Um Mecanismo de Defesa Contra Ataques Traffic Side-Channel Temporais na IoT
Resumo
A Internet das Coisas (IoT) conecta objetos à Internet para prestar serviços inovadores. Entretanto, a ocorrência de ataques traffic side-channel temporais ameaçam ferir o princípio de privacidade dos usuários IoT ao revelar informações privilegiadas sobre o seu comportamento. Este trabalho apresenta um Mecanismo de Defesa Contra Ataques Traffic Side-Channel Temporais na IoT. O mecanismo segue dois módulos, o de teste de vulnerabilidade e o de proteção de privacidade. O módulo de teste de vulnerabilidade identifica os vazamentos temporais side-channel e inicia o processo de defesa, diferente dos trabalhos prévios que apenas identificam as vulnerabilidades. O módulo de proteção de privacidade implementa três abordagens para mascarar o comportamento dos dispositivos em rede e ocultar os vazamentos temporais, diferentemente dos trabalhos da literatura focam em outros vazamentos como eletromagnetismo ou consumo de energia. Os resultados da avaliação de desemprenho conduzida em um cenário experimental mostram que a melhor abordagem reduz a acurácia de identificação dos dispositivos em até 63%.Referências
Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., and Ayyash, M. (2015). Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Commun. Surveys & Tuts., 17(4):2347–2376.
Cervantes, C., Poplade, D., Nogueira, M., and Santos, A. (2015). Detection of sinkhole In 2015 attacks for supporting secure routing on 6lowpan for internet of things. IFIP/IEEE International Symposium on Integrated Network Management (IM), pages 606–611.
Chen, S., Wang, R., Wang, X., and Zhang, K. (2010). Side-channel leaks in web applications: A reality today, a challenge tomorrow. In Symposium on Security and Privacy, pages 191–206. IEEE.
Ferraz Júnior, T. S. (1993). Sigilo de dados: o direito à privacidade e os limites à função scalizadora do estado. Revista da Faculdade de Direito, Universidade de São Paulo, 88:439–459.
Li, X., Yang, C., Ma, J., Liu, Y., and Yin, S. (2017). Energy-efcient side-channel attack countermeasure with awareness and hybrid conguration based on it. IEEE Trans. Very Large Scale Integr. (VLSI) Syst., 25(12):3355–3368.
Montenegro, G., Kushalnagar, N., Hui, J., and Culler, D. (2007a). Transmission of IPv6 packets over IEEE 802.15.4 networks. Technical report, IETF.
Montenegro, G., Schumacher, C., and Kushalnagar, N. (2007b). IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals. Technical Report 4919, IETF.
Pacheco, F., Exposito, E., Gineste, M., Baudoin, C., and Aguilar, J. (2018). Towards the deployment of machine learning solutions in network trafc classication: A systematic survey. IEEE Commun. Surveys & Tuts.
Patranabis, S., Roy, D. B., Chakraborty, A., Nagar, N., Singh, A., Mukhopadhyay, D., and Ghosh, S. (2018). Lightweight design-for-security strategies for combined countermeasures against side channel and fault analysis in IoT applications. J. of Hardware and Syst. Security, pages 1–29.
Prates, N., Pelloso, M., Macedo, R., and Nogueira, M. (2018). Ameaças de segurança,defesas e análise de dados em IoT baseada em SDN. In Minicursos SBSeg 2018, chapter 1, pages 1–50. SBC.
Prates, N., Vergütz, A., Macedo, R., and Nogueira, M. (2019). Análise de vazamentos temporais side-channel no contexto da internet das coisas. Anais do Workshop de Gerência e Operação de Redes e Serviços (WGRS - SBRC), 24:157–170.
Selis, V. and Marshall, A. (2017). A fake timing attack against behavioural tests used in embedded IoT M2M communications. In Cyber Security in Netw. Conference, pages 1–6. IEEE.
Shelby, Z., Hartke, K., and Bormann, C. (2014). The Constrained Application Protocol (CoAP). Technical Report 7252, IETF.
Srinivasan, V., Stankovic, J., and Whitehouse, K. (2008). Protecting your daily in-home activity information from a wireless snooping attack. In International Conference on Ubiquitous Comput., pages 202–211. ACM.
Thubert, P., Bormann, C., Toutain, L., and Cragie, R. (2017). IPv6 over low-power wireless personal area network (6LoWPAN) routing header. Technical report, IETF.
Vergütz, A., da Silva, R., Nacif, J. A. M., Vieira, A. B., and Nogueira, M. (2017). Mapping critical illness early signs to priority alert transmission on wireless networks. In Latin- American Conference on Commun. (LATINCOM), pages 1–6. IEEE.
Xiong, S., Sarwate, A. D., and Mandayam, N. B. (2018). Defending against packet-size side-channel attacks in IoT networks. In Acoustics, Speech and Signal Processing(ICASSP), pages 2027–2031. IEEE.
