Targeted Black-Box Side-Channel Mitigation for IoT✱
Authors: 
Ismet Burak Kadron, Chaofan Shou, Emily O'Mahony, Yilmaz Vural, Tevfik BultanAuthors Info & Claims
Ismet Burak Kadron, Chaofan Shou, Emily O'Mahony, Yilmaz Vural, Tevfik BultanAuthors Info & ClaimsPages 49 - 56
Abstract
In this paper we present techniques for generating targeted mitigation strategies for network side-channel vulnerabilities in IoT applications. Our tool IoTPatch profiles the target IoT application by capturing the network traffic and labeling the network traces with the corresponding user actions. It extracts features such as packet sizes and times from the captured traces, and quantifies the information leakage by modeling the distribution of feature values. In order to mitigate the side-channel vulnerabilities, IoTPatch uses the information leakage measure over features to prioritize specific features and synthesizes a packet padding and delaying strategy based on an objective function for minimizing information leakage and time and space overhead. IoTPatch provides a tunable mitigation strategy where the trade-off between the information leakage and performance overhead can be adjusted to accommodate needs of different applications. We evaluate IoTPatch on three network benchmarks and demonstrate that IoTPatch can discover and quantify the information leakage and synthesize a set of Pareto optimal mitigation strategies performing better than the prior work in terms of reducing leakage and overhead.
References
[1]
2019-03-07. MQTT Version 5.0 OASIS Standard. https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.html
[2]
2020-03-18. gRPC Concepts. https://grpc.io/docs/guides/concepts/
[3]
2020-05-06. STOMP Protocol Specification, Version 1.2. https://stomp.github.io/stomp-specification-1.2.html
[4]
Fadele Ayotunde Alaba, Mazliza Othman, Ibrahim Abaker Targio Hashem, and Faiz Alotaibi. 2017. Internet of Things security: A survey. Journal of Network and Computer Applications 88 (2017), 10–28.
[5]
Naomi S Altman. 1992. An introduction to kernel and nearest-neighbor nonparametric regression. The American Statistician 46, 3 (1992), 175–185.
[6]
Anonymous. 2020. IoT benchmark applications. https://anonymous.4open.science/r/30c5353a-0802-446b-82f8-5debf7fc08ec/.
[7]
Noah Apthorpe, Dillon Reisman, and Nick Feamster. 2017. A smart home is no castle: Privacy vulnerabilities of encrypted iot traffic. arXiv preprint arXiv:1705.06805(2017).
[8]
Noah J. Apthorpe, Danny Yuxing Huang, Dillon Reisman, Arvind Narayanan, and Nick Feamster. 2019. Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping. Proc. Priv. Enhancing Technol. 2019, 3 (2019), 128–148. https://doi.org/10.2478/popets-2019-0040
[9]
Philippe Biondi. 2021-04-19. Scapy: Packet crafting for Python. https://scapy.net/
[10]
Yair Censor. 1977. Pareto optimality in multiobjective problems. Applied Mathematics and Optimization 4, 1 (1977), 41–59.
[11]
Kevin P Dyer, Scott E Coull, Thomas Ristenpart, and Thomas Shrimpton. 2012. Peek-a-boo, i still see you: Why efficient traffic analysis countermeasures fail. In 2012 IEEE symposium on security and privacy. IEEE, 332–346.
[12]
Peter Hall, JS Marron, and Byeong U Park. 1992. Smoothed cross-validation. Probability theory and related fields 92, 1 (1992), 1–20.
[13]
Tin Kam Ho. 1998. The random subspace method for constructing decision forests. IEEE transactions on pattern analysis and machine intelligence 20, 8(1998), 832–844.
[14]
Ismet Burak Kadron, Nicolás Rosner, and Tevfik Bultan. 2020. Feedback-Driven Side-Channel Analysis for Networked Applications. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis.
[15]
Xuanyu Liu, Qiang Zeng, Xiaojiang Du, Siva Likitha Valluru, Chenglong Fu, Xiao Fu, and Bin Luo. 2021. SniffMislead: Non-Intrusive Privacy Protection against Wireless Packet Sniffers in Smart Homes. In 24th International Symposium on Research in Attacks, Intrusions and Defenses. 33–47.
