Defence against Side-Channel Attacks for Encrypted Network Communication Using Multiple Paths
-
Published:2024-05-28
Issue:2
Volume:8
Page:22
-
ISSN:2410-387X
-
Container-title:Cryptography
-
language:en
-
Short-container-title:Cryptography
Author:
Haywood Gregor Tamati1ORCID, Bhatti Saleem Noel1ORCID
Affiliation:
1. School of Computer Science, University of St Andrews, St Andrews KY16 9SX, UK
Abstract
As more network communication is encrypted to provide data privacy for users, attackers are focusing their attention on traffic analysis methods for side-channel attacks on user privacy. These attacks exploit patterns in particular features of communication flows such as interpacket timings and packet sizes. Unsupervised machine learning approaches, such as Hidden Markov Models (HMMs), can be trained on unlabelled data to estimate these flow attributes from an exposed packet flow, even one that is encrypted, so it is highly feasible for an eavesdropper to perform this attack. Traditional defences try to protect specific side channels by modifying the packet transmission for the flow, e.g., by adding redundant information (padding of packets or use of junk packets) and perturbing packet timings (e.g., artificially delaying packet transmission at the sender). Such defences incur significant overhead and impact application-level performance metrics, such as latency, throughput, end-to-end delay, and jitter. Furthermore, these mechanisms can be complex, often ineffective, and are not general solutions—a new profile must be created for every application, which is an infeasible expectation to place on software developers. We show that an approach exploiting multipath communication can be effective against HMM-based traffic analysis. After presenting the core analytical background, we demonstrate the efficacy of this approach with a number of diverse, simulated traffic flows. Based on the results, we define some simple design rules for software developers to adopt in order to exploit the mechanism we describe, including a critical examination of existing communication protocol behavior.
Funder
University of St Andrews
Reference43 articles.
1. Dyer, K.P., Coull, S.E., Ristenpart, T., and Shrimpton, T. (2012, January 20–23). Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail. Proceedings of the 2012 IEEE Symposium on Security and Privacy, San Francisco, CA, USA. 2. Hall, J.L., Aaron, M.D., Andersdotter, A., Jones, B., Feamster, N., and Knodel, M. (2024, May 10). A Survey of Worldwide Censorship Techniques. RFC 9505, 2023. Available online: https://www.rfc-editor.org/info/rfc9505. 3. Trammell, B., and Kühlewind, M. (2024, May 10). The Wire Image of a Network Protocol. RFC 8546, 2019. Available online: https://www.rfc-editor.org/info/rfc8546. 4. Song, D.X., Wagner, D., and Tian, X. (2001, January 13–17). Timing Analysis of Keystrokes and Timing Attacks on SSH. Proceedings of the 10th USENIX Security Symposium (USENIX Security 01), Washington, DC, USA. 5. Wright, C.V., Ballard, L., Coull, S.E., Monrose, F., and Masson, G.M. (2008, January 18–21). Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations. Proceedings of the 2008 IEEE Symposium on Security and Privacy (sp 2008), Oakland, CA, USA.
|
|