Presentation is loading. Please wait.

Presentation is loading. Please wait.

Making the Neutral Traffic Matrix More Meaningful Joseph Choi.

Published byShauna Gibbs Modified over 9 years ago

Similar presentations

Presentation on theme: "Making the Neutral Traffic Matrix More Meaningful Joseph Choi."— Presentation transcript:

1 Making the Neutral Traffic Matrix More Meaningful Joseph Choi

2 Goal: Hide Traffic Patterns from a Global Passive Adversary, who knows: Source and destination of all messages Number of messages passing along each link Assumptions of the Neutral Traffic Matrix Approach: Messages are indistinguishable Same message length The same message should not be resent Further assume: No node compromise by an attacker Fully connected graph (direct path between each pair of nodes)

3 Neutral Traffic Matrix Node 1 Node 2 Node 3... Node k Node 1 TM(1, 1)TM(1, 2)TM(1,3)...TM(1, k) Node 2 TM(2, 1)TM(2, 2)TM(2, 3)...TM(2, k) Node 3 TM(3, 1)TM(3, 2)TM(3, 3)...TM(3, k)... Node k TM(k, 1)TM(k, 2)TM(k, 3)...TM(k, k) Sender Receiver

4 Two nodes: Padding = send 1 more message from 2 to 1 RR = through oneself is not done Three nodes: Strictly padding = make each non-diagonal 3 (additional cost: 7) RR = Convert one of 2  1 into 2  3  1 [need +6 padding] (additional cost: 1RR + 6PAD = 7) Convert one of 3  1 into 3  2  1 [need +5 padding] (additional cost: 2RR + 5PAD = 7)

5 Splitting Transform Scheme 1 Consider two nodes: A and B A wishes to send one message, m, to B A splits m into two parts: m 1 and m 2 m 1 and m 2 are padded to reach full message length Each part of the split message behaves like a full message. m PADDINGm2m2 m1m1 m2m2 m1m1

6 Splitting by Scheme 1 Node 2 is sending 3 messages to Node 1 Take two messages, call them a & b Split a in half  Message a.1 & a.2 Split b in half  Message b.1 & b.2 Reroute a.2 and b.2 through node 3 Send a.1 and a.2 to node 1 directly.

7 Splitting by Scheme 1 Node 1 is sending 2 messages to Node 2 Take a message, call it a Split a in half  Message a.1 & a.2 Send a.1 directly; Reroute a.2 thru node 3 Node 1 is sending 2 messages to Node 3 Take a message, call it b Split b in half  Message b.1 & b.2 Send b.1 directly; Reroute b.2 thru node 2

8 Splitting Transform Scheme 2 Consider two nodes: A and B A wishes to send one message, m, to B A splits m into two parts: m 1 and m 2 m 1 and m 2 are not padded  remain ½ full length At least two messages must be split at once to get four halves, which are combined to form messages of the full length. m m2m2 m1m1 n n2n2 n1n1 m1m1 m2m2 n1n1 n2n2

9 Splitting by Scheme 2 Node 2 wants to send 3 msgs to Node 1 Node 2 wants to send 1 msg to Node 3 Split one of the messages directed to Node 1 and another message directed to Node 3. Interchange parts and send to 3 Perhaps then split A message from 3 to 1, and from 3 to 2. Interchange the parts and send to 2.

10 Splitting Complications Each part must ultimately be received by its destination – Effectively adds another layer of rerouting – Less flexibility than, say, sending dummy messages – Solution: Michael Rabin’s IDA (Information Dispersal Algorithm)? If splitting into more than 2 pieces In what order should messages be chosen for splitting? Specific to Scheme 1: – Link cost is only ever increased Specific to Scheme 2: – Recognize split messages at intermediate nodes

11 Every once in a while, nodes will negotiate the number of messages to be sent out in subsequent time windows One message sent by each node to all other nodes – Contains value: expected # of messages it intends to send nodes will send messages according to the minimum of these Alternative: Control Messages Pros:If nodes regularly send many messages to every other node, then one more will be tolerable no need to send dummy messages Cons:If node activity is usually low, this adds considerable cost

