Presentation is loading. Please wait.

Presentation is loading. Please wait.

Performance Analysis of Real Traffic Carried with Encrypted Cover Flows Nabil Schear David M. Nicol University of Illinois at Urbana-Champaign Department.

Published byAdela Palmer Modified over 8 years ago

Similar presentations

Presentation on theme: "Performance Analysis of Real Traffic Carried with Encrypted Cover Flows Nabil Schear David M. Nicol University of Illinois at Urbana-Champaign Department."— Presentation transcript:

1 Performance Analysis of Real Traffic Carried with Encrypted Cover Flows Nabil Schear David M. Nicol University of Illinois at Urbana-Champaign Department of Computer Science Information Trust Institute 4 June 2008

2 2 Network Session Encryption SSL, IPsec – widespread use –Provide strong confidentiality through encryption –I depend on SSL daily…so probably do you! But, session encryption does not mask packet sizes and timing –For performance reasons Privacy can be breached by traffic analysis attacks

3 3 Traffic Analysis Example Attack Your Computer Encrypt 29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U @)$*(KJFA;KDJA On-line Bank GET /request? myacccount. Transfer.html HTTP/1.1 29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U @)$*(KJFA;KDJA Decrypt Attacker’s Vantage Point Port: 443… Small message… Request! 29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U @)$*(KJFA;KDJA 29874ABA.XM.FJ DFALAPDJFA.MF 23$*(KJFA;KDJA 29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U @)$*(KJFA;KDJA Encrypt Your Transfer Request Page 29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U @)$*(KJFA;KDJA 29874ABA.XM.FJ DFALAPDJFA.MF 23$*(KJFA;KDJA 29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U @)$*(KJFA;KDJA Response of length 14328 bytes Fund Transfer Page! Decrypt Requested money Transfer for the Amount of $3000 Do you wish to Accept?

4 4 Traffic Analysis Example Attack Your Computer Encrypt 29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U @)$*(KJFA;KDJA On-line Bank GET /request? myacccount. Transfer.html HTTP/1.1 29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U @)$*(KJFA;KDJA Decrypt Attacker’s Vantage Point Port: 443… Small message… Request! 29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U @)$*(KJFA;KDJA 29874ABA.XM.FJ DFALAPDJFA.MF 23$*(KJFA;KDJA 29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U @)$*(KJFA;KDJA Encrypt Your Transfer Request Page 29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U @)$*(KJFA;KDJA 29874ABA.XM.FJ DFALAPDJFA.MF 23$*(KJFA;KDJA 29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U @)$*(KJFA;KDJA Response of length 14328 bytes Fund Transfer Page! Decrypt Requested money Transfer for the Amount of $3000 Do you wish to Accept? Attacker saw no content BUT still knows what you did

5 5 Our Approach: Mimicry Tunneling over independent cover traffic –Independent packet size and timing –Attacker can’t tell which packets have data and which are cover because of encryption Use model to generate plausible cover traffic Who needs this? –Spies, dissidents, whistle blowers, privacy advocates

6 6 Performance Analysis Explore the properties of our technique with simulation and analytic modeling Questions: –Impact on user experience: delay and throughput? –Overhead over standard transmission? –Is this feasible with disparate traffic patterns? Can we assess these impacts by using data-driven models of tunnel-free network behavior, and analytic models of tunneling?

7 7 Outline Simulation –Results Analytic Model –Evaluating delay and model validation –Slowdown –Stability Future work and conclusions

8 8 Simulation Design Use Flows: model the system with request/response pairs (TCP) Cover traffic runs continuously with delay between flows Real traffic starts some time into simulation –Consumes as much space in cover messages as is available –May have to wait for multiple cover sessions

9 9 SSFNet Implementation 100 Mbit/s 50 ms delay 1.5 Mbit/s 20 ms delay 1.5 Mbit/s 20 ms delay client server Measured native https data suggests 4 traffic classes –Request –Text –Graphics –Heavy Built SSFNet model of real over cover flows based on real prototype implementation Request size (both flows) sampled same distribution Separate traffic type distribution assigned cover, real

