Anonymisation of communications by replacing constant/predictable protocol fields with values from pre-agreed sequence of pseudo random numbers

摘要

Even secure communications can include a number of values that are invariant or predictable in its protocol or metadata. For example MAC or IP addresses, port or sequence numbers or IKE or IPSec SPI's. These values may be utilised by an attacker to identify a particular communication stream or particular communicating parties. The invention works by supplying communication parties with identical sequences of pseudo random values. Either by each generating the sequence from a shared secret, perhaps using a hash chain, or the sequence being distributed to them both from a common third party. The parties then associate each pseudo random sequence with a particular one of the vulnerable values, and replaces the vulnerable value with values from the sequence. The value may be varied every message or only periodically. The receiver then looks for the pseudo random values and maps back to the vulnerable value when it finds one.