Presentation is loading. Please wait.

Presentation is loading. Please wait.

NetCamo Camouflaging network traffic at right time and right place

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "NetCamo Camouflaging network traffic at right time and right place"— Presentation transcript:

1 NetCamo Camouflaging network traffic at right time and right place
Y. Guan, X. Fu, R. Bettati and W. Zhao Department of Computer Science Texas A&M University June 6, 2000 Title: Efficient Traffic Camouflaging in Mission Critical QoS guaranteed Networks

2 Motivations It is often thought that communication may be secured by encrypting the traffic, but this has rarely been adequate in practice. Encryption makes crypto-analysis very difficult, if not impossible. E.g., IPsec makes content of the traffic inaccessible. 85% of the IP traffic will be encrypted in the near future. (VPN, SSL, etc.) An encrypted message between a customer service center and its ordinary user is not under suspicion, however, the one between an employee of a defense contractor and the embassy of a hostile power has obvious implication. The changes of traffic pattern between the military command center and some military units under different alertness states often indicate some meaningful information to the observers. Traffic analysis can still be used to trace the user’s on-line/off-line periods, uncover the location of military command center, determine operation mode or alertness state of military units, and analyze the intentions of communications.

3 Mission Critical Environment
Applications Flight Control System Supervisory Command and Control of defense system Hiper-D system (NSWC) ... Security Quality of Service

4 Objectives Keep network traffic pattern unobservable
Provide QoS-guaranteed communication services Be upward and downward compatible with existing operating systems, applications, and network technologies Be scalable and evolutionary

5 Basic Model Features of IP-based network
Header of the packet are readable by an observer. The underlying routing subsystem determines unique path between any pairs of hosts. Basic theorem: If the traffic entering into and exiting from each host is stable, all the traffic in the system are stable.

6 Example Stable Traffic Pattern Matrix Existing Traffic Pattern Matrix
The Existing traffic pattern among the hosts are: Host Host Host Host4 Host MB/sec 3MB/sec Host 2 3MB/sec 0 3MB/sec 3MB/sec Host 3 2MB/sec 0MB/sec 0 2MB/sec Host 4 3MB/sec 3MB/sec 3MB/sec 0 Existing Traffic Pattern Matrix The stable traffic pattern among the hosts are: Host Host Host Host4 Host 1 0 3MB/sec 3MB/sec 3MB/sec Host 2 3MB/sec 0 3MB/sec 3MB/sec Host 3 3MB/sec 3MB/sec 0 3MB/sec Host 4 3MB/sec 3MB/sec 3MB/sec 0 Stable Traffic Pattern Matrix

7 Traffic Padding Flooding the network at right place and right time to make it appear to be constant rate network Challenge: How much? For link j, Si Fi,j( I ) + Sj( I ) = C(I) ?

8 Traffic Rerouting Indirect delivery of packets
Challenge: How to reroute the traffic? Real Traffic: 5MB/sec from H3 to H2 H1 H2 H4 H3 3MB/sec 1MB/sec

9 QoS guarantee Traffic Padding and Rerouting
Challenge: Can we still guarantee real-time delay bound? For for connection j, Si di,,j, < Dj

10 Approaches Traffic camouflaging: host-based rerouting and traffic padding based on real-time traffic modeling theory. Real-time communication: providing end-to-end delay guaranteed services to applications while having traffic camouflaged A middle-ware solution: achieving effectiveness, compatibility, and scalability

11 Traffic Planning: Correctness Constraints
Stabilization Constraints Link Capacity Constraints

12 Traffic Planning: Correctness Constraints (cont.)
Conservation Constraints Delay Constraints

13 Extensions Scalability Easy deployment
Hierarchical Model: Intra-domain and Inter-domain Easy deployment Appliance-based method Domain 1 Domain 2 Domain 3

