Random Segmentation: New Traffic Obfuscation against Packet-Size-Based Side-Channel Attacks
- URL: http://arxiv.org/abs/2309.05941v1
- Date: Tue, 12 Sep 2023 03:33:36 GMT
- Title: Random Segmentation: New Traffic Obfuscation against Packet-Size-Based Side-Channel Attacks
- Authors: Mnassar Alyami, Abdulmajeed Alghamdi, Mohammed Alkhowaiter, Cliff Zou, Yan Solihin,
- Abstract summary: Despite encryption, the packet size is still visible, enabling observers to infer private information in the Internet of Things (IoT) environment.
Packet padding obfuscates packet-length characteristics with a high data overhead because it relies on adding noise to the data.
This paper proposes a more data-efficient approach that randomizes packet sizes without adding noise.
- Score: 3.519713290901182
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Despite encryption, the packet size is still visible, enabling observers to infer private information in the Internet of Things (IoT) environment (e.g., IoT device identification). Packet padding obfuscates packet-length characteristics with a high data overhead because it relies on adding noise to the data. This paper proposes a more data-efficient approach that randomizes packet sizes without adding noise. We achieve this by splitting large TCP segments into random-sized chunks; hence, the packet length distribution is obfuscated without adding noise data. Our client-server implementation using TCP sockets demonstrates the feasibility of our approach at the application level. We realize our packet size control by adjusting two local socket-programming parameters. First, we enable the TCP_NODELAY option to send out each packet with our specified length. Second, we downsize the sending buffer to prevent the sender from pushing out more data than can be received, which could disable our control of the packet sizes. We simulate our defense on a network trace of four IoT devices and show a reduction in device classification accuracy from 98% to 63%, close to random guessing. Meanwhile, the real-world data transmission experiments show that the added latency is reasonable, less than 21%, while the added packet header overhead is only about 5%.
Related papers
- Bringing Private Reads to Hyperledger Fabric via Private Information Retrieval [8.150037157660611]
Permissioned blockchains ensure integrity and auditability of shared data but expose query parameters to peers during read operations.<n>This paper proposes a Private Information Retrieval mechanism to enable private reads from Hyperledger Fabric's world state.<n>We implement and benchmark a PIR-enabled chaincode that performs ciphertext-plaintext multiplication directly within evaluate transactions.
arXiv Detail & Related papers (2025-11-04T15:30:07Z) - FedBit: Accelerating Privacy-Preserving Federated Learning via Bit-Interleaved Packing and Cross-Layer Co-Design [2.255961793913651]
Federated learning (FL) with fully homomorphic encryption (FHE) effectively safeguards data privacy during model aggregation.<n>FedBit is a hardware/software co-designed framework for the Brakerski-Fan-Vercauteren (BFV) scheme.<n>FedBit employs bit-interleaved data packing to embed multiple model parameters into a single ciphertext coefficient.
arXiv Detail & Related papers (2025-09-27T03:58:16Z) - Conquering High Packet-Loss Erasure: MoE Swin Transformer-Based Video Semantic Communication [11.845717685362814]
packet-loss-resistant MoE Swin Transformer-based Video Semantic Communication (MSTVSC) system is proposed in this paper.<n>To address this issue, a packet-loss-resistant MoE Swin Transformer-based Video Semantic Communication (MSTVSC) system is proposed in this paper.
arXiv Detail & Related papers (2025-08-02T05:41:52Z) - Task-Oriented Feature Compression for Multimodal Understanding via Device-Edge Co-Inference [49.77734021302196]
We propose a task-oriented feature compression (TOFC) method for multimodal understanding in a device-edge co-inference framework.
To enhance compression efficiency, multiple entropy models are adaptively selected based on the characteristics of the visual features.
Results show that TOFC achieves up to 60% reduction in data transmission overhead and 50% reduction in system latency.
arXiv Detail & Related papers (2025-03-17T08:37:22Z) - MIETT: Multi-Instance Encrypted Traffic Transformer for Encrypted Traffic Classification [59.96233305733875]
Classifying traffic is essential for detecting security threats and optimizing network management.
We propose a Multi-Instance Encrypted Traffic Transformer (MIETT) to capture both token-level and packet-level relationships.
MIETT achieves results across five datasets, demonstrating its effectiveness in classifying encrypted traffic and understanding complex network behaviors.
arXiv Detail & Related papers (2024-12-19T12:52:53Z) - Decentralized Reliability Estimation for Low Latency Mixnets [9.938777444906593]
mixnets can anonymously route large amounts of data packets with end to end latency that can be as low as a second.
Existing verifiability mechanisms are incompatible with scalable low-latency operation.
We propose a scheme that can estimate reliability scores for a mixnet's links and nodes in a decentralized manner.
arXiv Detail & Related papers (2024-06-10T19:38:04Z) - DeviceRadar: Online IoT Device Fingerprinting in ISPs using Programmable Switches [37.41464693677561]
Device fingerprinting can be used by Internet Service Providers (ISPs) to identify vulnerable IoT devices for early prevention of threats.
