Defence against Side-Channel Attacks for Encrypted Network Communication Using Multiple Paths

Author:

Haywood Gregor Tamati1ORCID,Bhatti Saleem Noel1ORCID

Affiliation:

1. School of Computer Science, University of St Andrews, St Andrews KY16 9SX, UK

Abstract

As more network communication is encrypted to provide data privacy for users, attackers are focusing their attention on traffic analysis methods for side-channel attacks on user privacy. These attacks exploit patterns in particular features of communication flows such as interpacket timings and packet sizes. Unsupervised machine learning approaches, such as Hidden Markov Models (HMMs), can be trained on unlabelled data to estimate these flow attributes from an exposed packet flow, even one that is encrypted, so it is highly feasible for an eavesdropper to perform this attack. Traditional defences try to protect specific side channels by modifying the packet transmission for the flow, e.g., by adding redundant information (padding of packets or use of junk packets) and perturbing packet timings (e.g., artificially delaying packet transmission at the sender). Such defences incur significant overhead and impact application-level performance metrics, such as latency, throughput, end-to-end delay, and jitter. Furthermore, these mechanisms can be complex, often ineffective, and are not general solutions—a new profile must be created for every application, which is an infeasible expectation to place on software developers. We show that an approach exploiting multipath communication can be effective against HMM-based traffic analysis. After presenting the core analytical background, we demonstrate the efficacy of this approach with a number of diverse, simulated traffic flows. Based on the results, we define some simple design rules for software developers to adopt in order to exploit the mechanism we describe, including a critical examination of existing communication protocol behavior.

Funder

University of St Andrews

Publisher

MDPI AG

Reference43 articles.

1. Dyer, K.P., Coull, S.E., Ristenpart, T., and Shrimpton, T. (2012, January 20–23). Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail. Proceedings of the 2012 IEEE Symposium on Security and Privacy, San Francisco, CA, USA.

2. Hall, J.L., Aaron, M.D., Andersdotter, A., Jones, B., Feamster, N., and Knodel, M. (2024, May 10). A Survey of Worldwide Censorship Techniques. RFC 9505, 2023. Available online: https://www.rfc-editor.org/info/rfc9505.

3. Trammell, B., and Kühlewind, M. (2024, May 10). The Wire Image of a Network Protocol. RFC 8546, 2019. Available online: https://www.rfc-editor.org/info/rfc8546.

4. Song, D.X., Wagner, D., and Tian, X. (2001, January 13–17). Timing Analysis of Keystrokes and Timing Attacks on SSH. Proceedings of the 10th USENIX Security Symposium (USENIX Security 01), Washington, DC, USA.

5. Wright, C.V., Ballard, L., Coull, S.E., Monrose, F., and Masson, G.M. (2008, January 18–21). Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations. Proceedings of the 2008 IEEE Symposium on Security and Privacy (sp 2008), Oakland, CA, USA.

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3