DeltaINT: Toward General In-band Network Telemetry with Extremely Low Bandwidth Overhead

2021 ◽  
Author(s):  
Siyuan Sheng ◽  
Qun Huang ◽  
Patrick P. C. Lee
Keyword(s):  
Bandwidth Overhead

scholarly journals RBP: a website fingerprinting obfuscation method against intelligent fingerprinting attacks

2021 ◽  
Vol 10 (1) ◽  
Author(s):  
Tao Luo ◽  
LiangMin Wang ◽  
ShangNan Yin ◽  
Hao Shentu ◽  
Hui Zhao
Keyword(s):  
Data Security ◽  
Arrival Time ◽  
State Of The Art ◽  
Web Security ◽  
Security And Privacy ◽  
Low Delay ◽  
Defense Technology ◽  
The Difference ◽  
Bandwidth Overhead ◽  
Traffic Analysis Attack

AbstractEdge computing has developed rapidly in recent years due to its advantages of low bandwidth overhead and low delay, but it also brings challenges in data security and privacy. Website fingerprinting (WF) is a passive traffic analysis attack that threatens website privacy which poses a great threat to user’s privacy and web security. It collects network packets generated while a user accesses website, and then uses a series of techniques to discover patterns of network packets to infer the type of website user accesses. Many anonymous networks such as Tor can meet the need of hide identity from users in network activities, but they are also threatened by WF attacks. In this paper, we propose a website fingerprinting obfuscation method against intelligent fingerprinting attacks, called Random Bidirectional Padding (RBP). It is a novel website fingerprinting defense technology based on time sampling and random bidirectional packets padding, which can covert the real packets distribution to destroy the Inter-Arrival Time (IAT) features in the traffic sequence and increase the difference between the datasets with random bidirectional virtual packets padding. We evaluate the defense against state-of-the-art website fingerprinting attacks in real scenarios, and show its effectiveness.

scholarly journals Practical Suitability and Experimental Assessment of Tree ORAMs

2018 ◽  
Vol 2018 ◽  
pp. 1-15 ◽  
Author(s):  
Kholoud Al-Saleh ◽  
Abdelfettah Belghith
Keyword(s):  
Random Access ◽  
Information Leakage ◽  
Random Access Memory ◽  
Access Pattern ◽  
Access Memory ◽  
Limited Bandwidth ◽  
Experimental Platform ◽  
Cryptographic Primitive ◽  
User Access ◽  
Bandwidth Overhead

Oblivious Random-Access Memory (ORAM) is becoming a fundamental component for modern outsourced storages as a cryptographic primitive to prevent information leakage from a user access pattern. The major obstacle to its proliferation has been its significant bandwidth overhead. Recently, several works proposed acceptable low-overhead constructions, but unfortunately they are only evaluated using algorithmic complexities which hide valuable constants that severely impact their practicality. Four of the most promising constructions are Path ORAM, Ring ORAM, XOR Ring ORAM, and Onion ORAM. However, they have never been thoroughly compared against each other and tested on the same experimental platform. To address this issue, we provide a thorough study and assessment of these recent ORAM constructions and implement them under the same testbed. We perform extensive experiments to provide insights into their performance characteristics, simplicity, and practicality in terms of processing time, server storage, client storage, and communication cost. Our extensive experiments show that despite the claimed algorithmic efficiency of Ring and Onion ORAMs and their judicious limited bandwidth requirements, Path ORAM stands out to be the simplest and most efficient ORAM construction.

scholarly journals PHI: Path-Hidden Lightweight Anonymity Protocol at Network Layer

2017 ◽  
Vol 2017 (1) ◽  
pp. 100-117 ◽  
Author(s):  
Chen Chen ◽  
Adrian Perrig
Keyword(s):  
Network Architectures ◽  
Network Layer ◽  
Set Size ◽  
Path Information ◽  
Packet Header ◽  
Bandwidth Overhead ◽  
Session Hijacking

Abstract We identify two vulnerabilities for existing highspeed network-layer anonymity protocols, such as LAP and Dovetail. First, the header formats of LAP and Dovetail leak path information, reducing the anonymity-set size when an adversary launches topological attacks. Second, ASes can launch session hijacking attacks to deanonymize destinations. HORNET addresses these problems but incurs additional bandwidth overhead and latency. In this paper, we propose PHI, a Path-HIdden lightweight anonymity protocol that solves both challenges while maintaining the same level of efficiency as LAP and Dovetail. We present an efficient packet header format that hides path information and a new back-off setup method that is compatible with current and future network architectures. Our experiments demonstrate that PHI expands anonymity sets of LAP and Dovetail by over 30x and reaches 120 Gbps forwarding speed on a commodity software router.

