Technical field

The present invention relates to the field of communication networks. In particular, the present invention relates to a method for establishing a connection in a packet-switched communication network. The present invention also relates to a node configured to perform such method and to a packet-switched communication network comprising such node. Background art

In a packet-switched communication network, packet flows are transmitted from source nodes to destination nodes through possible intermediate nodes. Exemplary packet-switched networks are IP (Internet Protocol) networks, Ethernet networks and MPLS (Multi- Protocol Label Switching) networks.

In order to guarantee privacy and data integrity of the packets exchanged between nodes, cryptographic protocols are known, such as TLS (Transport Layer Security), which are designed to prevent eavesdropping and tampering of the packets by encrypting them before they are transmitted.

In general, when two nodes establish a communication session, they agree a set of encryption parameters, which they will use for encrypting and decrypting the exchanged packets until the end of the communication session. Client-server transport layer (layer 4) network protocols such as QUIC (Quick UDP Internet Connections) and TCP (Transmission Control Protocol) + TLS in general provide for a connection establishing mechanism known as “three-way handshake”, whereby the endpoints of the connection (client and server) authenticate each other and negotiate the encryption parameters, including the encryption key(s). Hao Jiang et al. : “Passive Estimation of TCP Round-Trip Times”, ACM SIGCOMM Computer Communication Review, 2002, retrieved at the following URL: https://www.cc.gatech.edu/fac/Constantinos.Dovrolis/Papers/r tt.pdf discloses that a three-way handshake for establishing a TCP connection in general is initiated by the caller X transmitting to the callee Y a first handshake packet, namely the packet SYN. The callee Y replies by transmitting to the caller X a second handshake packet, namely the packet SYN/ACK. The caller X replies by transmitting to the callee Y a third handshake packet, namely the packet ACK.

Upon completion of this three-way exchange of handshake packets between caller X and callee Y, both the endpoints know the encryption key(s). From that moment on, the endpoints will use the encryption key(s) to encrypt all the subsequently exchanged packets, which are accordingly protected against eavesdropping and tampering.

Summary of the invention

The Applicant has noticed that, though the known three-way handshake mechanism guarantees privacy and data integrity of the subsequently exchanged packets, the handshake packets themselves - being non encrypted - could be eavesdropped by unauthorized parties, which may derive therefrom privacy-sensitive information on the endpoints of the connection. In particular, the Applicant has noticed that, since the handshake packets are not encrypted, an unauthorized party could identify reciprocally correlated handshake packets (namely, handshake packets belonging to a same handshake procedure carried out by a certain couple client-server). The unauthorized party may then obtain, for example, a rough measurement of the RTT (round trip time) between client and server as the time lapsing between detection times of the first and third handshake packets transmitted by the client to the server, as disclosed by the above mentioned paper by Hao Jiang et al.. Such RTT measurement provides a rough indication of the distance between client and server. Based on such rough indication, the unauthorized party could determine the client’s physical position and even the client’s identity, thereby violating its privacy. In view of the above, the Applicant has tackled the problem of providing a method for establishing a connection between two nodes of a packet-switched communication network, which prevents non authorized parties from deriving - during the connection establishment procedure - privacy-sensitive information about at least one of the nodes, in particular the one acting as client.

According to embodiments of the present invention, the above problem is solved by a method for establishing a connection between a first node and second node of a packet-switched communication network, wherein the first node transmits to the second node a first connection establishing packet; the second node transmits to the first node a second connection establishing packet in response to reception of the first connection establishing packet; and the first node transmits to the second node a third connection establishing packet in response to reception of the second connection establishing packet. Before transmitting the third connection establishing packet, the first node waits a predefined wait time Tw since reception of the second connection establishing packet.

In the present description and in the claims, the expression “connection establishing packet” will designate a signaling packet transmitted during a procedure for establishing a connection, which comprises data allowing the nodes which transmit and receive such packet to agree a set of encryption parameters, including the encryption key(s) which the nodes will use to encrypt/decrypt all the packets that will be exchanged through the connection, once it is established. A connection establishing packet is therefore not encrypted, or at most it is encrypted using a key which is known or may be easily derived by unauthorized parties (e.g. the Destination Connection ID which, in the QUIC protocol, is written in plain text in the first handshake packet and is used as a key for encrypting at least part of the subsequent handshake packets). This operation of the nodes advantageously prevents non authorized parties from deriving from the connection establishing packets privacy-sensitive information about the node(s) which applies the wait time Tw.

