The present invention relates to data communications and more particularly to a method and system for preventing traffic analysis of packet-switched networks operating under the standard Transmission Control Protocol and Internet Protocol.
There are currently no known effective technologies for preventing network traffic analysis. Although Internet Protocol (IP) level security now addresses many threats to confidentiality, integrity, and authentication, it does not address the traffic analysis vulnerabilities. These vulnerabilities enable adversaries to passively perform center of gravity analysis, topology mapping, and operating system or application version identification, even on encrypted information, and thereby enable them to extract significant information. In fact, these vulnerabilities can not be addressed by any current encryption or authentication schemes. These vulnerabilities arise from inconsistent fragmentation, resolution of timing information, and over specification of specific fields like the Time To Live field, in addition to the statistical behavior of network traffic. The widely used IP version 6 (IPv6) was designed under the assumption of a benign environment and with the goal of conserving network bandwidth. Privacy enhancements proposed for IPv6 seem necessary but do not appear to be sufficient for addressing some of these concerns.
Computer network traffic is subject to interception and/or monitoring by unauthorized systems known as sniffers that can easily tap into a communication stream and can determine the source, destination, and even probable content of the message traffic. Because message in a Transmission Control Protocol and Internet Protocol based network traverses the network in packets, these sniffers are commonly called packet sniffers. With some types of physical layer network technologies, such as Ethernet or token ring, a sniffer placed on any computer on the network can read all of the messages that come across the network and can determine traffic patterns and source/destination information. The value of the information acquired can be significantly reduced if the apparent traffic patterns are not the actual traffic patterns. If extra network traffic that contains no information and has no significance is present in the network traffic then analytical techniques will fail and the true traffic will be protected from network analysis.
In the standard Transmission Control Protocol and Internet Protocol (TCP/IP) approach to network communications, data is transmitted from computer to computer on the network using data packets. Each data packet is composed of a header and a body. The IP packet header can contain information relating to security, packet sequencing, addressing, packet data integrity, and packet size, but it does not contain the data that is being transferred. The data in the packet is contained in the body (payload) of the packet, which is called the data segment. The highest level of the TCP/IP protocol stack, the application layer, contains the application(s) that generate and receive data. The transport layer provides reliable end-to-end, (sender-to-recipient) communication. For outgoing data, the transport layer Inserts the data given to it by the application layer into TCP formatted packets. These packets are then passed down the stack to the Internet (or IP) layer. For Incoming data, the transport layer receives TCP-formatted packets from the Internet layer In the stack, strips off the TCP header, performs whatever validity checking and message re-assembly operations are required, and passes the complete message on to the destination application in the application layer. TCP operates only in the transport layer and uses symbolic (or logical) addressing to Indicate the sender and the recipients of the data. The Internet, or IP, layer is directly below the transport layer. The Internet layer manages communication between computers on the network using logical addresses. For incoming data, the IP layer receives the packets of data, called datagrams, that arrive from the network layer, strips off the IP headers, checks the validity of the incoming data, and passes the data segment on to the transport layer. For outgoing data, IP performs routing of data and places the data into IP-formatted packets. Routing is the process of choosing a path through the network, or internetwork, for packets to follow. The network interface layer manages the transmission of the data over the physical network and deals In real addresses and the problems that arise when dealing with a physical medium. Unlike the other three layers, the network Interface layer only uses real addresses, not logical, addresses on the network.
In the TCP/IP approach, computer-to-computer communications are conducted on a peer-to-peer basis between protocol stacks. For example, the TCP layer on one computer communicates only with the TCP layer on any other computer, all of the intervening layers of the TCP/IP protocol stacks on its own machine, the recipients machine, and intermediate router machines operate in a manner that is transparent to the sender's and recipients' TCP layer. Each packet is composed of a header and a body (or data) segments; therefore, clearly the body of a message at one layer of the stack will contain the header and data segment information for higher layers in the stack. Outgoing packets are, then, nested structures. The output from a higher layer level of the stack is placed into the data segment portion of the structure and the resulting header and data segment combined serves as input to the next layer of the stack when data is being transmitted. For data reception, the process operates in reverse. Each layer of the stack strips off its particular header segment information before passing along the data segment portion to the next higher level in the stack, where that level processes it as a header and a data segment.
Security and authentication are a concern for communication and their importance will only increase. Therefore, the ability to employ a number of different authentication and security measures within a single network environment will be advantageous. The security and authentication options provided In the basic IPv6 header permit a number of different security levels and types of encryption to be in operation simultaneously within the same network and the level of security for the data in a packet can be determined solely by examining the IP packet header.