffic pattern between the military command center and some military units under different alertness states often indicate some meaningful information to the observers. Traffic analysis can still be used to trace the user’s on-line/off-line periods, uncover the location of military command center, determine operation mode or alertness state of military units, and analyze the intentions of communications.

Mission Critical Environment Applications Flight Control System Supervisory Command and Control of defense system Hiper-D system (NSWC) ... Security Quality of Service

Objectives Keep network traffic pattern unobservable Provide QoS-guaranteed communication services Be upward and downward compatible with existing operating systems, applications, and network technologies Be scalable and evolutionary

Basic Model Features of IP-based network Header of the packet are readable by an observer. The underlying routing subsystem determines unique path between any pairs of hosts. Basic theorem: If the traffic entering into and exiting from each host is stable, all the traffic in the system are stable.

Example Stable Traffic Pattern Matrix Existing Traffic Pattern Matrix The Existing traffic pattern among the hosts are: Host1 Host2 Host3 Host4 Host 1 0 0 3MB/sec 3MB/sec Host 2 3MB/sec 0 3MB/sec 3MB/sec Host 3 2MB/sec 0MB/sec 0 2MB/sec Host 4 3MB/sec 3MB/sec 3MB/sec 0 Existing Traffic Pattern Matrix The stable traffic pattern among the hosts are: Host1 Host2 Host3 Host4 Host 1 0 3MB/sec 3MB/sec 3MB/sec Host 2 3MB/sec 0 3MB/sec 3MB/sec Host 3 3MB/sec 3MB/sec 0 3MB/sec Host 4 3MB/sec 3MB/sec 3MB/sec 0 Stable Traffic Pattern Matrix

Traffic Padding Flooding the network at right place and right time to make it appear to be constant rate network Challenge: How much? For link j, Si Fi,j( I ) + Sj( I ) = C(I) ?

Traffic Rerouting Indirect delivery of packets Challenge: How to reroute the traffic? Real Traffic: 5MB/sec from H3 to H2 H1 H2 H4 H3 3MB/sec 1MB/sec

QoS guarantee Traffic Padding and Rerouting Challenge: Can we still guarantee real-time delay bound? For for connection j, Si di,,j, < Dj

Approaches Traffic camouflaging: host-based rerouting and traffic padding based on real-time traffic modeling theory. Real-time communication: providing end-to-end delay guaranteed services to applications while having traffic camouflaged A middle-ware solution: achieving effectiveness, compatibility, and scalability

Traffic Planning: Correctness Constraints Stabilization Constraints Link Capacity Constraints

Traffic Planning: Correctness Constraints (cont.) Conservation Constraints Delay Constraints

Extensions Scalability Easy deployment Hierarchical Model: Intra-domain and Inter-domain Easy deployment Appliance-based method Domain 1 Domain 2 Domain 3

NetCamo System Architecture NetCamo Traffic Manager Host Host NetCamo Network Controller API API H323 NetCamo Traffic Manager H323 Applications Client Applications Client Router Agent Router Agent NetCamo Host Controller Host Agent Host Agent NetCamo Host Controller Host Manager Host Manager Network Traffic Controller Traffic Controller Router Router

NetCamo Traffic Planner

NetCamo Traffic Controller

Status April 2000: Pre-release version * Support both CBR and VBR traffic * Support a fixed cover mode * Support a fixed sensor period for traffic padding * Support real-time monitoring August 2000: b version: * Support multiple cover modes * Support an adaptive sensor period for traffic padding * Support a semi-automatic traffic modeling tool * Provide installation and maintenance services August 2000: Integration with HiPer-D system (NSWC)

Network Camouflaging & QoS-guaranteed Service Camouflage network elements and activity (wired and wireless) Host, router and switch Location Liveliness Movement traces Connectivity Connection VPN tunnel Topology Traffic pattern QoS guaranteed Deterministic QoS service Statistical QoS service

Camouflaging, Concealment, and Decoy in Cyber Space Means Packet Conn. Traffic Router Topology Op Mode Hide Blend Encryption Flooding Disguising ? Neutral mode Disrupting Re-routing ? Decoy Multiple cover modes

A new field! Much work to be done! Summary Current NetCamo system is the first step! We achieve our goal in a controlled way that traffic analysis prevention and QoS guaranteed service are obtained at the same time. We are working in this new research field, whose essence lies in hiding and camouflaging the information about the network in order to make it anonymous and unobservable. A new field! Much work to be done!