The first node initiates the establishment of a connection by transmitting to the second node a first connection establishing packet. For example, the first node and the second node may act as client and server of the connection to be established, which may be for example a QUIC connection. As the second node receives the first connection establishing packet, it transmits to the first node a second connection establishing packet in response thereto. As the first node receives the second connection establishing packet, it waits a wait time Twand then it transmits to the second node a third connection establishing packet.

A measurement point placed on the path of the connection establishing packets (namely, at an intermediate position or at any of the two nodes) may then detect the connection establishing packets. The measurement point may then calculate e.g. the RTT between the two nodes as the time lapsing between the detection times of the first and third connection establishing packets, decreased by the wait time Tw.

Advantageously, the measurement point is then capable of calculating a correct RTT value between the two nodes only if it knows the value of the wait time Tw. Hence, if a non authorized party places a measurement point on the path of the connection establishing packets, but the measurement point has no knowledge of the value of the wait time Tw (or even of the fact that a wait time Tw is applied), it may at most calculate the time lapsing between detection times of the first and third connection establishing packets, thereby obtaining an incorrect end-to-end RTT value which is affected by an error equal to the wait time Tw. Since the wait time Tw is unknown, such error can not be compensated. The real reciprocal distance between the two nodes can not therefore be determined, and then any privacy-sensitive information relating to the nodes (in particular, their reciprocal distance) is advantageously protected.

According to a first aspect, the present invention provides a method for establishing a connection between a first node and a second node of a packet-switched communication network, the method comprising: a) by the first node, transmitting to the second node a first connection establishing packet; b) by the second node, transmitting to the first node a second connection establishing packet in response to reception of the first connection establishing packet; and c) by the first node, transmitting to the second node a third connection establishing packet in response to reception of the second connection establishing packet, wherein the first node transmits the third connection establishing packet in response to reception of the second connection establishing packet after a predefined wait time Tw has lapsed since reception of the second connection establishing packet. Preferably, the first connection establishing packet initializes the establishing of the connection between the first node and the second node.

Preferably, steps a), b) and c) are part of a three-way handshake procedure for establishing the connection between the first node and the second node. Preferably, the value of the wait time Tw is selected by the first node, the value of the wait time Tw being unknown to parties non authorized by an entity managing the first node.

Preferably, the first node selects the value of the wait time Tw in a random way from a predefined selection range. Preferably, a probability density function of the value of the wait time Tw in the predefined selection range is non uniform.

According to a preferred embodiment, the first node periodically changes the value of the wait time Tw.

Preferably, the first node changes the value of the wait time Tw when it is assigned a new IP address.

Preferably, the first node runs more than one application establishing one or more connections with the second node, each one of the more than one application applying a same value of the wait time Tw. According to a preferred embodiment, at step c) the first node performs, before the predefined wait time Tw has lapsed, at least part of an operation of processing the received second connection establishing packet and generating the third connection establishing packet which will be transmitted after the predefined wait time Tw has lapsed.

According to a second aspect, the present invention provides a node for a packet-switched communication network, the node being configured to establish a connection with a further node of the packet-switched communication network, the node being configured to:

- transmit to the further node a first connection establishing packet; and

- in response to reception of a second connection establishing packet transmitted by the further node in response to reception of the first connection establishing packet, transmitting to the further node a third connection establishing packet, wherein the node is configured to transmit the third connection establishing packet in response to reception of the second connection establishing packet after a predefined wait time Tw has lapsed since reception of the second connection establishing packet. According to a third aspect, the present invention provides a packet-switched communication network comprising a first node and a second node configured to establish a connection between them, wherein:

- the first node is configured to transmit to the second node a first connection establishing packet;

- the second node is configured to transmit to the first node a second connection establishing packet in response to reception of the first connection establishing packet; and

- the first node is further configured to transmit to the second node a third connection establishing packet in response to reception of the second connection establishing packet, wherein the first node is configured to transmit the third connection establishing packet in response to reception of the second connection establishing packet after a predefined wait time Tw has lapsed since reception of the second connection establishing packet.

