Using Parasite Flows to Camouflage Flow Traffic

This paper presents a flow based architecture for network traffic camouflaging. We aim at hiding both the message traffic pattern and the fact that camouflaging itself is taking place, while at the same time guaranteeing the QoS requirement of the message flow. The idea is to embed the packets of the message flow into the packets of another flow, denoted as carrier flow, which in turn may be generated by a well known network service. We say that message flows act as parasites while the carrier flows are the hosts. We study issues in selecting the carrier to improve the system’s performance while satisfying both security and QoS requirements. A flow-based traffic camouflaging prototype system has been realized. The experimental evaluation shows that the use of parasite flows effectively hide both the message traffic pattern and the fact that camouflaging is taking place.

[1]  Stephen T. Kent,et al.  Security Mechanisms in High-Level Network Protocols , 1983, CSUR.

[2]  Richard E. Newman,et al.  High level prevention of traffic analysis , 1991, Proceedings Seventh Annual Computer Security Applications Conference.

[3]  Richard E. Newman,et al.  Performance analysis of a method for high level prevention of traffic analysis , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.

[4]  Richard E. Newman,et al.  Performance analysis of a method for high level prevention of traffic analysis using measurements from a campus network , 1994, Tenth Annual Computer Security Applications Conference.

[5]  Wei Zhao,et al.  Guaranteeing end-to-end deadlines in ATM networks , 1995, Proceedings of 15th International Conference on Distributed Computing Systems.

[6]  Hui Zhang Providing end-to-end performance guarantees using non-work-conserving disciplines , 1995, Comput. Commun..

[7]  Edward W. Knightly,et al.  Deterministic delay bounds for VBR video in packet-switching networks: fundamental limits and practical trade-offs , 1996, TNET.

[8]  Harrick M. Vin,et al.  Determining end-to-end delay bounds in heterogeneous networks , 1995, Multimedia Systems.

[9]  Wei Zhao,et al.  Stability in ATM networks , 1997, Proceedings of INFOCOM '97.

[10]  Riccardo Bettati,et al.  Adaptive connection admission control for mission critical real-time communication networks , 1998, IEEE Military Communications Conference. Proceedings. MILCOM 98 (Cat. No.98CH36201).

[11]  Riccardo Bettati,et al.  Scalable QoS guaranteed communication services for real-time applications , 2000, Proceedings 20th IEEE International Conference on Distributed Computing Systems.