[16]
Nitin Naik. 2017. Choice of effective messaging protocols for IoT systems: MQTT, CoAP, AMQP and HTTP. In 2017 IEEE International Systems Engineering Symposium (ISSE). IEEE, Vienna, Austria, 1–7. https://doi.org/10.1109/SysEng.2017.8088251
[17]
F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay. 2011. Scikit-learn: Machine Learning in Python. Journal of Machine Learning Research 12 (2011), 2825–2830.
[18]
Antônio J Pinheiro, Jeandro de M Bezerra, Caio AP Burgardt, and Divanilson R Campelo. 2019. Identifying IoT devices and events based on packet length from encrypted traffic. Computer Communications 144 (2019), 8–17.
[19]
Antônio J Pinheiro, Jeandro M Bezerra, and Divanilson R Campelo. 2018. Packet padding for improving privacy in consumer IoT. In 2018 IEEE Symposium on Computers and Communications (ISCC). IEEE, 00925–00929.
[20]
Antônio J Pinheiro, Paulo Freitas de Araujo-Filho, Jeandro de M Bezerra, and Divanilson R Campelo. 2020. Adaptive Packet Padding Approach for Smart Home Networks: A Tradeoff Between Privacy and Performance. IEEE Internet of Things Journal 8, 5 (2020), 3930–3938.
[21]
Nicolás Rosner, Ismet Burak Kadron, Lucas Bang, and Tevfik Bultan. 2019. Profit: Detecting and Quantifying Side Channels in Networked Applications. In 26th Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019.
[22]
Jürgen Schmidhuber. 2015. Deep learning in neural networks: An overview. Neural networks 61(2015), 85–117.
[23]
Claude E Shannon. 1948. A mathematical theory of communication. Bell system technical journal 27, 3 (1948), 379–423.
[24]
Arunan Sivanathan, Hassan Habibi Gharakheili, Franco Loi, Adam Radford, Chamith Wijenayake, Arun Vishwanath, and Vijay Sivaraman. 2018. Classifying IoT devices in smart environments using network traffic characteristics. IEEE Transactions on Mobile Computing 18, 8 (2018), 1745–1759.
[25]
Alaa Tharwat. 2020. Classification assessment methods. Applied Computing and Informatics(2020).
[26]
Mostafa Uddin, Tamer Nadeem, and Santosh Nukavarapu. 2019. Extreme SDN framework for IoT and mobile applications flexible privacy at the edge. In 2019 IEEE International Conference on Pervasive Computing and Communications (PerCom. IEEE, 1–11.
[27]
Sijie Xiong, Anand D Sarwate, and Narayan B Mandayam. 2018. Defending against packet-size side-channel attacks in IoT networks. In 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, 2027–2031.
Index Terms
- Targeted Black-Box Side-Channel Mitigation for IoT✱
Recommendations
Reinforcement Learning-Based Design of Side-Channel Countermeasures
Security, Privacy, and Applied Cryptography EngineeringAbstractDeep learning-based side-channel attacks are capable of breaking targets protected with countermeasures. The constant progress in the last few years makes the attacks more powerful, requiring fewer traces to break a target. Unfortunately, to ...
High-level synthesis, cryptography, and side-channel countermeasures: A comprehensive evaluation
AbstractSide-channel attacks pose a severe threat to both software and hardware cryptographic implementations. Current literature presents various countermeasures against these kinds of attacks, based on approaches such as hiding or masking, ...
Trade-offs in Protecting Keccak Against Combined Side-Channel and Fault Attacks
Constructive Side-Channel Analysis and Secure DesignAbstractWhen deployed in a potentially hostile environment, security-critical devices are susceptible to physical attacks. Consequently, cryptographic implementations need to be protected against side-channel analysis, fault attacks and attacks that ...
Comments
Information & Contributors
Information
Published In
November 2022
259 pages
ISBN:9781450396653
DOI:10.1145/3567445
Copyright © 2022 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 05 January 2023
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
Conference
IoT 2022
IoT 2022: The 12th International Conference on the Internet of Things
November 7 - 10, 2022
Delft, Netherlands
Acceptance Rates
Overall Acceptance Rate 28 of 84 submissions, 33%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 332Total Downloads
- Downloads (Last 12 months)226
- Downloads (Last 6 weeks)36
Reflects downloads up to 21 Sep 2024
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatGet Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in