Session Privacy Enhancement by Traffic Dispersion

Traditional network routing uses the single (shortest) path paradigm. This paradigm leaves the session vulnerable to a variety of security threats, such as eavesdropping. We propose to overcome this via dispersive routing, conducted over multiple paths. This increases significantly the costs inflicted on an attacker who wishes to eavesdrop sessions by hijacking network links (or routers). We formulate the Security Traffic Manager (STM) problem (route session fragments, over multiple paths, so that protection against an attacker, with a known hijacking budget, is guaranteed) and the attacker problem (find the cheapest hijacking strategy). The problems are analyzed for cases in which the attacker must eavesdrop all the fragments as well for cases in which it must eavesdrop only a fraction of them. We analyze the theoretical complexity of these problems and offer algorithms for finding dispersive routes that guarantee security. Though some theoretical cases of the problem are shown to be NP-Hard, typical practical cases can be solved by polynomial time algorithms. We extend the STM problem to more practical situations where the goal of the STM is to guarantee privacy, using minimal number of limited-length paths. The algorithms are tested through simulation and shown to be efficient in many scenarios. The model and algorithms offered in this study can be used for deploying a “session enhanced security” service in packet networks. Keywords-component; traffic dipersion, security, eavesdrop, multi-path routing

[1]  Yuchun Guo,et al.  Link‐disjoint paths for reliable QoS routing , 2003, Int. J. Commun. Syst..

[2]  Christian E. Hopps,et al.  Analysis of an Equal-Cost Multi-Path Algorithm , 2000, RFC.

[3]  Reuven Cohen,et al.  On the Computational Complexity and Effectiveness of N-Hub Shortest-Path Routing , 2004, IEEE/ACM Transactions on Networking.

[4]  Angelos D. Keromytis,et al.  SOS: an architecture for mitigating DDoS attacks , 2004, IEEE Journal on Selected Areas in Communications.

[5]  Joao P. Hespanha,et al.  Preliminary results in routing games , 2001, Proceedings of the 2001 American Control Conference. (Cat. No.01CH37148).

[6]  Russell Impagliazzo,et al.  A personal view of average-case complexity , 1995, Proceedings of Structure in Complexity Theory. Tenth Annual IEEE Conference.

[7]  Shouhuai Xu,et al.  Constructing Disjoint Paths for Secure Communication , 2003, DISC.

[8]  Devika Subramanian,et al.  A Simple, Practical Distributed Multi-Path Routing Algorithm , 1998 .

[9]  Ravindra K. Ahuja,et al.  Network Flows: Theory, Algorithms, and Applications , 1993 .

[10]  Peter Slavík A Tight Analysis of the Greedy Algorithm for Set Cover , 1997, J. Algorithms.

[11]  F. Ashcroft,et al.  VIII. References , 1955 .

[12]  Jon Crowcroft,et al.  Quality-of-Service Routing for Supporting Multimedia Applications , 1996, IEEE J. Sel. Areas Commun..

[13]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[14]  Sathya Narayanan,et al.  Real Time Transport With Path Diversity , 2002 .

[15]  Tian Bu,et al.  Trading resiliency for security: model and algorithms , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[16]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[17]  Ariel Orda,et al.  Efficient algorithms for computing disjoint QoS paths , 2004, IEEE INFOCOM 2004.

[18]  Moti Yung,et al.  Perfectly secure message transmission , 1993, JACM.

[19]  Chunming Qiao,et al.  On finding disjoint paths in single and dual link cost networks , 2004, IEEE INFOCOM 2004.

[20]  Hanoch Levy,et al.  Privacy and Reliability by Dispersive Routing , 2005, IWQoS.

[21]  Hanoch Levy,et al.  Packet dispersion and the quality of voice over IP applications in IP networks , 2004, IEEE INFOCOM 2004.

[22]  João Pedro Hespanha,et al.  Enhancing security via stochastic routing , 2002, Proceedings. Eleventh International Conference on Computer Communications and Networks.

[23]  Ibrahim Matta,et al.  BRITE: Boston University Representative Internet Topology gEnerator: A Flexible Generator of Internet Topologies , 2000 .

[24]  Vishal Misra,et al.  Distributed algorithms for secure multipath routing , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[25]  Klara Nahrstedt,et al.  Load Balancing in Hop-by-Hop Routing With and Without Traffic Splitting , 2003 .