iTAP is a partially deployable network-level system that enables anonymous communication within the premises of a network. The key insight behind iTAP is to leverage the programmability offered by Software-Defined Networking (SDN) to dynamically rewrite packet headers at the edge of the network to varying randomized identifiers. iTAP is useful with as few as two SDN devices and its anonymity guarantees grow linearly with the number of SDN devices from thereafter.
With iTAP in place, in-network eavesdroppers only see randomized IDs (which carry no information) as headers and cannot single out hosts unless they eavesdrop on all links of a path, which is unlikely in practice. As an illustration, the Figure on the left shows the distribution of source and destination IP addresses observed by a link-level eavesdropper with and without iTAP. Without iTAP, it is evident that 18 clients and six servers are communicating with each other. With iTAP, the observed IP addresses are spread over the whole address range and neither the real addresses nor the number of communicating hosts is recognizable.
An iTAP-enabled network consists of SDN-enabled switches along with traditional L2 switches controlled by an iTAP controller. The main functionality provided by iTAP is flow obfuscation at scale. To do so, iTAP leverages an adaptative hybrid obfuscation scheme where the obfuscation scheme is adapted before any attacker can learn enough information to break it. In addition to traffic obfuscation, iTAP can detect the attackers position by monitoring unexpected entry points for obfuscated traffic (e.g., an attacker trying to probe an obfuscated header). iTAP supports partial deployment and does not require a network solely consisting of OpenFlow switches to be useful.