SIDE CHANNEL ATTACK DETERRENCE IN NETWORKS
First Claim
Patent Images
1. An apparatus comprising:
- at least one processing unit;
at least one non-transitory computer readable medium, the at least one non-transitory computer readable medium encoded with instructions comprising instructions for causing the at least one processing unit to;
receive a plurality of incoming packets configured for routing by a network;
aggregate at least some of the packets of the incoming packets into groups; and
wrap the groups into packages of a normalized size for distribution to destinations within the network.
3 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure relates to technologies to deter side channel data center attacks. An example method may include receiving an incoming packets destined for a network, grouping, at a gateway, the incoming packets into groups, wherein a size of the groups is based on predetermined statistics, and wrapping the groups into packages of normalized size.
-
Citations
27 Claims
-
1. An apparatus comprising:
-
at least one processing unit; at least one non-transitory computer readable medium, the at least one non-transitory computer readable medium encoded with instructions comprising instructions for causing the at least one processing unit to; receive a plurality of incoming packets configured for routing by a network; aggregate at least some of the packets of the incoming packets into groups; and wrap the groups into packages of a normalized size for distribution to destinations within the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
receiving a plurality of incoming packets destined for a network; grouping, at a gateway, the plurality of incoming packets into groups, wherein a size of the groups is based on predetermined statistics; and wrapping the groups into packages of normalized size. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. An apparatus comprising:
-
at least one processing unit; at least one non-transitory computer readable medium encoded with executable instructions comprising instructions for the at least one processing unit to; unwrap one or more wrapped packages received at a virtual machine in a network, wherein the wrapped packages are distributed in a normalized distribution and comprise an aggregation of one or more packets. - View Dependent Claims (20, 21, 22)
-
-
23. A method to deter attack in a network, the method comprising:
-
selecting a distribution of normalized sizes for distribution in the network; receiving incoming packets at a gateway of the network; grouping, at the gateway, the packets into groups of packets for a same destination, wherein the groups of packets are sized in accordance with the normalized sizes; wrapping, at the gateway, the groups of packets into packages for transport to respective destinations. - View Dependent Claims (24, 25, 26, 27)
-
Specification