10 10 Results Notable trends –Real text decreases with cover intensity –Others increase with cover intensity –Throughput degradation runs 65% - 85%

11 11 Analytic Model Using what we learned from simulation, what can we discover with a model? –Validation Compare against simulation data –Slowdown Ratio of time to deliver tunneled real traffic vs. native real traffic delivery –Stability Whether cover traffic keep up with real traffic

12 12 Modeling Cover Sessions Simplify : imagine only response sessions Cover traffic behavior in time is “on-off” renewal time Data onoffon off

13 13 Modeling Cover Sessions Simplify : imagine only response sessions Cover traffic behavior in time is “on-off” renewal time onoffon off Off time distribution assumed to be exponential, mean time Data onoffon off

14 14 Modeling Cover Sessions Simplify : imagine only response sessions Cover traffic behavior in time is “on-off” renewal time onoffon off On time comprised of random number of Kbytes - geometrically distributed, mean - transfer time per Kbyte time Data onoffon off

15 15 Modeling Cover Sessions Simplify : imagine only response sessions Cover traffic behavior in time is “on-off” renewal time onoffon off Random on time is scaled geometric, mean Renewal theory gives us Pr{state is “on”} = E[on] / (E[on]+E[off]) time Data onoffon off

16 16 Modeling Real Sessions Real sessions model users –Assume “think time” then interaction Wait for interaction to complete time real session off Off time distribution assumed to be exponential, mean

17 17 Modeling Real Sessions time real session Multiple Components to the on time 1. time spent tunneling 2. real traffic arrives between cover sessions 3. real traffic overruns cover session Both 2 and 3 have to wait for new session cover session on

18 18 Validation Predictions of model validated against data gathered from simulator –Values of estimated from data –Important to understand that per kilobyte transfer costs depend on session lengths, background traffic---and are independent of tunneling Can be obtained from –Network trace data –Detailed network simulation –Key thing is that these parameters don’t depend on tunneling…but can be used to explain tunneling

19 19 Validation Results Used SSFNet simulation to derive network parameters % difference is very small –With accurate parameters from network We use the model to predict mean delay

20 20 Understanding Slowdown Performance at extremes –Waiting time is minimized, slowdown due to –Slowdown due to waiting for cover session to begin and final one to end All params equal, slowdown is ~3x –Sum of three geometrics: waiting, carrying, and final Slowdown = when

21 21 Stability If tunnel overhead is too large, real traffic will never catch up Tunneling as a service: G/G/1 queue –Job inter-arrival time is a native real flow’s –Service Time is E[On] Simplified param space: and

22 22 Future Work Finish real implementation and evaluation Multiple cover sessions per real flow? Trade-off between privacy and performance?

23 23 Conclusions Enhancing the privacy of encrypted traffic Used simulation and modeling to understand effects –Use real traffic measurements to find params for model –Measurements don’t have any concept of tunneling Simulation plus analytic model powerful But only together…

Download ppt "Performance Analysis of Real Traffic Carried with Encrypted Cover Flows Nabil Schear David M. Nicol University of Illinois at Urbana-Champaign Department."

Similar presentations

SCTP v/s TCP – A Comparison of Transport Protocols for Web Traffic CS740 Project Presentation by N. Gupta, S. Kumar, R. Rajamani.

SCTP v/s TCP – A Comparison of Transport Protocols for Web Traffic CS740 Project Presentation by N. Gupta, S. Kumar, R. Rajamani.
Chapter 7: Transport Layer

Chapter 7: Transport Layer
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
Delay and Throughput in Random Access Wireless Mesh Networks Nabhendra Bisnik, Alhussein Abouzeid ECSE Department Rensselaer Polytechnic Institute (RPI)

Delay and Throughput in Random Access Wireless Mesh Networks Nabhendra Bisnik, Alhussein Abouzeid ECSE Department Rensselaer Polytechnic Institute (RPI)
Copyright © 2005 Department of Computer Science CPSC 641 Winter 20111 PERFORMANCE EVALUATION Often in Computer Science you need to: – demonstrate that.

