Presentation is loading. Please wait.

Presentation is loading. Please wait.

Toward a Framework for Preventing Side-Channel Attacks in Wireless Networks Jeff Pang.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Toward a Framework for Preventing Side-Channel Attacks in Wireless Networks Jeff Pang."— Presentation transcript:

1 Toward a Framework for Preventing Side-Channel Attacks in Wireless Networks Jeff Pang

2 The problem time Packet sizes, timing: → [probably generated by alice’s laptop] → [probably keystrokes: wh!teR@bb!t] ← [probably webpage: http://rightwing-politics.net/madhatter/blog.html] ← [probably watching video: Wonderland.DivX.avi] → [probably speaking: Spanish] ← [probably using a p2p application] http…ali…@bb!tdivx…data…bcd Packet contents: → user login: alice → password: wh!teR@bb!t ← webpage: http://rightwing-politics.net/madhatter/blog.html ← streaming video: Wonderland.DivX.avi → voip: “¿Cómo es usted, somberero loco?” ← p2p download: QueenOfHearts.mp3 WPA/VPN/SSHTunnel

3 The problem Adversary –Passive eavesdropper –Packet contents appear random –Can only determine packet size, time, direction Packet sizes and timing can reveal sensitive information –Passwords used [Song ’01] –Webpages visited [Sun ’02] –Videos watched [Saponas ’07] –Languages spoken (over VoIP) [Wright ’07] –Identity (e.g., broadcast packet sizes) [Pang ’07]

4 Problem 1: packet size Set of packet sizes reveals: –identity: >35% accuracy (< 1 hour of traffic) –webpage: 76% accuracy (< 1 min of traffic) –voip language: 66% accuracy (3 min of traffic) Usual countermeasures: –Pad packets to [almost] same size time Broadcast transmission sizes time Broadcast transmission sizes 300 250 200 100 500 120 Example: Broadcast packet sizes used as a fingerprint

5 Problem 2: packet timing Inter-packet spacing reveals: –Keystrokes: 50x faster password cracking time Countermeasures: –[near] constant bit rate cover traffic

6 Problem 3: size evolution over time Fourier transform/HMM on packet size evolution: –video: 66% accuracy (10 min of traffic) –application type: 76% accuracy (10 min of traffic) Usual countermeasures: –Send at [near] constant bit rate Example: DFT of VBR videos as fingerprints ≈ DFT

7 Previous solutions Information prevented from leaking all potential Application transparency none code modification opaque knowledge of traffic patterns Trace-based cover traffic [Newman-Wolfe ‘92, Guan ‘01] Specific attack countermeasures [Timmerman ’99, Smart ‘00] Language-based information flow security [Volpano ’96, Agat ’00, Meyers ‘99] Status quo Proposal: Framework to implement select countermeasures –Enable overhead / privacy protection trade-off –Similar to signature-based anti-virus and IDS overhead Naïve cover traffic

8 Part I: Rule-based masking Example: masking packet sizes  time Input transmissions 300 250 200 100 120 time Output transmissions 400  Input transmissions Masking rules: “output size independent of input size” Performance constraints: “minimize delay”

9 System overview  definition Masking rules Perf. constraints  output Output traffic profile

10 Primary challenges  definition: masking rule language –Must be flexible enough for real countermeasures Describe packet size, inter-packet spacing Describe sequences, frequencies, periodicity Describe multiple time granularities –Must be uniform enough to enable rule composition e.g. break up all packets so they have uniform size  express all rules in terms of inter-packet spacing  output: satisfying multiple masking rules –Must handle infeasible constraints gracefully Allow the rule language to describe some slack e.g. “make output as independent as possible of input”

11 Design questions Where to apply  rules? –per flow: Can use some flows to cover for others Assumes flows (mostly) independent –on all outbound traffic Takes into account flow dependencies Harder to make application-specific rules –combination of both Requires explicit declaration of dependencies How opaque should traffic be? –e.g., treat TCP flows as a unit? Possibly avoid adverse end-to-end interactions –Don’t inspect packet contents at all Simpler to analyze, implement rules, hide RTT/bottleneck App 1App 2App 3 network  

12 Part II: Learning masking rules APs learn location dependent rule parameters –Traffic profiles become location rather than user dependent –Mimic local traffic patterns to customize overhead Challenges: –How to learn parameters over time –How to minimize performance impact of adversarial clients learner input traffic profiles home masking rules learner input traffic profiles airport masking rules learner input traffic profiles starbucks masking rules

13 Summary Side channels reveal encrypted data Wireless makes attacks easy to perform Attacks discovered after apps deployed Need temporary “patches” afterward Proposed rule-based masking Primary challenges: rule language, composition

Download ppt "Toward a Framework for Preventing Side-Channel Attacks in Wireless Networks Jeff Pang."

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Presented By: Hathal ALwageed 1.  R. Anderson, H. Chan and A. Perrig. Key Infection: Smart Trust for Smart Dust. In IEEE International Conference on.

Presented By: Hathal ALwageed 1.  R. Anderson, H. Chan and A. Perrig. Key Infection: Smart Trust for Smart Dust. In IEEE International Conference on.
Doc.: IEEE 802.11-14/0604r1 Submission May 2014 Slide 1 Modeling and Evaluating Variable Bit rate Video Steaming for 802.11ax Date: 2014-05-12 Authors:

Doc.: IEEE /0604r1 Submission May 2014 Slide 1 Modeling and Evaluating Variable Bit rate Video Steaming for ax Date: Authors:
Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.

Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team 2009.07.20.

Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.

Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.
Efficient and Flexible Parallel Retrieval using Priority Encoded Transmission(2004) CMPT 886 Represented By: Lilong Shi.

Efficient and Flexible Parallel Retrieval using Priority Encoded Transmission(2004) CMPT 886 Represented By: Lilong Shi.
1 (Un)Trustworthy Wireless: What your wireless traffic says about you… Jeff Pang with Ben Greenstein, Ramki Gummadi, Tadayoshi Kohno, David Wetherall (UW/Intel.

1 (Un)Trustworthy Wireless: What your wireless traffic says about you… Jeff Pang with Ben Greenstein, Ramki Gummadi, Tadayoshi Kohno, David Wetherall (UW/Intel.
Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis Presented by Yang Gao 11/2/2011 Charles V. Wright MIT Lincoln Laboratory Scott.

Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis Presented by Yang Gao 11/2/2011 Charles V. Wright MIT Lincoln Laboratory Scott.
Models and Security Requirements for IDS. Overview The system and attack model Security requirements for IDS –Sensitivity –Detection Analysis methodology.

Models and Security Requirements for IDS. Overview The system and attack model Security requirements for IDS –Sensitivity –Detection Analysis methodology.
Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Exploring timing based side channel attacks against 802.11i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction

Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction
Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.

Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.
Fountain Codes Amin Shokrollahi EPFL and Digital Fountain, Inc.

Fountain Codes Amin Shokrollahi EPFL and Digital Fountain, Inc.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
1/40 Quantifying and Preventing Privacy Threats in Wireless Link Layer Protocols Thesis Proposal Jeffrey Pang.

1/40 Quantifying and Preventing Privacy Threats in Wireless Link Layer Protocols Thesis Proposal Jeffrey Pang.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.

Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.

Similar presentations

Ads by Google