Brief description of the drawings

The present invention will become clearer from the following detailed description, given by way of example and not of limitation, to be read with reference to the accompanying drawings, wherein: - Figure 1 schematically shows a packet-switched communication network in which the method for establishing a connection according to embodiments of the present invention is implemented; - Figure 2 is a flow chart of the operation of two nodes of the communication network of Figure 1, according to an embodiment of the present invention; and

- Figures 3a-3c show three exemplary scenarios which might occur in the communication network of Figure 1. Detailed description of preferred embodiments of the invention

Figure 1 schematically shows a packet-switched communication network 100 comprising nodes configured to establish a connection according to an embodiment of the present invention.

The communication network 100 comprises a plurality of nodes reciprocally interconnected by physical links according to any known topology, including two nodes 1 and 2 shown in Figure 1. The nodes 1 and 2 may be connected by a single physical link or by the concatenation of several physical links and intermediate nodes (not shown in the drawings). The communication network 100 may be for instance an IP network.

In order to establish a connection between them, the nodes 1, 2 are configured to perform an exchange of connection establishing packets. For example, such exchange of connection establishing packets may include a three-way handshake procedure whereby the nodes exchange three connection establishing packets, namely a first connection establishing packet Ph1 initiating the three-way handshake and two further connection establishing packets Ph2, Ph3 transmitted in response to reception of a preceding connection establishing packet Ph1, Ph2. Specifically: - the node 1 is configured to initiate the establishment of the connection with the node 2 by transmitting to the node 2 the first connection establishing packet Ph1;

- the node 2 is configured to, in response to reception of the first connection establishing packet Ph1, transmit to the node 1 a second connection establishing packets Ph2; and

- the node 1 is configured to, in response to reception of the second connection establishing packet Ph2, transmit to the node 2 a third connection establishing packets Ph3.

The connection establishing packets Ph1, Ph2, Ph3 carry data allowing the nodes 1, 2 to reciprocally authenticate and agree a set of encryption parameters including the encryption key(s), which they will use for encrypting and decrypting the packets which they will exchange subsequently, until the end of the communication session. For example, if the connection being established is a TCP+TLS connection with the node 1 acting as client and the node 2 acting as server, the first connection establishing packet Ph1 is the packet TCP SYN, the second connection establishing packet Ph2 is the packet TCP SYN/ACK and the third connection establishing packet Ph3 is the packet TCP ACK. As a second example, if the connection being established is a QUIC connection with the node 1 acting as client and the node 2 acting as server, the packets Ph1 , Ph2 and Ph3 are those provided by the 1-RTT mechanism described by J. Iyengar et al.: “QUIC: A UDP-Based Multiplexed and Secure Transport”, chapter 7.1 , IETF RFC 9000, May 2021. With reference now to the flow chart of Figure 2, the operation of the nodes 1 , 2 will be described in further detail. If the nodes 1 , 2 are the endpoints for example of a QUIC connection, the node 1 may be the one acting as client of the QUIC connection, while the node 2 may be the one acting as server of the QUIC connection. The node 1 preferably initiates the establishment of a connection with the node 2 by transmitting thereto the first connection establishing packet Ph1 (step 20).

The node 2 waits for reception of possible connection establishing packets initiating the establishment of connections with other nodes of the network 100 (step 21). As the node 2 receives the first connection establishing packet Ph1 from the node 1, in response thereto it preferably transmits to the node 1 the second connection establishing packet Ph2 (step 22).

After transmission of the first connection establishing packet Ph1, the node 1 preferably waits for reception of the second connection establishing packet Ph2 from the node 2 (step 23). As the node 1 receives the second connection establishing packet Ph2 from the node 2, it preferably enters a waiting status whose duration is equal to a wait time Tw (step 24).