This paper proposes DeviceRadar, an online IoT device fingerprinting framework that achieves accurate, real-time processing in ISPs using programmable switches.
arXiv Detail & Related papers (2024-04-19T09:31:11Z) - Information Theoretically Secure Encryption Key Generation over Wireless Networks by Exploiting Packet Errors [3.8366697175402225]
It exploits the fact that data transmission over wireless links is accompanied by packet error, while noise terms, and thereby the error events observed by two separate receivers are independent of each other.
A method is presented for determining packets received error-free in first transmission attempts through high-level programming.
arXiv Detail & Related papers (2024-02-07T16:32:13Z) - CiFlow: Dataflow Analysis and Optimization of Key Switching for Homomorphic Encryption [2.704681057324485]
Homomorphic encryption (HE) is a privacy-preserving computation technique that enables computation on encrypted data.
HE is impractically slow, preventing it from being used in real applications.
We present a novel approach to improve HE performance by rigorously analyzing its dataflow.
arXiv Detail & Related papers (2023-11-02T21:08:56Z) - Secure Deep Learning-based Distributed Intelligence on Pocket-sized
Drones [75.80952211739185]
Palm-sized nano-drones are an appealing class of edge nodes, but their limited computational resources prevent running large deep-learning models onboard.
Adopting an edge-fog computational paradigm, we can offload part of the computation to the fog; however, this poses security concerns if the fog node, or the communication link, can not be trusted.
We propose a novel distributed edge-fog execution scheme that validates fog computation by redundantly executing a random subnetwork aboard our nano-drone.
arXiv Detail & Related papers (2023-07-04T08:29:41Z) - Task-aware Distributed Source Coding under Dynamic Bandwidth [24.498190179263837]
We propose a distributed compression framework composed of independent encoders and a joint decoder, which we call neural distributed principal component analysis (NDPCA)
NDPCA flexibly compresses data from multiple sources to any available bandwidth with a single model, reducing computing and storage overhead.
Experiments show that NDPCA improves the success rate of multi-view robotic arm manipulation by 9% and the accuracy of object detection tasks on satellite imagery by 14%.
arXiv Detail & Related papers (2023-05-24T19:20:59Z) - Rediscovering Hashed Random Projections for Efficient Quantization of
Contextualized Sentence Embeddings [113.38884267189871]
Training and inference on edge devices often requires an efficient setup due to computational limitations.
Pre-computing data representations and caching them on a server can mitigate extensive edge device computation.
We propose a simple, yet effective approach that uses randomly hyperplane projections.
We show that the embeddings remain effective for training models across various English and German sentence classification tasks that retain 94%--99% of their floating-point.
arXiv Detail & Related papers (2023-03-13T10:53:00Z) - Point-to-Box Network for Accurate Object Detection via Single Point
Supervision [51.95993495703855]
We introduce a lightweight alternative to the off-the-shelf proposal (OTSP) method.
P2BNet can construct an inter-objects balanced proposal bag by generating proposals in an anchor-like way.
The code will be released at COCO.com/ucas-vg/P2BNet.
arXiv Detail & Related papers (2022-07-14T11:32:00Z) - An Adaptive Device-Edge Co-Inference Framework Based on Soft
Actor-Critic [72.35307086274912]
High-dimension parameter model and large-scale mathematical calculation restrict execution efficiency, especially for Internet of Things (IoT) devices.
We propose a new Deep Reinforcement Learning (DRL)-Soft Actor Critic for discrete (SAC-d), which generates the emphexit point, emphexit point, and emphcompressing bits by soft policy iterations.
Based on the latency and accuracy aware reward design, such an computation can well adapt to the complex environment like dynamic wireless channel and arbitrary processing, and is capable of supporting the 5G URL
arXiv Detail & Related papers (2022-01-09T09:31:50Z) - MCUNetV2: Memory-Efficient Patch-based Inference for Tiny Deep Learning [72.80896338009579]
We find that the memory bottleneck is due to the imbalanced memory distribution in convolutional neural network (CNN) designs.
We propose a generic patch-by-patch inference scheduling, which significantly cuts down the peak memory.
We automate the process with neural architecture search to jointly optimize the neural architecture and inference scheduling, leading to MCUNetV2.
arXiv Detail & Related papers (2021-10-28T17:58:45Z) - A flow-based IDS using Machine Learning in eBPF [3.631024220680066]
eBPF is a new technology which allows dynamically loading pieces of code into the Linux kernel.
We show that it is possible to develop a flow based network intrusion detection system based on machine learning entirely in eBPF.
arXiv Detail & Related papers (2021-02-19T15:20:51Z) - Near-chip Dynamic Vision Filtering for Low-Bandwidth Pedestrian
Detection [99.94079901071163]
This paper presents a novel end-to-end system for pedestrian detection using Dynamic Vision Sensors (DVSs)
We target applications where multiple sensors transmit data to a local processing unit, which executes a detection algorithm.
Our detector is able to perform a detection every 450 ms, with an overall testing F1 score of 83%.
arXiv Detail & Related papers (2020-04-03T17:36:26Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.