Improving Network Security through Obfuscation

Abstract

While it is impressive that many of the prevalent protocols and algorithms in today's networks and the Internet have remained essentially unchanged since the very first computer networks in the Sixties, they were not designed for today's security environment. Only thanks to protocol extensions and new technologies, today's network users are protected against many threats. For example, most hosts are behind firewalls that prevent some malicious traffic from reaching them, and most traffic is encrypted to prevent eavesdropping. However, today's protections are not enough. For example, denial-of-service attacks can cut a host's connection even if their traffic does not reach it, and encrypted traffic still leaks information about its contents. In this dissertation, we explore how obfuscation can help to prevent such weak points. To this end, we present two solutions: First, we present NetHide, a system that mitigates denial-of-service attacks against the network infrastructure by obfuscating the network topology. The key idea behind NetHide is to formulate topology obfuscation as a multi-objective optimization problem that allows for a flexible trade-off between the security of the topology and the usability of network debugging tools. NetHide then intercepts and modifies path-tracing probes in the data plane to ensure that attackers can only learn the obfuscated topology. Second, we present ditto, a system that prevents traffic-analysis attacks by obfuscating the timing and size of packets. The key idea behind ditto is to add padding to packets and to introduce chaff packets such that the resulting traffic is independent of production traffic with respect to packet sizes and timing. ditto provides high throughput without requiring changes at hosts, which makes it ideal for protecting wide area networks. Both systems leverage recent advances in network programmability. They show that programmable switches can increase the security of high-throughput networks without degrading their performance. However, programmable switches do not only provide high performance for obfuscation, but they also allow analyzing traffic at scale. We complete this dissertation with a discussion of four use cases where programmable switches analyze traffic – for both benign and malicious purposes.