The silence of the LANs: Efficient leakage resilience for IPsec VPNs

Ahmad Reza Sadeghi*, Steffen Schulz, Vijay Varadharajan

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

6 Citations (Scopus)

Abstract

Virtual Private Networks (VPNs) are increasingly used to build logically isolated networks. However, existing VPN designs and deployments neglect the problem of traffic analysis and covert channels. Hence, there are many ways to infer information from VPN traffic without decrypting it. Many proposals were made to mitigate network covert channels, but previous works remained largely theoretical or resulted in prohibitively high padding overhead and performance penalties. In this work, we (1) analyse the impact of covert channels in IPsec, (2) present several improved and novel approaches for covert channel mitigation in IPsec, (3) propose and implement a system for dynamic performance trade-offs, and (4) implement our design in the Linux IPsec stack and evaluate its performance for different types of traffic and mitigation policies. At only 24% overhead, our prototype enforces tight information-theoretic bounds on all information leakage.

Original languageEnglish
Title of host publicationComputer Security, ESORICS 2012 - 17th European Symposium on Research in Computer Security, Proceedings
EditorsSara Foresti, Moti Young, Fabio Martinelli
Place of PublicationHeidelberg, Germany
PublisherSpringer, Springer Nature
Pages253-270
Number of pages18
Volume7459 LNCS
ISBN (Print)9783642331664
DOIs
Publication statusPublished - 2012
Event17th European Symposium on Research in Computer Security, ESORICS 2012 - Pisa, Italy
Duration: 10 Sep 201212 Sep 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7459 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other17th European Symposium on Research in Computer Security, ESORICS 2012
CountryItaly
CityPisa
Period10/09/1212/09/12

Fingerprint

Dive into the research topics of 'The silence of the LANs: Efficient leakage resilience for IPsec VPNs'. Together they form a unique fingerprint.

Cite this