In particular, at step 24 the node 1 starts a local timer counting the wait time Tw. The wait time Tw is preferably selected by the node 1 and is known only by the node 1. Preferably, the node 1 selects the value of the wait time Tw in a random way. According to a particularly preferred embodiment, the value of the wait time Tw is randomly selected by the node 1 in a predefined selection range, for example 0 ms to 19 ms.

According to a preferred embodiment, the node 1 periodically changes the value of the wait time Tw. For example, the node 1 may select a new random value of the wait time Tw each time the node 1 is assigned a new IP address. According to a variant, the probability density function in the predefined selection range of Tw is non uniform (e.g. the probability of the range lower values may be higher than the probability of the range higher values or vice versa). This further increases the security of the mechanism, as it will be explained in further detail herein below. Preferably, in case the node 1 runs more than one application, each application establishing one or more connections with the node 2, all these applications preferably apply a same value of the wait time Tw.

After the wait time Twhas lapsed, the node 1 preferably transmits to the node 2 the third connection establishing packet Ph3 (step 25). It may be appreciated that the processing of the second connection establishing packet Ph2 and the generation of the third connection establishing packet Ph3 may be at least partially performed by the node 1 at step 24, namely before the wait time Tw is lapsed. However, the node 1 waits lapse of the wait time Tw before transmitting the third connection establishing packet Ph3, even if its generation is completed before. Alternatively, the node 1 may start the processing of the second connection establishing packet Ph2 and the generation of the third connection establishing packet Ph3 after the wait time Twhas lapsed. Still alternatively, the node 1 may start the processing of the second connection establishing packet Ph2 and the generation of the third connection establishing packet Ph3 upon reception of the second connection establishing packet Ph2 from the node 2, and then start the timer counting the wait time Tw when the generation of the third connection establishing packet Ph3 is completed. In any case, the third connection establishing packet Ph3 will be transmitted after the wait time Tw has lapsed.

After transmission of the second connection establishing packet Ph2, the node 2 preferably waits for reception of the third connection establishing packet Ph3 from the node 1 (step 26). As the node 2 receives the third connection establishing packet Ph3 from the node 1, the three-way handshake is completed and both the nodes 1, 2 have information to define an agreed set of encryption parameters including the encryption key(s) (step 27), which they will use for encrypting and decrypting the packets which they will exchange subsequently, until the end of the communication session. This operation of the nodes 1, 2 advantageously prevents non authorized parties from deriving from the connection establishing packets Ph1, Ph2, Ph3 privacy-sensitive information about the node 1 which applies the wait time Tw, as it will be discussed in detail with reference to Figures 3a-3c.

With reference first to Figure 3a, at time t1 the node 1 initiates the establishment of a connection by transmitting the first connection establishing packet Ph1 to the node 2 (step 20).

At time t2, the node 2 receives the first connection establishing packet Ph1 and, in response thereto, it transmits to the node 1 the second connection establishing packet Ph2 (step 22). The transmission time of the second connection establishing packet Ph2 is delayed relative to the reception time t2 of the first connection establishing packet Ph1 by a maximum time E2, which depends on the processing time of the first connection establishing packet Ph1 and generation time of the second connection establishing packet Ph2 at the node 2.

Then, at time t3, the node 1 receives the second connection establishing packet Ph2 and enters a waiting status whose duration is equal to a wait time Tw (step 24). While in the waiting status, the node 1 may perform at least part of the processing of the received second connection establishing packet Ph2 and the generation of the third connection establishing packet Ph3.

Then the wait time Tw lapses and, at time t4, the node 1 transmits to the node 2 the third connection establishing packet Ph3 (step 25). If the node 1 performs whole processing of the second connection establishing packet Ph2 and generation of the third connection establishing packet Ph3 before the wait time Twhas lapsed, the third connection establishing packet Ph3 is ready for transmission when the wait time Tw lapses, and hence the time t4 substantially coincides with the lapse of the wait time Tw. Otherwise, the time t4 may be delayed relative to lapse of the wait time Tw. This may happen if the processing of the second connection establishing packet Ph2 and generation of the third connection establishing packet Ph3 is performed at least partially after the wait time Tw has lapsed, as it may happen if - for example - the time E1 for processing the second connection establishing packet Ph2 and generating the third connection establishing packet Ph3 is longer than the wait time Tw. In this case, the third connection establishing packet Ph3 is substantially transmitted upon lapse of a time E1 (longer than the wait time Tw) since reception of the second connection establishing packet Ph2.

