Um Mecanismo de Defesa Contra Ataques Traffic Side-Channel Temporais na IoT
Abstract
The Internet of Things (IoT) connects objects for delivering innovative services. However, the occurrence of temporal traffic-channel attacks threatens the IoT users privacy by revealing insider information about their behavior. This work presents a Temporal Traffic Side-Channel Attack Defense Mechanism for IoT. The mechanism follows two modules, vulnerability testing and privacy protection. The vulnerability testing module identifies temporal side-channel leakages and initiates the defense process. The privacy protection module implements three approaches that mask the behavior of networked devices to hide time leakages. The results of the performance evaluation conducted in an experimental scenario show that the best approach reduces device identification accuracy by up to 63 %.References
Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., and Ayyash, M. (2015). Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Commun. Surveys & Tuts., 17(4):2347–2376.
Cervantes, C., Poplade, D., Nogueira, M., and Santos, A. (2015). Detection of sinkhole In 2015 attacks for supporting secure routing on 6lowpan for internet of things. IFIP/IEEE International Symposium on Integrated Network Management (IM), pages 606–611.
Chen, S., Wang, R., Wang, X., and Zhang, K. (2010). Side-channel leaks in web applications: A reality today, a challenge tomorrow. In Symposium on Security and Privacy, pages 191–206. IEEE.
Ferraz Júnior, T. S. (1993). Sigilo de dados: o direito à privacidade e os limites à função scalizadora do estado. Revista da Faculdade de Direito, Universidade de São Paulo, 88:439–459.
Li, X., Yang, C., Ma, J., Liu, Y., and Yin, S. (2017). Energy-efcient side-channel attack countermeasure with awareness and hybrid conguration based on it. IEEE Trans. Very Large Scale Integr. (VLSI) Syst., 25(12):3355–3368.
Montenegro, G., Kushalnagar, N., Hui, J., and Culler, D. (2007a). Transmission of IPv6 packets over IEEE 802.15.4 networks. Technical report, IETF.
Montenegro, G., Schumacher, C., and Kushalnagar, N. (2007b). IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals. Technical Report 4919, IETF.
Pacheco, F., Exposito, E., Gineste, M., Baudoin, C., and Aguilar, J. (2018). Towards the deployment of machine learning solutions in network trafc classication: A systematic survey. IEEE Commun. Surveys & Tuts.
Patranabis, S., Roy, D. B., Chakraborty, A., Nagar, N., Singh, A., Mukhopadhyay, D., and Ghosh, S. (2018). Lightweight design-for-security strategies for combined countermeasures against side channel and fault analysis in IoT applications. J. of Hardware and Syst. Security, pages 1–29.
Prates, N., Pelloso, M., Macedo, R., and Nogueira, M. (2018). Ameaças de segurança,defesas e análise de dados em IoT baseada em SDN. In Minicursos SBSeg 2018, chapter 1, pages 1–50. SBC.
Prates, N., Vergütz, A., Macedo, R., and Nogueira, M. (2019). Análise de vazamentos temporais side-channel no contexto da internet das coisas. Anais do Workshop de Gerência e Operação de Redes e Serviços (WGRS - SBRC), 24:157–170.
Selis, V. and Marshall, A. (2017). A fake timing attack against behavioural tests used in embedded IoT M2M communications. In Cyber Security in Netw. Conference, pages 1–6. IEEE.
Shelby, Z., Hartke, K., and Bormann, C. (2014). The Constrained Application Protocol (CoAP). Technical Report 7252, IETF.
Srinivasan, V., Stankovic, J., and Whitehouse, K. (2008). Protecting your daily in-home activity information from a wireless snooping attack. In International Conference on Ubiquitous Comput., pages 202–211. ACM.
Thubert, P., Bormann, C., Toutain, L., and Cragie, R. (2017). IPv6 over low-power wireless personal area network (6LoWPAN) routing header. Technical report, IETF.
Vergütz, A., da Silva, R., Nacif, J. A. M., Vieira, A. B., and Nogueira, M. (2017). Mapping critical illness early signs to priority alert transmission on wireless networks. In Latin- American Conference on Commun. (LATINCOM), pages 1–6. IEEE.
Xiong, S., Sarwate, A. D., and Mandayam, N. B. (2018). Defending against packet-size side-channel attacks in IoT networks. In Acoustics, Speech and Signal Processing(ICASSP), pages 2027–2031. IEEE.
Yan, Y., Oswald, E., and Tryfonas, T. (2017). Exploring potential 6LoWPAN trafc side channels. IACR Cryptology ePrint Archive, 2017:316.