scholarly journals Efficient Network Telemetry based on Traffic Awareness

2021 ◽  
Author(s):  
Cesar Gomez ◽  
Abdallah Shami ◽  
Xianbing Wang
Keyword(s):  
Machine Learning ◽  
Adverse Effect ◽  
Network Performance ◽  
Important Data ◽  
Network Bandwidth ◽  
Crucial Component ◽  
Traffic Awareness ◽  
The Status ◽  
Bandwidth Overhead ◽  
And Behavior

Network Telemetry (NT) is a crucial component in today’s networks, as it provides the network managers with important data about the status and behavior of the network elements. NT data are then utilized to get insights and rapidly take actions to improve the network performance or avoid its degradation. Intuitively, the more data are collected, the better for the network managers. However, the gathering and transportation of excessive NT data might produce an adverse effect, leading to a paradox: the data that are supposed to help actually damage the network performance. This is the motivation to introduce a novel NT framework that dynamically adjusts the rate in which the NT data should be transmitted. In this work, we present an NT scheme that is traffic-aware, meaning that the network elements collect and send NT data based on the type of traffic that they forward. The evaluation results of our Machine Learning-based mechanism show that it is possible to reduce by over 75% the network bandwidth overhead that a conventional NT scheme produces.

scholarly journals Optimal integrity Policy for Secure Storage of Encrypted Data using Cloud Computing

2019 ◽  
Vol 8 (11) ◽  
pp. 1773-1776
Keyword(s):  
Cloud Computing ◽  
Information Search ◽  
Encrypted Data ◽  
Secure Storage ◽  
Attribute Based Encryption ◽  
Cloud Server ◽  
Single User ◽  
Bandwidth Overhead ◽  
And Storage ◽  
Being Moved

Cloud computing is very common at reduced price because of its computing and storage ability. To reduce storage costs, an ever increasing number of information are being moved to the cloud. Then again, since the cloud isn't completely dependable, they are usually encrypted before uploading to shield information protection from outsiders and even the cloud server. However, many activities on encrypted information, such as searching, are difficult to conduct. Searchable encryption has emerged to solve this issue. It is much less effective to search for encryption in multi-user environment than in single-user environment. As a foundation of attribute-based encryption to solve this issue a multi-user searchable system is suggested. Our system also keeps information safe in opposition to the cloud server in the cloud. It enables users with suitable permissions to conduct encrypted information search activities. Furthermore, customers generate search tokens instead of information holders. We demonstrate that in our system, token privacy and index privacy are all around ensured. No helpful data about search tokens and ciphertexts can be obtained from the cloud server and illegal users. Our scheme's ciphertexts are constant in size, reducing our scheme's time-complexity and bandwidth overhead.

scholarly journals Differentially Private Oblivious RAM

2018 ◽  
Vol 2018 (4) ◽  
pp. 64-84 ◽  
Author(s):  
Sameer Wagh ◽  
Paul Cuff ◽  
Prateek Mittal
Keyword(s):  
Private Information ◽  
Information Theoretic ◽  
Oblivious Ram ◽  
Storage Overhead ◽  
Trade Offs ◽  
Rigorous Framework ◽  
Bandwidth Overhead ◽  
And Performance ◽  
Local Storage ◽  
The Cost

Abstract In this work, we investigate if statistical privacy can enhance the performance of ORAM mechanisms while providing rigorous privacy guarantees. We propose a formal and rigorous framework for developing ORAM protocols with statistical security viz., a differentially private ORAM (DP-ORAM). We present Root ORAM, a family of DP-ORAMs that provide a tunable, multi-dimensional trade-off between the desired bandwidth overhead, local storage and system security. We theoretically analyze Root ORAM to quantify both its security and performance. We experimentally demonstrate the benefits of Root ORAM and find that (1) Root ORAM can reduce local storage overhead by about 2× for a reasonable values of privacy budget, significantly enhancing performance in memory limited platforms such as trusted execution environments, and (2) Root ORAM allows tunable trade-offs between bandwidth, storage, and privacy, reducing bandwidth overheads by up to 2×-10× (at the cost of increased storage/statistical privacy), enabling significant reductions in ORAM access latencies for cloud environments. We also analyze the privacy guarantees of DP-ORAMs through the lens of information theoretic metrics of Shannon entropy and Min-entropy [16]. Finally, Root ORAM is ideally suited for applications which have a similar access pattern, and we showcase its utility via the application of Private Information Retrieval.

Sign in / Sign up

Export Citation Format

Share Document