Random Segmentation: New Traffic Obfuscation against Packet-Size-Based Side-Channel Attacks-Reference-Cited by-同舟云学术

Random Segmentation: New Traffic Obfuscation against Packet-Size-Based Side-Channel Attacks

Published:2023-09-09 Issue:18 Volume:12 Page:3816
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Alyami Mnassar¹²^ORCID,Alghamdi Abdulmajeed¹,Alkhowaiter Mohammed A.¹,Zou Cliff¹^ORCID,Solihin Yan¹^ORCID

Affiliation:

1. College of Engineering and Computer Science, University of Central Florida, Orlando, FL 32816, USA

2. College of Computer Science and Information Technology, Jazan University, Jazan 82822-6694, Saudi Arabia

Abstract

Despite encryption, the packet size is still visible, enabling observers to infer private information in the Internet of Things (IoT) environment (e.g., IoT device identification). Packet padding obfuscates packet-length characteristics with a high data overhead because it relies on adding noise to the data. This paper proposes a more data-efficient approach that randomizes packet sizes without adding noise. We achieve this by splitting large TCP segments into random-sized chunks; hence, the packet length distribution is obfuscated without adding noise data. Our client–server implementation using TCP sockets demonstrates the feasibility of our approach at the application level. We realize our packet size control by adjusting two local socket-programming parameters. First, we enable the TCP_NODELAY option to send out each packet with our specified length. Second, we downsize the sending buffer to prevent the sender from pushing out more data than can be received, which could disable our control of the packet sizes. We simulate our defense on a network trace of four IoT devices and show a reduction in device classification accuracy from 98% to 63%, close to random guessing. Meanwhile, the real-world data transmission experiments show that the added latency is reasonable, less than 21%, while the added packet header overhead is only about 5%.

Funder

U.S. National Science Foundation

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/18/3816/pdf

Reference26 articles.

1. Acar, A., Fereidooni, H., Abera, T., Sikder, A.K., Miettinen, M., Aksu, H., Conti, M., Sadeghi, A.R., and Uluagac, S. (2020, January 8–10). Peek-a-boo: I see your smart home activities, even encrypted!. Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Linz, Austria.

2. Alyami, M., Alharbi, I., Zou, C., Solihin, Y., and Ackerman, K. (2022, January 8–11). WiFi-based IoT Devices Profiling Attack based on Eavesdropping of Encrypted WiFi Traffic. Proceedings of the 2022 IEEE 19th Annual Consumer Communications Networking Conference (CCNC), Virtual.

3. Wang, C., Kennedy, S., Li, H., Hudson, K., Atluri, G., Wei, X., Sun, W., and Wang, B. (2020, January 8–10). Fingerprinting encrypted voice traffic on smart speakers with deep learning. Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Linz, Austria.

4. Identifying IoT devices and events based on packet length from encrypted traffic;Pinheiro;Comput. Commun.,2019

5. Shahid, M.R., Blanc, G., Zhang, Z., and Debar, H. (2018, January 10–13). IoT devices recognition through network traffic analysis. Proceedings of the 2018 IEEE International Conference on Big Data (Big Data), Seattle, WA, USA.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Adaptive Segmentation: A Tradeoff Between Packet-Size Obfuscation and Performance;2024 International Conference on Smart Applications, Communications and Networking (SmartNets);2024-05-28