Title: Performance Analysis of Real Traffic Carried with Encrypted Cover Flows
1Performance Analysis of Real Traffic Carried with
Encrypted Cover Flows
4 June 2008
- Nabil Schear
- David M. Nicol
- University of Illinois at Urbana-Champaign
- Department of Computer Science
- Information Trust Institute
2Network Session Encryption
- SSL, IPsec widespread use
- Provide strong confidentiality through encryption
- I depend on SSL dailyso probably do you!
- But, session encryption does not mask packet
sizes and timing - For performance reasons
- Privacy can be breached by traffic analysis
attacks
3Traffic Analysis Example Attack
Port 443 Small message Request!
Attackers Vantage Point
On-line Bank
GET /request? myacccount. Transfer.html HTTP/1.1
Encrypt
29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U _at_)(KJ
FAKDJA
29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U _at_)(KJ
FAKDJA
Decrypt
Your Computer
29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U _at_)(KJ
FAKDJA 29874ABA.XM.FJ DFALAPDJFA.MF 23(KJFAKDJ
A 29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U _at_)(
KJFAKDJA
Encrypt
Requested money Transfer for the Amount of
3000 Do you wish to Accept?
Decrypt
Your Transfer Request Page
29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U _at_)(KJ
FAKDJA 29874ABA.XM.FJ DFALAPDJFA.MF 23(KJFAKDJ
A 29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U _at_)(
KJFAKDJA
Response of length 14328 bytes Fund Transfer Page!
4Traffic Analysis Example Attack
Port 443 Small message Request!
Attackers Vantage Point
On-line Bank
GET /request? myacccount. Transfer.html HTTP/1.1
Encrypt
29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U _at_)(KJ
FAKDJA
29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U _at_)(KJ
FAKDJA
Decrypt
Your Computer
29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U _at_)(KJ
FAKDJA 29874ABA.XM.FJ DFALAPDJFA.MF 23(KJFAKDJ
A 29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U _at_)(
KJFAKDJA
Encrypt
Requested money Transfer for the Amount of
3000 Do you wish to Accept?
Decrypt
Your Transfer Request Page
29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U _at_)(KJ
FAKDJA 29874ABA.XM.FJ DFALAPDJFA.MF 23(KJFAKDJ
A 29874ABA.XM.FJ DFALAPDJFA.MF 2304AODJHFA0U _at_)(
KJFAKDJA
- Attacker saw no content
- BUT still knows what you did
Response of length 14328 bytes Fund Transfer Page!
5Our Approach Mimicry
- Tunneling over independent cover traffic
- Independent packet size and timing
- Attacker cant tell which packets have data and
which are cover because of encryption - Use model to generate plausible cover traffic
- Who needs this?
- Spies, dissidents, whistle blowers, privacy
advocates
6Performance Analysis
- Explore the properties of our technique with
simulation and analytic modeling - Questions
- Impact on user experience delay and throughput?
- Overhead over standard transmission?
- Is this feasible with disparate traffic patterns?
- Can we assess these impacts by using data-driven
models of tunnel-free network behavior, and
analytic models of tunneling?
7Outline
- Simulation
- Results
- Analytic Model
- Evaluating delay and model validation
- Slowdown
- Stability
- Future work and conclusions
8Simulation Design
- Use Flows model the system with request/response
pairs (TCP) - Cover traffic runs continuously with delay
between flows - Real traffic starts some time into simulation
- Consumes as much space in cover messages as is
available - May have to wait for multiple cover sessions
9SSFNet Implementation
- Measured native https data suggests 4 traffic
classes - Request
- Text
- Graphics
- Heavy
- Built SSFNet model of real over cover flows based
on real prototype implementation - Request size (both flows) sampled same
distribution - Separate traffic type distribution assigned
cover, real
server
10Results
- Notable trends
- Real text decreases with cover intensity
- Others increase with cover intensity
- Throughput degradation runs 65 - 85
11Analytic Model
- Using what we learned from simulation, what can
we discover with a model? - Validation
- Compare against simulation data
- Slowdown
- Ratio of time to deliver tunneled real traffic
vs. native real traffic delivery - Stability
- Whether cover traffic keep up with real traffic
12Modeling Cover Sessions
- Simplify imagine only response sessions
-
- Cover traffic behavior in time is on-off renewal
13Modeling Cover Sessions
- Simplify imagine only response sessions
- Cover traffic behavior in time is on-off renewal
14Modeling Cover Sessions
- Simplify imagine only response sessions
- Cover traffic behavior in time is on-off renewal
on
on
off
on
off
off
time
15Modeling Cover Sessions
- Simplify imagine only response sessions
- Cover traffic behavior in time is on-off renewal
on
on
off
on
off
off
time
Random on time is scaled geometric,
mean Renewal theory gives us Prstate is on
Eon / (EonEoff)
16Modeling Real Sessions
- Real sessions model users
- Assume think time then interaction
- Wait for interaction to complete
real session
off
off
time
17Modeling Real Sessions
on
on
real session
time
cover session
Multiple Components to the on time 1. time
spent tunneling 2. real traffic arrives between
cover sessions 3. real traffic overruns cover
session Both 2 and 3 have to wait for new
session
18Validation
- Predictions of model validated against data
gathered from simulator - Values of estimated from
data - Important to understand that per kilobyte
transfer costs depend on session
lengths, background traffic---and are independent
of tunneling - Can be obtained from
- Network trace data
- Detailed network simulation
- Key thing is that these parameters dont depend
on tunnelingbut can be used to explain tunneling
19Validation Results
- Used SSFNet simulation to derive network
parameters - difference is very small
- With accurate parameters from network
- We use the model to predict mean delay
20Understanding Slowdown
Slowdown
- Performance at extremes
- Waiting time is minimized, slowdown due to
- Slowdown due to waiting for cover session to
begin and final one to end - All params equal, slowdown is 3x
- Sum of three geometrics waiting, carrying, and
final
when
21Stability
- If tunnel overhead is too large, real traffic
will never catch up - Tunneling as a service G/G/1 queue
- Job inter-arrival time is a native real flows
-
- Service Time is EOn
- Simplified param space and
22Future Work
- Finish real implementation and evaluation
- Multiple cover sessions per real flow?
- Trade-off between privacy and performance?
23Conclusions
- Enhancing the privacy of encrypted traffic
- Used simulation and modeling to understand
effects - Use real traffic measurements to find params for
model - Measurements dont have any concept of tunneling
- Simulation plus analytic model powerful
But only together