Concealing distinguishing features in traffic patterns used in Traffic Analysis (TA) attacks also affects network observability and hence it is detrimental for legitimate traffic analysis (e.g., network monitoring, anomaly detection). The problem is particularly relevant in microservice-based cloud-native systems. In this paper we introduce a novel method that defends traffic flows against TA attacks and selectively exposes metadata to allow semi-trusted entities to recover certain traffic characteristics with low additional overhead by using a surplus area in the packets. In our architecture, proxies protect traffic between microservices using application-level logic and protocol features. We provide a PoC implementation and evaluation of the proposed method using the QUIC and HTTP/3 protocols for two network functions in the 5G Core Network and in a microservice benchmark application. We show that two events can be made indistinguishable for a storage channel attacker, while maintaining observability for a legitimate TA node. We also extend our defense to reduce the accuracy of a more powerful (timing channel) attacker by 20–30%.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Mitigating Traffic Analysis Attacks While Maintaining On-Path Network Observability

  • János Kövér,
  • Roberto Guanciale,
  • György Dán

摘要

Concealing distinguishing features in traffic patterns used in Traffic Analysis (TA) attacks also affects network observability and hence it is detrimental for legitimate traffic analysis (e.g., network monitoring, anomaly detection). The problem is particularly relevant in microservice-based cloud-native systems. In this paper we introduce a novel method that defends traffic flows against TA attacks and selectively exposes metadata to allow semi-trusted entities to recover certain traffic characteristics with low additional overhead by using a surplus area in the packets. In our architecture, proxies protect traffic between microservices using application-level logic and protocol features. We provide a PoC implementation and evaluation of the proposed method using the QUIC and HTTP/3 protocols for two network functions in the 5G Core Network and in a microservice benchmark application. We show that two events can be made indistinguishable for a storage channel attacker, while maintaining observability for a legitimate TA node. We also extend our defense to reduce the accuracy of a more powerful (timing channel) attacker by 20–30%.