Abstract
As public internetworks are increasingly used for secure communications, the need grows for end-to-end protection fi'om traffic analysis. The additional protection of Traffic Flow Confidentiality can be detrimental to performance when padding is used to mask traffic patterns. Traffic masking policies that are responsive to system service requirements can improve performance, but secure adaptive traffic masking has to balance performance requirements with system protection requirements. This paper addresses the information leaks that result J~om adaptations in security mechanisms. Introduction and Background Traffic flow confidentiality (TFC) is concemed with hiding communication patterns that, if exploited, could reveal or compromise sensitive information. Sources of traffic flow information that need to be protected are frequency and length of transmittals, origin/destination traffic patterns, and protocol headers (6, 7). TFC is becoming more important as government agencies and private companies are moving away from private networks and using open data networks to meet their needs. While the security of open data networks is a concern, designers of network security are faced with an explosion of worldwide communications that includes increased data rates, universal connectivity, new services, and higher standards for performance. In such environments TFC can meet the growing need for protection from traffic analysis, but can be expensive because traffic masking involves the use of padding. Secure dynamic adaptive traffic masking (S- DATM) contributes to a global vision, providing the capability of operating in a commercial environment via traffic protected by appropriate levels of TFC with minimal impact on other traffic. Traditionally TFC has been provided by bulk encryption between protected sites on dedicated private networks that are no longer practical for wide scale internetwork use (3). Public networks are not only cheaper and more reliable, but have capabilities for end- to-end operational security, including confidentiality, integrity, authentication, and some privacy. Changing protection needs occur as secure hosts move outside of protective gateways, but still require operational security. Some internetwork users need the added privacy of TFC even though it is frequently considered too detrimental to performance to be considered practical (13).
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