In the scenario of Figure 3a, it is assumed that a single measurement point 10 is placed on the path of the connection establishing packets Ph1, Ph2, Ph3 (namely, at an intermediate position or at any of the two nodes 1, 2). Assuming that the measurement point 10 is capable of detecting the packets transmitted from the node 1 to the node 2, at time TS1 the measurement point 10 detects the first connection establishing packet Ph1 and at time TS3 it detects the third connection establishing packet Ph3. As apparent from Figure 3a, the end-to-end

RTT (namely, the RTT between the nodes 1 and 2) between the nodes 1 and 2 is the time TS3-TS1 lapsing between the detections of the first and third connection establishing packets Ph1, Ph3, decreased by the wait time Tw. The measurement point 10 is then capable of calculating a correct end-to-end RTT value between the two nodes 1 and 2 only if it knows the value of the wait time Tw. In that case, the measurement point 10 may calculate the correct value of the end-to-end RTT as:

RTTE2E = (TS3-TS1 ) - Tw [1] Otherwise, if the measurement point 10 is placed on the path of the bidirectional packet flow Pk, Pk’ by a non authorized party who has no knowledge of the wait time Tw (or even of the fact that a wait time Tw is applied by the node 1), it may at most calculate the difference TS3-TS1, thereby obtaining an incorrect end-to-end RTT measurement affected by an error equal to the wait time Tw. Since the wait time Tw is unknown, such error can not be compensated. The real reciprocal distance between the nodes 1, 2 can not therefore be determined, and then any privacy-sensitive information relating to the nodes 1 , 2 (in particular, their reciprocal distance) is advantageously protected.

It may be appreciated that, in principle, the unauthorized party could infer an estimate of the wait time Tw, for example by calculating the value of RTTE2E for several communication sessions set up between the nodes 1 and 2 and by calculating an average of such values. If the minimum value Twmin and maximum value Twmax of the range from which the wait time Tw is selected are known (e.g. 0 ms and 19 ms), an estimate of the wait time Tw could be obtained e.g. by subtracting (Twmin+Twmax)/2 from the average RTTE2E. Periodically changing the minimum value Twmin and/or the maximum value Twmax, and/or using a non uniform probability density function in the selection range of Tw and/or periodically changing the probability density function advantageously obviates this drawback.

Further, as disclosed above, the transmission time t4 of the third connection establishing packet Ph3 may coincide with the lapse of the wait time Tw, or it may be delayed relative to it. Hence, equation [1] may be reformulated in more general terms as:

RTT E2E = (TS3-TS1 ) - (t4-t3) [1 ’] with (t4-t3) > Tw. If the node 1 starts processing the second connection establishing packet Ph2 and generating the third connection establishing packet Ph3 at time t3 and the processing and generation time E1 is longer than the wait time Tw, then (t4-t3) is equal to E1. An unauthorized party capable of estimating E1 could then calculate the correct value of the end-to-end RTT by applying equation [1’], even if it does not know the value of Tw. In order to minimize this risk, the value of the wait time Tw is preferably selected longer than E1 (for example, the probability density function in the predefined selection range of Tw is such that the probability of the range higher values is higher than the probability of the range lower values). Alternatively, the processing of the second connection establishing packet Ph2 and generation the third connection establishing packet Ph3 is started only after the wait time Tw has lapsed. In this latter case, the value of the wait time Tw is preferably selected as short as possible (for example, the probability density function in the predefined selection range of Tw is such that the probability of the range lower values is higher than the probability of the range higher values). This guarantees that (t4-t3) is not equal to the processing and generation time E1.