Yu, W. and Köse, S. (2017). A lightweight masked AES implementation for securing IoT against CPA attacks. IEEE Trans. Circuits Syst. I, Reg. Papers, 64(11):2934–2944.
Cervantes, C., Poplade, D., Nogueira, M., and Santos, A. (2015). Detection of sinkhole In 2015 attacks for supporting secure routing on 6lowpan for internet of things. IFIP/IEEE International Symposium on Integrated Network Management (IM), pages 606–611.
Chen, S., Wang, R., Wang, X., and Zhang, K. (2010). Side-channel leaks in web applications: A reality today, a challenge tomorrow. In Symposium on Security and Privacy, pages 191–206. IEEE.
Ferraz Júnior, T. S. (1993). Sigilo de dados: o direito à privacidade e os limites à função scalizadora do estado. Revista da Faculdade de Direito, Universidade de São Paulo, 88:439–459.
Li, X., Yang, C., Ma, J., Liu, Y., and Yin, S. (2017). Energy-efcient side-channel attack countermeasure with awareness and hybrid conguration based on it. IEEE Trans. Very Large Scale Integr. (VLSI) Syst., 25(12):3355–3368.
Montenegro, G., Kushalnagar, N., Hui, J., and Culler, D. (2007a). Transmission of IPv6 packets over IEEE 802.15.4 networks. Technical report, IETF.
Montenegro, G., Schumacher, C., and Kushalnagar, N. (2007b). IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals. Technical Report 4919, IETF.
Pacheco, F., Exposito, E., Gineste, M., Baudoin, C., and Aguilar, J. (2018). Towards the deployment of machine learning solutions in network trafc classication: A systematic survey. IEEE Commun. Surveys & Tuts.
Patranabis, S., Roy, D. B., Chakraborty, A., Nagar, N., Singh, A., Mukhopadhyay, D., and Ghosh, S. (2018). Lightweight design-for-security strategies for combined countermeasures against side channel and fault analysis in IoT applications. J. of Hardware and Syst. Security, pages 1–29.
Prates, N., Pelloso, M., Macedo, R., and Nogueira, M. (2018). Ameaças de segurança,defesas e análise de dados em IoT baseada em SDN. In Minicursos SBSeg 2018, chapter 1, pages 1–50. SBC.
Prates, N., Vergütz, A., Macedo, R., and Nogueira, M. (2019). Análise de vazamentos temporais side-channel no contexto da internet das coisas. Anais do Workshop de Gerência e Operação de Redes e Serviços (WGRS - SBRC), 24:157–170.
Selis, V. and Marshall, A. (2017). A fake timing attack against behavioural tests used in embedded IoT M2M communications. In Cyber Security in Netw. Conference, pages 1–6. IEEE.
Shelby, Z., Hartke, K., and Bormann, C. (2014). The Constrained Application Protocol (CoAP). Technical Report 7252, IETF.
Srinivasan, V., Stankovic, J., and Whitehouse, K. (2008). Protecting your daily in-home activity information from a wireless snooping attack. In International Conference on Ubiquitous Comput., pages 202–211. ACM.
Thubert, P., Bormann, C., Toutain, L., and Cragie, R. (2017). IPv6 over low-power wireless personal area network (6LoWPAN) routing header. Technical report, IETF.
Vergütz, A., da Silva, R., Nacif, J. A. M., Vieira, A. B., and Nogueira, M. (2017). Mapping critical illness early signs to priority alert transmission on wireless networks. In Latin- American Conference on Commun. (LATINCOM), pages 1–6. IEEE.
Xiong, S., Sarwate, A. D., and Mandayam, N. B. (2018). Defending against packet-size side-channel attacks in IoT networks. In Acoustics, Speech and Signal Processing(ICASSP), pages 2027–2031. IEEE.
Yan, Y., Oswald, E., and Tryfonas, T. (2017). Exploring potential 6LoWPAN trafc side channels. IACR Cryptology ePrint Archive, 2017:316.
Yu, W. and Köse, S. (2017). A lightweight masked AES implementation for securing IoT against CPA attacks. IEEE Trans. Circuits Syst. I, Reg. Papers, 64(11):2934–2944.
Published
2019-09-02
How to Cite
PRATES JR., Nelson; VERGÜTZ, Andressa; MACEDO, Ricardo; NOGUEIRA, Michele.
Um Mecanismo de Defesa Contra Ataques Traffic Side-Channel Temporais na IoT. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 19. , 2019, São Paulo.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 323-336.
DOI: https://doi.org/10.5753/sbseg.2019.13981.
