# Making the Neutral Traffic Matrix More Meaningful

Making the Neutral Traffic Matrix More Meaningful Joseph Choi Goal: Hide Traffic Patterns from a Global Passive Adversary, who knows: Source and destination of all messages Number of messages passing along each link Assumptions of the Neutral Traffic Matrix Approach: Messages are indistinguishable Same message length The same message should not be resent Further assume: No node compromise by an attacker Fully connected graph (direct path between each pair of nodes) Neutral Traffic Matrix

Receiver Node 1 Sender Node 2 Node 3 ... Node k Node 1

TM(1, 1) TM(1, 2) TM(1,3) ... TM(1, k) Node 2 TM(2, 1) TM(2, 2) TM(2, 3) ... TM(2, k) Node

3 TM(3, 1) TM(3, 2) TM(3, 3) ... TM(3, k) ... ... ... TM(k, k) ... Node k

Splitting Transform Scheme 1 Consider two nodes: A and B A wishes to send one message, m, to B A splits m into two parts: m1 and m2 m1 and m2 are padded to reach full message length Each part of the split message behaves like a full message. m m1 PADDING m1 m2 PADDING m2

Splitting by Scheme 1 Node 2 is sending 3 messages to Node 1 Take two messages, call them a & b Split a in half Message a.1 & a.2 Split b in half Message b.1 & b.2 Reroute a.2 and b.2 through node 3 Send a.1 and a.2 to node 1 directly. Splitting by Scheme 1 Node 1 is sending 2 messages to Node 2 Take a message, call it a Split a in half Message a.1 & a.2 Send a.1 directly; Reroute a.2 thru node 3 Node 1 is sending 2 messages to Node 3 Take a message, call it b Split b in half Message b.1 & b.2 Send b.1 directly; Reroute b.2 thru node 2

Splitting Transform Scheme 2 Consider two nodes: A and B A wishes to send one message, m, to B A splits m into two parts: m1 and m2 m1 and m2 are not padded remain full length At least two messages must be split at once to get four halves, which are combined to form messages of the full length. m n m1 m2 n1 m1

n1 m2 n2 n2 Splitting by Scheme 2 Node 2 wants to send 3 msgs to Node 1 Node 2 wants to send 1 msg to Node 3 Split one of the messages directed to Node 1 and another message directed to Node 3. Interchange parts and send to 3 Perhaps then split A message from 3 to 1, and from 3 to 2.

Interchange the parts and send to 2. Splitting Complications Each part must ultimately be received by its destination Effectively adds another layer of rerouting Less flexibility than, say, sending dummy messages Solution: Michael Rabins IDA (Information Dispersal Algorithm)? If splitting into more than 2 pieces In what order should messages be chosen for splitting? Specific to Scheme 1: Link cost is only ever increased Specific to Scheme 2: Recognize split messages at intermediate nodes Alternative: Control Messages Every once in a while, nodes will negotiate the number of messages to be sent out in subsequent time windows

One message sent by each node to all other nodes Contains value: expected # of messages it intends to send nodes will send messages according to the minimum of these Pros: If nodes regularly send many messages to every other node, then one more will be tolerable no need to send dummy messages Cons: If node activity is usually low, this adds considerable cost Resources:

Richard E. Newman, Ira S. Moskowitz, Paul Syverson and Andrei Serjantov. Metrics for Traffic Analysis Prevention, In PET 2003, Dresden, March 2003. R.E. Newman-Wolfe and B.R. Venkatraman. High Level Prevention of Traffic Analysis, Seventh Annual Computer Security and Applications Conference, San Antonio, Texas, December 2-6, 1991, pp. 102-109. B.R. Venkatraman and R.E. Wolfe. Capacity Estimation and Auditability of Network Covert Channels, 1995 IEEE Computer Society Symp. Security and Privacy, pp. 186198. X. Fu, B. Graham, Y. Guan, R. Bettati and W. Zhao. NetCamo: Camouflaging Network Traffic for Real-Time Applications, Texas Workshop Security of Information Systems, April 2003. Yin Zhang, Matthew Roughan, Carsten Lund, and David Donoho. An informationtheoretic approach to traffic matrix estimation, 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Karlsruhe, Germany, August 25-29, 2003. Michael Rabin. Efficient Dispersal of Information for Security, Load Balancing, and Fault Tolerance, In ACM April 1989, pp.335-348.

## Recently Viewed Presentations

• Ideal Gases. Ideal gases are imaginary gases that perfectly fit all of the assumptions of the kinetic molecular theory. Gases consist of tiny particles that are far apart. relative to their size. Collisions between gas particles and between . particles...
• V for Vendetta Essay Writing. ... When you provide quotes you must refer to them as 'dialogue' You need to refer to more than just dialogue in your essay. ... You should aim to weave this throughout e.g. "McTeigue uses...
• Management of Common Breastfeeding Problems Breastfeeding Residency Curriculum Prepared by Andrew Hsi MD, MPH and Larry Leeman MD, MPH University of New Mexico School of Medicine
• Working Group One: Influenza Virulence and Antigenic Change Research Recommendations Priorities Determine sequences of human, animal and avian isolates within an epidemiological framework. Need for clinical data from human cases. Determine the genes and their function for transmission and pathogenicity...
• American Imperialism: Latin America. Following the end of the Spanish-American War the United States was in an excellent position to take advantage of markets throughout Latin America US wanted to develop a trans-oceanic canal between the Atlantic and Pacific Ocean...
• The Himalayan Mountains. Why did the United States become involved in the Vietnam War? ... Is the Democratic People's Republic of Korea (North Korea) really a democracy and a republic? It is neither a democracy nor a republic. It is...
• Nuclear Physics
• ASQ 2009 Member Loyalty & Satisfaction Report Presented by: Market Probe www.marketprobe.com April 2009 ASQ Member/Customer Comparisons: Applying Knowledge from ASQ Events/Publications and Resources * Indicates significant difference at the 95% confidence interval between 2009 Member and Customer.