Traffic Analysis Countermeasures Using Software-Defined Internet Exchanges

The current Internet architecture has a fixed mapping of IP addresses/ranges to services and client organizations. This makes it easy for individuals to hijack sessions, perform traffic analysis, launch denial of service (DoS) attacks, and create man in the middle (MitM) attacks. This paper discusses experimentation using a border gateway protocol (BGP) testbed, a large range of IPV6 space, and software defined networking (SDN) to create software defined Internet exchanges (SDX) that create random mappings between clients and software services. This paper first discusses traffic analysis vulnerabilities inherent in the current approach. It then consider an ideal approach, which removes these problems but is inconsistent with current practice. Finally, the paper concludes by describing a prototype SDX that mitigates current vulnerabilities.