With reference to Figure 3b, it is now assumed that the measurement point 10 is capable of detecting both packets transmitted from the node 1 to the node 2 and packets transmitted from the node 2 to the node 1. In this case, as described above the measurement point 10 detects the first connection establishing packet Ph1 and the third connection establishing packet Ph3 at times TS1 and TS3, respectively. In addition, at time TS2, the measurement point 10 also detects the second connection establishing packet Ph2. As apparent from Figure 3b, the time TS2- TS1 lapsing between detection of the first connection establishing packet Ph1 and detection of the second connection establishing packet Ph2 is the right-hand RTT (namely, the RTT between measurement point 10 and node 2, also termed “upstream RTT”, if the node 2 acts as the server of the end-to-end connection between node 1 and node 2).

The measurement point 10 may then calculate the value of the right-hand RTT as:

RTTR = (TS2-TS1 ) [2] It is to be noted that the measurement point 10 is capable of calculating a correct right-hand RTT value even if it doesn’t know the value of the wait time Tw. From such measurement, the measurement point 10 may then derive a rough indication of the relative distance between itself and the node 2, which enables it to obtain a rough indication of the position of the node 2.

Advantageously, the privacy of the node 1 however still continues being protected also in this case.

As apparent from Figure 3b, indeed, the left-hand RTT (namely, the RTT between the node 1 and the measurement point 10, also termed “downstream RTT”, if the node 1 acts as the client of the end- to-end connection between node 1 and node 2) is the time TS3-TS2 lapsing between detection of the second connection establishing packet Ph2 and detection of the third connection establishing packet Ph3, decreased by the wait time Tw. The measurement point 10 is then capable of calculating a correct left-hand RTT value (short of the delays E1, E2 introduced by the nodes 1 , 2, as discussed above) only if it knows the value of the wait time Tw. In that case, the measurement point 10 may calculate the value of the left-hand RTT as: RTTL = (TS3-TS2) - Tw [3]

Otherwise, if the measurement point 10 is placed on the path of the bidirectional packet flow Pk, Pk’ by a non authorized party who has no knowledge of the wait time Tw (or even of the fact that a wait time Tw is applied by the node 1), it may at most calculate the difference TS3-TS2, thereby obtaining an incorrect left-hand RTT value affected by an error equal to the wait time Tw. Since the wait time Tw is unknown, such error can not be compensated. The real reciprocal distance between the node 1 and the measurement point 10 can not therefore be determined, and then any privacy-sensitive information relating to the node 1 (in particular, its distance from the measurement point 10) is still advantageously protected.

The privacy of the node 1 continues being protected also in case more than one measurement point is placed on the path of the connection establishing packets Ph1, Ph2, Ph3. In the scenario of Figure 3c, it is assumed that two measurement points 11, 12 are placed on the path of the connection establishing packets Ph1, Ph2, Ph3 (namely, at an intermediate position or at any of the two nodes 1 , 2).

Assuming that each one of the measurement points 11 , 12 is capable of detecting both packets transmitted from the node 1 to the node 2 and packets transmitted from the node 2 to the node 1, the first connection establishing packet Ph1 is detected by the measurement point 11 at time TS11 and by the measurement point 12 at time TS12; the second connection establishing packet Ph2 is detected by the measurement point 11 at time TS21 and by the measurement point 12 at time TS22; and the third connection establishing packet Ph3 is detected by the measurement point 11 at time TS31 and by the measurement point 12 at time TS32.

From the above detection times, the following RTT values may be calculated:

- end-to-end RTT (RTTE2E), calculated as either the time TS31- TS11 lapsing between detections of the connection establishing packets Ph1 and Ph3 by the measurement point 11, decreased by the wait time Tw; or calculated as the time TS32-TS12 lapsing between detections of the connection establishing packets Ph1 and Ph3 by the measurement point 12, decreased by the wait time Tw;

- right-hand RTT between measurement point 11 and node 2 (RTTR-I), calculated as the time TS21-TS11 lapsing between detections of the connection establishing packets Ph1 and Ph2 by the measurement point 11 ;

- right-hand RTT between measurement point 12 and node 2 (RTTR ₂ ), calculated as the time TS22-TS12 lapsing between detections of the connection establishing packets Ph1 and Ph2 by the measurement point 12; - left-hand RTT between node 1 and measurement point 11

(RTTu), calculated as the time TS31-TS21 lapsing between detections of the connection establishing packets Ph2 and Ph3 by the measurement point 11 , decreased by the wait time Tw; and

