The silence of the LANs: efficient leakage resilience for IPsec VPNs

Steffen Schulz, Vijay Varadharajan, Ahmad-Reza Sadeghi

Research output: Contribution to journalArticlepeer-review

10 Citations (Scopus)

Abstract

Virtual private networks (VPNs) are increasingly used to build logically isolated networks. However, existing VPN designs and deployments neglected the problem of traffic analysis and covert channels. Hence, there are many ways to infer information from VPN traffic without decrypting it. Many proposals have been made to mitigate network covert channels, but previous works remained largely theoretical or resulted in prohibitively high padding overhead and performance penalties. In this paper, we: 1) analyse the impact of covert channels in IPsec; 2) present several improved and novel approaches for covert channel mitigation in IPsec; 3) propose and implement a system for dynamic performance trade-offs; and 4) implement our design in the Linux IPsec stack and evaluate its performance for different types of traffic and mitigation policies. At only 24% overhead, our prototype enforces tight information-theoretic bounds on information leakage. To encourage further research, we put our prototype code and data in the public domain.

Original languageEnglish
Pages (from-to)221-232
Number of pages12
JournalIEEE Transactions on Information Forensics and Security
Volume9
Issue number2
DOIs
Publication statusPublished - Feb 2014

Keywords

  • IPsec
  • VPNs
  • covert channels
  • performance
  • trade-off

Fingerprint Dive into the research topics of 'The silence of the LANs: efficient leakage resilience for IPsec VPNs'. Together they form a unique fingerprint.

Cite this