Copyright © 2005 Department of Computer Science CPSC 641 Winter PERFORMANCE EVALUATION Often in Computer Science you need to: – demonstrate that.
Silberschatz, Galvin and Gagne  2002 Modified for CSCI 399, Royden, 2005 6.1 Operating System Concepts Operating Systems Lecture 19 Scheduling IV.

Silberschatz, Galvin and Gagne  2002 Modified for CSCI 399, Royden, Operating System Concepts Operating Systems Lecture 19 Scheduling IV.
Admission Control and Scheduling for QoS Guarantees for Variable-Bit-Rate Applications on Wireless Channels I-H. Hou and P.R. Kumar Department of Computer.

Admission Control and Scheduling for QoS Guarantees for Variable-Bit-Rate Applications on Wireless Channels I-H. Hou and P.R. Kumar Department of Computer.
PERSISTENT DROPPING: An Efficient Control of Traffic Aggregates Hani JamjoomKang G. Shin Electrical Engineering & Computer Science UNIVERSITY OF MICHIGAN,

PERSISTENT DROPPING: An Efficient Control of Traffic Aggregates Hani JamjoomKang G. Shin Electrical Engineering & Computer Science UNIVERSITY OF MICHIGAN,
An Empirical Study of Real Audio Traffic A. Mena and J. Heidemann USC/Information Sciences Institute In Proceedings of IEEE Infocom Tel-Aviv, Israel March.

An Empirical Study of Real Audio Traffic A. Mena and J. Heidemann USC/Information Sciences Institute In Proceedings of IEEE Infocom Tel-Aviv, Israel March.
On Modeling Feedback Congestion Control Mechanism of TCP using Fluid Flow Approximation and Queuing Theory  Hisamatu Hiroyuki Department of Infomatics.

On Modeling Feedback Congestion Control Mechanism of TCP using Fluid Flow Approximation and Queuing Theory  Hisamatu Hiroyuki Department of Infomatics.
AQM for Congestion Control1 A Study of Active Queue Management for Congestion Control Victor Firoiu Marty Borden.

AQM for Congestion Control1 A Study of Active Queue Management for Congestion Control Victor Firoiu Marty Borden.
1 PERFORMANCE EVALUATION H Often one needs to design and conduct an experiment in order to: – demonstrate that a new technique or concept is feasible –demonstrate.

1 PERFORMANCE EVALUATION H Often one needs to design and conduct an experiment in order to: – demonstrate that a new technique or concept is feasible –demonstrate.
OS Fall ’ 02 Performance Evaluation Operating Systems Fall 2002.

OS Fall ’ 02 Performance Evaluation Operating Systems Fall 2002.
SAVE: Source Address Validity Enforcement Protocol Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA Computer Science Dept 10/04/2001.

SAVE: Source Address Validity Enforcement Protocol Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA Computer Science Dept 10/04/2001.
1 Performance Evaluation of Computer Networks Objectives  Introduction to Queuing Theory  Little’s Theorem  Standard Notation of Queuing Systems  Poisson.

1 Performance Evaluation of Computer Networks Objectives  Introduction to Queuing Theory  Little’s Theorem  Standard Notation of Queuing Systems  Poisson.
A Model for MPEG with Forward Error Correction (FEC) and TCP-Friendly Bandwidth Huahui Wu, Mark Claypool & Robert Kinicki Computer Science Department Worcester.

A Model for MPEG with Forward Error Correction (FEC) and TCP-Friendly Bandwidth Huahui Wu, Mark Claypool & Robert Kinicki Computer Science Department Worcester.
Performance Evaluation

Performance Evaluation
Performance Evaluation of Peer-to-Peer Video Streaming Systems Wilson, W.F. Poon The Chinese University of Hong Kong.

Performance Evaluation of Peer-to-Peer Video Streaming Systems Wilson, W.F. Poon The Chinese University of Hong Kong.
Little’s Theorem Examples Courtesy of: Dr. Abdul Waheed (previous instructor at COE)

Little’s Theorem Examples Courtesy of: Dr. Abdul Waheed (previous instructor at COE)

Similar presentations

Ads by Google