12 Resources: Richard E. Newman, Ira S. Moskowitz, Paul Syverson and Andrei Serjantov. “Metrics for Traffic Analysis Prevention,” In PET 2003, Dresden, March 2003. R.E. Newman-Wolfe and B.R. Venkatraman. “High Level Prevention of Traffic Analysis,” Seventh Annual Computer Security and Applications Conference, San Antonio, Texas, December 2-6, 1991, pp. 102-109. B.R. Venkatraman and R.E. Wolfe. “Capacity Estimation and Auditability of Network Covert Channels,” 1995 IEEE Computer Society Symp. Security and Privacy, pp. 186- 198. X. Fu, B. Graham, Y. Guan, R. Bettati and W. Zhao. “NetCamo: Camouflaging Network Traffic for Real-Time Applications,” Texas Workshop Security of Information Systems, April 2003. Yin Zhang, Matthew Roughan, Carsten Lund, and David Donoho. “An information- theoretic approach to traffic matrix estimation,” 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Karlsruhe, Germany, August 25-29, 2003. Michael Rabin. “Efficient Dispersal of Information for Security, Load Balancing, and Fault Tolerance,” In ACM April 1989, pp.335-348.

Download ppt "Making the Neutral Traffic Matrix More Meaningful Joseph Choi."

Similar presentations

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.
A Centralized Scheduling Algorithm based on Multi-path Routing in WiMax Mesh Network Yang Cao, Zhimin Liu and Yi Yang International Conference on Wireless.

A Centralized Scheduling Algorithm based on Multi-path Routing in WiMax Mesh Network Yang Cao, Zhimin Liu and Yi Yang International Conference on Wireless.
Routing in a Parallel Computer. A network of processors is represented by graph G=(V,E), where |V| = N. Each processor has unique ID between 1 and N.

Routing in a Parallel Computer. A network of processors is represented by graph G=(V,E), where |V| = N. Each processor has unique ID between 1 and N.
Page 1 / 14 The Mesh Comparison PLANET’s Layer 3 MAP products v.s. 3 rd ’s Layer 2 Mesh.

Page 1 / 14 The Mesh Comparison PLANET’s Layer 3 MAP products v.s. 3 rd ’s Layer 2 Mesh.
Entire Routes Reflecting capability draft-zhang-idr-bgp-entire-routes-reflect-00.txt Zhang Renhai :

Entire Routes Reflecting capability draft-zhang-idr-bgp-entire-routes-reflect-00.txt Zhang Renhai :
CSCI-235 Micro-Computers in Science The Network. Network Fundamentals A computer network consists of two or more computers linked together to exchange.

CSCI-235 Micro-Computers in Science The Network. Network Fundamentals A computer network consists of two or more computers linked together to exchange.
Source-Location Privacy Protection in Wireless Sensor Network Presented by: Yufei Xu Xin Wu Da Teng.

Source-Location Privacy Protection in Wireless Sensor Network Presented by: Yufei Xu Xin Wu Da Teng.
New Models and Algorithms for Active Networks. 2 The Active Bell-Labs Engine An adjunct active engine to any COTS router Only some packets are diverted.

New Models and Algorithms for Active Networks. 2 The Active Bell-Labs Engine An adjunct active engine to any COTS router Only some packets are diverted.
Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.

Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.
NetCamo Camouflaging network traffic at right time and right place

NetCamo Camouflaging network traffic at right time and right place
1 Complexity of Network Synchronization Raeda Naamnieh.

1 Complexity of Network Synchronization Raeda Naamnieh.
Cashmere: Resilient Anonymous Routing CS290F March 7, 2005.

Cashmere: Resilient Anonymous Routing CS290F March 7, 2005.
William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Internetworking.

William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Internetworking.
© nCode 2000 Title of Presentation goes here - go to Master Slide to edit - Slide 1 Reliable Communication for Highly Mobile Agents ECE 7995: Term Paper.

© nCode 2000 Title of Presentation goes here - go to Master Slide to edit - Slide 1 Reliable Communication for Highly Mobile Agents ECE 7995: Term Paper.
Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.

Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.
Communication operations Efficient Parallel Algorithms COMP308.

Communication operations Efficient Parallel Algorithms COMP308.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Network topology.

Network topology.
EECC694 - Shaaban #1 lec #7 Spring2000 3-28-2000 The OSI Reference Model Network Layer.

EECC694 - Shaaban #1 lec #7 Spring The OSI Reference Model Network Layer.
Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.

Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.

Similar presentations

Ads by Google