Method and apparatus for preventing network traffic analysis
First Claim
1. A system for preventing analysis and monitoring of network traffic between network host computers wherein false packets are generated and transmitted along with a true packet to hide actual message traffic flow, said system comprising:
- an extension header positioned in a hierarchy of Internet protocol headers controlling passage of the false packets and the true packet through a network, said extension header having a plurality of fields;
a sending host computer having means for filling said fields with values designating the size of said extension header, a message packet type, a maximum number (X) of false packets to be generated, a minimum number of hops that the false packets will traverse, a minimum and maximum and baseline false packet body size, a source address for the true packet, whether re-encryption is permitted, a false packet generation probability, a decay rate for the false packet generation probability, a total number of re-encryptions performed, and a decryption key pointer value;
means for generating at the sending host computer a plurality of false packets for each true packet; and
means for transmitting the false packets and the true packet containing said Internet protocol headers and said extension header over said network to at least one intermediate host computer and a recipient host computer.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for generating and transmitting false packets along with a true packet to thereby hide or obscure the actual message traffic. A new extension header having a plurality of fields is positioned in the hierarchy of Internet protocol headers that control passage of the false packets and the true packet through the network. A sending host computer generates a plurality of false packets for each true packet and transmits the false packets and the true packet containing the Internet protocol headers and the extension header over the network. The new extension header is decrypted and re-encrypted each host that handles a message packet that uses the new extension header to control the random re-encryption of the true packet body at random hosts and the random generation of false packets at each host visited by a true packet, at the recipient of the true packet, and at any hosts that receive a false packet.
-
Citations
20 Claims
-
1. A system for preventing analysis and monitoring of network traffic between network host computers wherein false packets are generated and transmitted along with a true packet to hide actual message traffic flow, said system comprising:
-
an extension header positioned in a hierarchy of Internet protocol headers controlling passage of the false packets and the true packet through a network, said extension header having a plurality of fields;
a sending host computer having means for filling said fields with values designating the size of said extension header, a message packet type, a maximum number (X) of false packets to be generated, a minimum number of hops that the false packets will traverse, a minimum and maximum and baseline false packet body size, a source address for the true packet, whether re-encryption is permitted, a false packet generation probability, a decay rate for the false packet generation probability, a total number of re-encryptions performed, and a decryption key pointer value;
means for generating at the sending host computer a plurality of false packets for each true packet; and
means for transmitting the false packets and the true packet containing said Internet protocol headers and said extension header over said network to at least one intermediate host computer and a recipient host computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for preventing network data packet switching traffic analysis by generating and transmitting false packets along with a true packet to hide actual message traffic flow, comprising the steps of:
-
a. inserting an extension header having a plurality of fields in a hierarchy of Internet protocol headers controlling passage of the false packets and the true packet through a network;
b. at a sending host computer, filling said fields with values designating the size of said extension header (0), a message packet type (A), a maximum number (X) of false packets to be generated (B), a minimum number of hops that the false packets will traverse (C), a minimum (D) and maximum (E) and baseline (F) false packet body size, a source address (G) for the true packet, whether re-encryption is permitted (H), a false packet generation probability (I), a decay rate for the false packet generation probability (J), a total number of re-encryptions performed (M), and a decryption key pointer value (N);
c. generating at the sending host computer a plurality of false packets for each true packet;
d. transmitting the false packets and the true packet containing said Internet protocol headers and said extension header over said network;
e. at an intermediate and recipient host computer, decrypting the extension header and determining whether the packet is true or false;
f. if false, determining from the false packet generation probability whether to generate a new false packet;
g. changing the false packet generation probability using the decay rate for the false packet generation probability;
h. decrementing X and filling said fields with values designating the new false packet;
i. transmitting the new false packet containing the extension header to a subsequent host computer; and
j. repeating steps h. and i. until X=0. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method for preventing network data packet switching traffic analysis by generating and transmitting false packets along with a true packet to hide actual message traffic flow, comprising the steps of:
-
a. inserting an extension header having a plurality of fields in a hierarchy of internet protocol headers controlling passage of the false packets and the true packet through a network;
b. at a sending host computer, filling said fields with values designating the size of said extension header (0), a message packet as true or false (A), a maximum number (X) of false packets to be generated (B), a minimum number of hops that the false packets will traverse (C), a minimum (D) and maximum (E) and baseline (F) false packet body size, an address (G) for the true packet, whether re-encryption is permitted (H), a false packet generation probability (I) a decay rate for the false packet generation probability (J), a total number of re-encryptions performed (M), and a decryption key pointer value (N);
c. generating at the sending host computer a plurality of false packets for each true packet; and
d. transmitting the false packets and the true packet containing said Internet protocol headers and said extension header over said network to at least one intermediate and a recipient host computer. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification