Prevention of traffic analysis and associated covert channels

Prevention of traffic analysis will be of considerable importance in the communication subsystems of the future as the migration towards use of public networks for secure communication continues. Traffic analysis is a security compromise in which analysis of certain traffic characteristics results in information disclosure through inference. Traffic analysis counter measures are concerned with masking the traffic characteristics that can be used covertly to communicate information in violation of the security policy.;This dissertation presents a new model to prevent traffic analysis without relying on link or network layer encryption. The model obtains spatially neutral traffic matrix by rerouting traffic away from heavily loaded links and inserting dummy packets if necessary. An algorithm to obtain spatially neutral traffic matrix is presented and simulation results compared with results obtained from an integer linear programming implementation.;The notion of temporal neutrality is formalized and transmission schedules proposed to ensure that observable traffic characteristics are temporally neutral. The static scheduling policy eliminates covert channels but is unresponsive to fluctuations in system load; the adaptive scheduling policy seeks to improve throughput and provides for quality of service guarantees at the expense of allowing certain covert channels.;An analysis of covert channels shows a tradeoff between the covert channel capacity and the responsiveness of the system. Formal and informal techniques to estimate covert channel capacity are proposed and general bounds on network covert channel capacity are derived.;Criteria for auditing network covert channels are defined and several handling policies are proposed to lower the covert channel capacity to TCSEC acceptable levels. Capacities of network covert channels are estimated with and without handling policies.;Simulation studies of the algorithm performed using uniform traffic and traffic trace from the University of Florida campus-wide backbone network indicate that the model can be effectively implemented in actual networks to prevent traffic analysis and associated covert channels.