iTAP: In-network Traffic Analysis Prevention
using Software-Defined Networks

iTAP is a partially deployable network-level system that enables anonymous communication within the premises of a network. The key insight behind iTAP is to leverage the programmability offered by Software-Defined Networking (SDN) to dynamically rewrite packet headers at the edge of the network to varying randomized identifiers. iTAP is useful with as few as two SDN devices and its anonymity guarantees grow linearly with the number of SDN devices from thereafter.

Randomized packet headers

With iTAP in place, in-network eavesdroppers only see randomized IDs (which carry no information) as headers and cannot single out hosts unless they eavesdrop on all links of a path, which is unlikely in practice. As an illustration, the Figure on the left shows the distribution of source and destination IP addresses observed by a link-level eavesdropper with and without iTAP. Without iTAP, it is evident that 18 clients and six servers are communicating with each other. With iTAP, the observed IP addresses are spread over the whole address range and neither the real addresses nor the number of communicating hosts is recognizable.

Observed source and destination IP addresses without iTAP
Observed source and destination IP addresses with iTAP

Example of information leakage. Observed source and destination IP addresses without (left) and with iTAP (right).

Overview

An iTAP-enabled network consists of SDN-enabled switches along with traditional L2 switches controlled by an iTAP controller. The main functionality provided by iTAP is flow obfuscation at scale. To do so, iTAP leverages an adaptative hybrid obfuscation scheme where the obfuscation scheme is adapted before any attacker can learn enough information to break it. In addition to traffic obfuscation, iTAP can detect the attackers position by monitoring unexpected entry points for obfuscated traffic (e.g., an attacker trying to probe an obfuscated header). iTAP supports partial deployment and does not require a network solely consisting of OpenFlow switches to be useful.

iTAP overview

iTAP overview. The network consists of SDN-enabled switches and traditional MAC-learning switches. The headers of flows are rewritten between the ingress and the egress switch.

Publications

...

iTAP: In-network Traffic Analysis Prevention using Software-Defined Networks

Roland Meier, David Gugelmann, Laurent Vanbever

ACM SOSR 2017. Santa Clara, CA, USA (April 2017).

Presentations

...

iTAP: In-network Traffic Analysis Prevention using Software-Defined Networks

Roland Meier

ACM SOSR 2017. Santa Clara, CA, USA (April 2017).

Code

iTAP prototype implementation

We implemented a prototype of iTAP on top of Floodlight, a Java-based OpenFlow-controller. Overall, our implementation consists of approximately 2,000 lines of Java-code.

The source code of the iTAP prototype implementation is publicly available on GitHub.

People

  • Roland Meier, ETH Zürich, meierrol ethz ch
  • David Gugelmann, ETH Zürich, gugelmann tik ee ethz ch
  • Laurent Vanbever, ETH Zürich, lvanbever ethz ch