Yan, Y., Oswald, E., and Tryfonas, T. (2017). Exploring potential 6LoWPAN trafc side channels. IACR Cryptology ePrint Archive, 2017:316.
Yu, W. and Köse, S. (2017). A lightweight masked AES implementation for securing IoT against CPA attacks. IEEE Trans. Circuits Syst. I, Reg. Papers, 64(11):2934–2944.
Cervantes, C., Poplade, D., Nogueira, M., and Santos, A. (2015). Detection of sinkhole In 2015 attacks for supporting secure routing on 6lowpan for internet of things. IFIP/IEEE International Symposium on Integrated Network Management (IM), pages 606–611.
Chen, S., Wang, R., Wang, X., and Zhang, K. (2010). Side-channel leaks in web applications: A reality today, a challenge tomorrow. In Symposium on Security and Privacy, pages 191–206. IEEE.
Ferraz Júnior, T. S. (1993). Sigilo de dados: o direito à privacidade e os limites à função scalizadora do estado. Revista da Faculdade de Direito, Universidade de São Paulo, 88:439–459.
Li, X., Yang, C., Ma, J., Liu, Y., and Yin, S. (2017). Energy-efcient side-channel attack countermeasure with awareness and hybrid conguration based on it. IEEE Trans. Very Large Scale Integr. (VLSI) Syst., 25(12):3355–3368.
Montenegro, G., Kushalnagar, N., Hui, J., and Culler, D. (2007a). Transmission of IPv6 packets over IEEE 802.15.4 networks. Technical report, IETF.
Montenegro, G., Schumacher, C., and Kushalnagar, N. (2007b). IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals. Technical Report 4919, IETF.
Pacheco, F., Exposito, E., Gineste, M., Baudoin, C., and Aguilar, J. (2018). Towards the deployment of machine learning solutions in network trafc classication: A systematic survey. IEEE Commun. Surveys & Tuts.
Patranabis, S., Roy, D. B., Chakraborty, A., Nagar, N., Singh, A., Mukhopadhyay, D., and Ghosh, S. (2018). Lightweight design-for-security strategies for combined countermeasures against side channel and fault analysis in IoT applications. J. of Hardware and Syst. Security, pages 1–29.
Prates, N., Pelloso, M., Macedo, R., and Nogueira, M. (2018). Ameaças de segurança,defesas e análise de dados em IoT baseada em SDN. In Minicursos SBSeg 2018, chapter 1, pages 1–50. SBC.
Prates, N., Vergütz, A., Macedo, R., and Nogueira, M. (2019). Análise de vazamentos temporais side-channel no contexto da internet das coisas. Anais do Workshop de Gerência e Operação de Redes e Serviços (WGRS - SBRC), 24:157–170.
Selis, V. and Marshall, A. (2017). A fake timing attack against behavioural tests used in embedded IoT M2M communications. In Cyber Security in Netw. Conference, pages 1–6. IEEE.
Shelby, Z., Hartke, K., and Bormann, C. (2014). The Constrained Application Protocol (CoAP). Technical Report 7252, IETF.
Srinivasan, V., Stankovic, J., and Whitehouse, K. (2008). Protecting your daily in-home activity information from a wireless snooping attack. In International Conference on Ubiquitous Comput., pages 202–211. ACM.
Thubert, P., Bormann, C., Toutain, L., and Cragie, R. (2017). IPv6 over low-power wireless personal area network (6LoWPAN) routing header. Technical report, IETF.
Vergütz, A., da Silva, R., Nacif, J. A. M., Vieira, A. B., and Nogueira, M. (2017). Mapping critical illness early signs to priority alert transmission on wireless networks. In Latin- American Conference on Commun. (LATINCOM), pages 1–6. IEEE.
Xiong, S., Sarwate, A. D., and Mandayam, N. B. (2018). Defending against packet-size side-channel attacks in IoT networks. In Acoustics, Speech and Signal Processing(ICASSP), pages 2027–2031. IEEE.
Yan, Y., Oswald, E., and Tryfonas, T. (2017). Exploring potential 6LoWPAN trafc side channels. IACR Cryptology ePrint Archive, 2017:316.
Yu, W. and Köse, S. (2017). A lightweight masked AES implementation for securing IoT against CPA attacks. IEEE Trans. Circuits Syst. I, Reg. Papers, 64(11):2934–2944.
Publicado
02/09/2019
Como Citar
PRATES JR., Nelson; VERGÜTZ, Andressa; MACEDO, Ricardo; NOGUEIRA, Michele.
Um Mecanismo de Defesa Contra Ataques Traffic Side-Channel Temporais na IoT. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 19. , 2019, São Paulo.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 323-336.
DOI: https://doi.org/10.5753/sbseg.2019.13981.