[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ESPv3 TFC padding

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: ESPv3 TFC padding
From: Henry Spencer <henry@spsystems.net>
Date: Mon, 18 Aug 2003 23:52:41 -0400 (EDT)
In-Reply-To: <Pine.GSO.4.33.0308120809220.24171-100000@gandalf.sctc.com>
Sender: owner-ipsec@lists.tislabs.com

On Tue, 12 Aug 2003, Tylor Allison wrote:
> It would seem that random padding probably isn't sufficient, as if you're
> trying to mask small packets, adding a random pad will just result in a
> bigger packet on average, but will still be discernable from a VPN which is
> just passing large packets.

Barring grossly bandwidth-intensive measures like padding all packets out
to a constant size and regularly injecting dummy packets if no real ones
appear, all you can accomplish with such measures is to add noise to the
data obtained by traffic analysis.  If the underlying "signal" is strong
enough, it will eventually show through the noise.

But this doesn't make noise addition worthless.  The noise can *hamper*
traffic analysis even if entirely precluding it is impractical.  The
trickier the particular analysis is in the first place, e.g. trying to
figure out what's going on inside a multi-user SA carrying several kinds
of traffic simultaneously, the more it hurts to add a bit of extra noise
to the data. 

                                                          Henry Spencer
                                                       henry@spsystems.net

References:
- ESPv3 TFC padding
  - From: Tylor Allison <allison@securecomputing.com>

Prev by Date: Re: The remaining IKEv2 issues
Next by Date: Re: IKEv2 SA rekeying - naming an initial SA
Prev by thread: Re: ESPv3 TFC padding
Next by thread: Re: ESPv3 TFC padding
Index(es):
- Date
- Thread