research-article

Open access

TSA: a tool to detect and quantify network side-channels

Authors:

ESEC/FSE 2022: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering

Pages 1760 - 1764

https://doi.org/10.1145/3540250.3558938

Published: 09 November 2022 Publication History

PDF eReader

Abstract

Mobile applications, Internet of Things devices and web services are pervasive and they all encrypt the communications between servers and clients to not have information leakages. While the network traffic is encrypted, packet sizes and timings are still visible to an eavesdropper and these properties can leak information and sacrifice user privacy. We present TSA, a black box network side-channel analysis tool which detects and quantifies side-channel information leakages. TSA provides the users with the means to automate trace gathering by providing a framework in which the users can write mutators for the inputs to the system under analysis. TSA can also take as input traces directly for analysis if the user prefers to gather them separately. TSA is open-source and available as a Python package and a command-line tool. TSA demo, tool and benchmarks are available at https://github.com/kadron/tsa-tool.

References

[1]

Abbas Acar, Hossein Fereidooni, Tigist Abera, Amit Kumar Sikder, Markus Miettinen, Hidayet Aksu, Mauro Conti, Ahmad-Reza Sadeghi, and Selcuk Uluagac. 2020. Peek-a-Boo: I see your smart home activities, even encrypted!. In Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 207-218.

Digital Library

Google Scholar

[2]

Giovanni Cherubin, Konstantinos Chatzikokolakis, and Catuscia Palamidessi. 2019. F-BLEAU: Fast Black-box Leakage Estimation. CoRR abs/ 1902.01350 ( 2019 ). arXiv: 1902.01350 http://arxiv.org/abs/ 1902.01350

Google Scholar

[3]

Tom Chothia, Yusuke Kawamoto, and Chris Novakovic. 2013. A Tool for Estimating Information Leakage. In Computer Aided Verification-25th International Conference, CAV 2013, Saint Petersburg, Russia, July 13-19, 2013. Proceedings (Lecture Notes in Computer Science, Vol. 8044 ), Natasha Sharygina and Helmut Veith (Eds.). Springer, 690-695. https://doi.org/10.1007/978-3-642-39799-8_47

Crossref

Google Scholar

[4]

DARPA. 2015. The Space-Time Analysis for Cybersecurity (STAC) program. http://www.darpa.mil/program/space-time-analysis-for-cybersecurity

Google Scholar

[5]

Docker Inc. 2013. Docker SDK and API. Retrieved June 14, 2022 from https: //docs.docker.com/engine/api/sdk/

Google Scholar

[6]

Ismet Burak Kadron, Nicolás Rosner, and Tevfik Bultan. 2020. Feedback-Driven Side-Channel Analysis for Networked Applications. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis.

Digital Library

Google Scholar

[7]

Shuai Li, Huajun Guo, and Nicholas Hopper. 2018. Measuring Information Leakage in Website Fingerprinting Attacks and Defenses. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15-19, 2018, David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang (Eds.). ACM, 1977-1992. https://doi.org/10.1145/3243734. 3243832

Digital Library

Google Scholar

[8]

Nicolás Rosner, Ismet Burak Kadron, Lucas Bang, and Tevfik Bultan. 2019. Profit: Detecting and Quantifying Side Channels in Networked Applications. In 26th Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019.

Google Scholar

[9]

V. F. Taylor, R. Spolaor, M. Conti, and I. Martinovic. 2018. Robust Smartphone App Identification via Encrypted Network Trafic Analysis. IEEE Transactions on Information Forensics and Security 13, 1 (Jan 2018 ), 63-78. https://doi.org/10.1109/ TIFS. 2017.2737970

Crossref

Google Scholar

Cited By

View all

Gao PSong FChen T(2024)Compositional Verification of First-Order Masking Countermeasures against Power Side-Channel AttacksACM Transactions on Software Engineering and Methodology10.1145/363570733:3(1-38)Online publication date: 14-Mar-2024
https://dl.acm.org/doi/10.1145/3635707
Kadron INoller YPadhye RBultan TPăsăreanu CSen K(2023)Fuzzing, Symbolic Execution, and Expert Guidance for Better TestingIEEE Software10.1109/MS.2023.323798141:1(98-104)Online publication date: 18-Jan-2023
https://dl.acm.org/doi/10.1109/MS.2023.3237981

Index Terms

TSA: a tool to detect and quantify network side-channels

Index terms have been assigned to the content through auto-classification.

Recommendations

Targeted Black-Box Side-Channel Mitigation for IoT✱
IoT '22: Proceedings of the 12th International Conference on the Internet of Things

In this paper we present techniques for generating targeted mitigation strategies for network side-channel vulnerabilities in IoT applications. Our tool IoTPatch profiles the target IoT application by capturing the network traffic and labeling the ...
A Hardware-Based Countermeasure to Reduce Side-Channel Leakage: Design, Implementation, and Evaluation
Side-channel attacks are one of the major concerns for security-enabled applications as they make use of information leaked by the physical implementation of the underlying cryptographic algorithm. Hence, reducing the side-channel leakage of the circuits ...
Side-Channels in Electric Power Synchrophasor Network Data Traffic
CISR '15: Proceedings of the 10th Annual Cyber and Information Security Research Conference

The deployment of synchrophasor devices such as Phasor Measurement Units (PMUs) in an electric power grid enhances real-time monitoring, analysis and control of grid operations. PMU information is sensitive, and any missing or incorrect PMU data could ...

Comments

Information & Contributors

Information

Published In

ESEC/FSE 2022: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering

November 2022

1822 pages

ISBN:9781450394130

DOI:10.1145/3540250

General Chair:
Abhik Roychoudhury
National University of Singapore, Singapore
,
Program Chairs:
Cristian Cadar
Imperial College London, UK
,
Miryung Kim
University of California at Los Angeles, USA

This work is licensed under a Creative Commons Attribution 4.0 International License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 November 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

NSF (National Science Foundation)

Conference

ESEC/FSE '22

Sponsor:

ESEC/FSE '22: 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering

November 14 - 18, 2022

Singapore, Singapore

Acceptance Rates

Overall Acceptance Rate 112 of 543 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
199
Total Downloads

Downloads (Last 12 months)124
Downloads (Last 6 weeks)9

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Gao PSong FChen T(2024)Compositional Verification of First-Order Masking Countermeasures against Power Side-Channel AttacksACM Transactions on Software Engineering and Methodology10.1145/363570733:3(1-38)Online publication date: 14-Mar-2024
https://dl.acm.org/doi/10.1145/3635707
Kadron INoller YPadhye RBultan TPăsăreanu CSen K(2023)Fuzzing, Symbolic Execution, and Expert Guidance for Better TestingIEEE Software10.1109/MS.2023.323798141:1(98-104)Online publication date: 18-Jan-2023
https://dl.acm.org/doi/10.1109/MS.2023.3237981

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Targeted Black-Box Side-Channel Mitigation for IoT✱

A Hardware-Based Countermeasure to Reduce Side-Channel Leakage: Design, Implementation, and Evaluation

Side-Channels in Electric Power Synchrophasor Network Data Traffic