Have No PHEAR: Networks Without Identifiers
MIT Lincoln Laboratory Lexington United States
Pagination or Media Count:
Network protocols such as Ethernet and TCPIP were not designed to ensure the security and privacy of users. To protect users privacy, anonymity networks such as Tor have been proposed to hide both identities and communication contents for Internet traffic. However, such solutions cannot protect enterprise network traffic that does not transit the Internet. In this paper, we present the design, implementation, and evaluation of Packet Header Randomization PHEAR, a privacy-enhancing system for enterprise networks that leverages emerging Software-Defined Networking hardware and protocols to eliminate identifiers found at the MAC, Network, and higher layers of the network stack. PHEAR also encrypts all packet data beyond the Network layer. We evaluate the security of PHEAR against a variety of known and novel attacks and conduct whole-network experiments that show the prototype deployment provides sufficient performance for common applications such as web browsing and file sharing.
- Computer Systems