14 NetCamo System Architecture NetCamo Traffic Manager
Host Host NetCamo Network Controller API API H323 NetCamo Traffic Manager H323 Applications Client Applications Client Router Agent Router Agent NetCamo Host Controller Host Agent Host Agent NetCamo Host Controller Host Manager Host Manager Network Traffic Controller Traffic Controller Router Router

15 NetCamo Traffic Planner

16 NetCamo Traffic Controller

17 Status April 2000: Pre-release version
* Support both CBR and VBR traffic * Support a fixed cover mode * Support a fixed sensor period for traffic padding * Support real-time monitoring August 2000: b version: * Support multiple cover modes * Support an adaptive sensor period for traffic padding * Support a semi-automatic traffic modeling tool * Provide installation and maintenance services August 2000: Integration with HiPer-D system (NSWC)

18 Network Camouflaging & QoS-guaranteed Service
Camouflage network elements and activity (wired and wireless) Host, router and switch Location Liveliness Movement traces Connectivity Connection VPN tunnel Topology Traffic pattern QoS guaranteed Deterministic QoS service Statistical QoS service

19 Camouflaging, Concealment, and Decoy
in Cyber Space Means Packet Conn. Traffic Router Topology Op Mode Hide Blend Encryption Flooding Disguising ? Neutral mode Disrupting Re-routing ? Decoy Multiple cover modes

20 A new field! Much work to be done!
Summary Current NetCamo system is the first step! We achieve our goal in a controlled way that traffic analysis prevention and QoS guaranteed service are obtained at the same time. We are working in this new research field, whose essence lies in hiding and camouflaging the information about the network in order to make it anonymous and unobservable. A new field! Much work to be done!

Download ppt "NetCamo Camouflaging network traffic at right time and right place"

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Texas A&M University Page 1 10/10/2014 5:19:49 PM Real-Time Traffic Modeling and its Application in Network Camouflaging W ei Zhao, Riccardo Bettati, Nitin.

Texas A&M University Page 1 10/10/2014 5:19:49 PM Real-Time Traffic Modeling and its Application in Network Camouflaging W ei Zhao, Riccardo Bettati, Nitin.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
UWB UWB: High speed(>100Mbps), small area(WPAN), accurate positioning and distance measuring. Blue tooth: although it’s low speed, it has a more mature.

UWB UWB: High speed(>100Mbps), small area(WPAN), accurate positioning and distance measuring. Blue tooth: although it’s low speed, it has a more mature.
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
Denial of Service in Sensor Networks Szymon Olesiak.

Denial of Service in Sensor Networks Szymon Olesiak.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.

VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.
CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.

CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.
1 EL736 Communications Networks II: Design and Algorithms Class3: Network Design Modeling Yong Liu 09/19/2007.

1 EL736 Communications Networks II: Design and Algorithms Class3: Network Design Modeling Yong Liu 09/19/2007.
Sponsored by the U.S. Department of Defense © 2005 by Carnegie Mellon University 1 Pittsburgh, PA 15213-3890 Dennis Smith, David Carney and Ed Morris DEAS.

Sponsored by the U.S. Department of Defense © 2005 by Carnegie Mellon University 1 Pittsburgh, PA Dennis Smith, David Carney and Ed Morris DEAS.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson

1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 EE 400 Asynchronous Transfer Mode (ATM) Abdullah AL-Harthi.

1 EE 400 Asynchronous Transfer Mode (ATM) Abdullah AL-Harthi.
IPv6 and Overlays EE122 Introduction to Communication Networks Discussion Section.

IPv6 and Overlays EE122 Introduction to Communication Networks Discussion Section.
1IMIC, 8/30/99 Constraint-Based Unicast and Multicast: Practical Issues Bala Rajagopalan NEC C&C Research Labs Princeton, NJ

1IMIC, 8/30/99 Constraint-Based Unicast and Multicast: Practical Issues Bala Rajagopalan NEC C&C Research Labs Princeton, NJ
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

Similar presentations

Ads by Google