- left-hand RTT between node 1 and measurement point 12 (RTTL2), calculated as the time TS32-TS22 lapsing between detections of the connection establishing packets Ph2 and Ph3 by the measurement point 12, decreased by the wait time Tw It may be appreciated that only the right-hand values RTTRI and RTTR ₂ are independent of the wait time Tw, while the end-to-end value RTTE2E and the left-hand value RTTu and RTTL2 are all dependent on the wait time Tw. The correct values of RTTE2E, RTTU and RTTL2 (short of the delays E1, E2 introduced by the nodes 1, 2, as discussed above) may then be calculated only by authorized parties having a knowledge of the value of Tw, while non authorized parties having no knowledge of the value of Tw will provide incorrect values affected by an error equal to Tw, which they won’t be capable to compensate. Any privacy-sensitive information on the node 1 derivable from the distance of the node 1 from the node 2 and/or from the measurement point 11 and/or from the measurement point 12 then continues being protected also in this case.

It has to be noted that the left-hand values RTTu and RTTL2 could be indirectly calculated. For example, RTTu may be calculated as a difference between RTTE2E and RTTRI and, similarly, RTTL2 may be calculated as a difference between RTTE2E and RTTR2. It may be appreciated however that also the results of such indirect calculation are dependent on Tw. Hence, no correct value of the left-hand RTT may be calculated indirectly, and hence the privacy of the node 1 continues being protected.

Another indirect measurement which may be obtained is the RTT between the measurement points 11 and 12, namely RTT1-2. This may be calculated as either RTTRI -RTTR2, or RTTL2-RTTU. It maybe appreciated that both the results obtained for RTT1-2 are independent of Tw. While indeed both RTTRI and RTTR2 are independent of Tw (and hence also their difference is independent of Tw), RTTu and RTTL2 depend on Tw, but such dependence is compensated when the difference between RTTL2 and RTTu is calculated. Hence, based on the left-hand and right-hand values provided by the measurement points 11, 12, a correct RTT measurement may be provided between the measurement points 11, 12, even without having any knowledge of the value of the wait time Tw, or even of the fact that a wait time Tw is applied by the node 1.

Though in the above description it has been assumed that the node 1 applies the wait time Tw, according to other embodiments the node 2 may instead apply the wait time Tw before transmission of the second connection establishing packet Ph2 in response to reception of the first connection establishing packet Ph1. In that case, all the considerations set forth above in connection to the node 1 and the protection of privacy-sensitive information relating thereto apply to the node 2. In that case, indeed, only left-hand RTT values are independent of Tw, while end-to-end RTT values and right-hand RTT values which may be obtained by either a single measurement point or more measurement points placed between the nodes 1 and 2 are dependent of Tw.

According to other embodiments, both the nodes 1 and 2 apply respective wait times Twi and Tw2 before transmission of the respective connection establishing packets Ph3 and Ph2. Each node 1, 2 may select its own value of the wait time Twi and Tw2 independently from each other. In that case, privacy-sensitive information relating to both nodes 1 , 2 are advantageously protected, because all the end-to-end, right-hand and left-hand RTT values which might be obtained by one or more measurement points placed between the nodes 1 and 2 are dependent of Twi and/or Tw2. In this case, only RTT values between intermediate measurement points may be calculated correctly by unauthorized party having no knowledge of the values of the wait times Twi and Tw2. Such measurements are indeed independent of the values of the wait times Twi and Tw2, as discussed above in connection with Figure 3c.

Though, in the above description, reference has been made to a situation where the wait time Twis applied to transmission of the third connection establishing packet Ph3, this is not limiting. If the third connection establishing packet Ph3 is followed by a fourth connection establishing packet transmitted by the node 2 in response to reception of the third connection establishing packet Ph3, the wait time Tw could by applied by the node 2 to transmission of such fourth connection establishing packet. In case the fourth connection establishing packet is at least partially non encrypted, this advantageously prevents non authorized parties from correlating such fourth connection establishing packet with the second connection establishing packet Ph2 and, based on their detection times, calculating the RTT between the nodes 1, 2, from which privacy-sensitive information on the nodes 1 and 2 could be derived.