Network Traffic Shaping for Enhancing Privacy in IoT Systems

Motivated by privacy issues caused by inference attacks on user activities in the packet sizes and timing information of Internet of Things (IoT) network traffic, we establish a rigorous event-level differential privacy (DP) model on infinite packet streams. We propose a memoryless traffic shaping mechanism satisfying a first-come-first-served queuing discipline that outputs traffic dependent on the input using a DP mechanism. We show that in special cases the proposed mechanism recovers existing shapers which standardize the output independently from the input. To find the optimal shapers for given levels of privacy and transmission efficiency, we formulate the constrained problem of minimizing the expected delay per packet and propose using the expected queue size across time as a proxy. We further show that the constrained minimization is a convex program. We demonstrate the effect of shapers on both synthetic data and packet traces from actual IoT devices. The experimental results reveal inherent privacy-overhead tradeoffs: more shaping overhead provides better privacy protection. Under the same privacy level, there naturally exists a tradeoff between dummy traffic and delay. When dealing with heavier or less bursty input traffic, all shapers become more overhead-efficient. We also show that increased traffic from a larger number of IoT devices makes guaranteeing event-level privacy easier. The DP shaper offers tunable privacy that is invariant with the change in the input traffic distribution and has an advantage in handling burstiness over traffic-independent shapers. This approach well accommodates heterogeneous network conditions and enables users to adapt to their privacy/overhead demands.

[1]  Charles V. Wright,et al.  Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? , 2007, USENIX Security Symposium.

[2]  Dogan Kesdogan,et al.  Stop-and-Go-MIXes Providing Probabilistic Anonymity in an Open System , 1998, Information Hiding.

[3]  Charles V. Wright,et al.  Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis , 2009, NDSS.

[4]  George Theodorakopoulos,et al.  Detecting IoT User Behavior and Sensitive Information in Encrypted IoT-App Traffic , 2019, Sensors.

[5]  Douglas J. Leith,et al.  Proportional fair rate allocation for private shared networks , 2016, 2016 IEEE Symposium on Computers and Communication (ISCC).

[6]  George Danezis,et al.  The Traffic Analysis of Continuous-Time Mixes , 2004, Privacy Enhancing Technologies.

[7]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[8]  Levente Buttyan,et al.  Traffic analysis attacks and countermeasures in wireless body area sensor networks , 2012, 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[9]  Athanasios V. Vasilakos,et al.  The Quest for Privacy in the Internet of Things , 2016, IEEE Cloud Computing.

[10]  Wei Wang,et al.  Dependent link padding algorithms for low latency anonymity systems , 2008, CCS.

[11]  Anand D. Sarwate,et al.  Defending Against Packet-Size Side-Channel Attacks in Iot Networks , 2018, 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[12]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[13]  Pierre A. Humblet,et al.  Determinism minimizes waiting time in queues , 1982 .

[14]  Lili Qiu,et al.  Statistical identification of encrypted Web browsing traffic , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[15]  Nor Badrul Anuar,et al.  The rise of traffic classification in IoT networks: A survey , 2020, J. Netw. Comput. Appl..

[16]  Wade Trappe,et al.  BIT-TRAPS: Building Information-Theoretic Traffic Privacy Into Packet Streams , 2011, IEEE Transactions on Information Forensics and Security.

[17]  Ashwin Machanavajjhala,et al.  Blowfish privacy: tuning privacy-utility trade-offs using policies , 2013, SIGMOD Conference.

[18]  Yang Lu,et al.  Internet of Things (IoT) Cybersecurity Research: A Review of Current Research Topics , 2019, IEEE Internet of Things Journal.

[19]  Fabian Monrose,et al.  Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-iks , 2011, 2011 IEEE Symposium on Security and Privacy.

[20]  G. Danezis Measuring anonymity : a few thoughts and a differentially private bound , 2013 .

[21]  D. Yao,et al.  Strong stochastic convexity: closure properties and applications , 1991 .

[22]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[23]  Nick Feamster,et al.  A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic , 2017, ArXiv.

[24]  Kasem Khalil,et al.  Towards Privacy Preserving IoT Environments: A Survey , 2018, Wirel. Commun. Mob. Comput..

[25]  Andrea Baiocchi,et al.  Internet Traffic Privacy Enhancement with Masking: Optimization and Tradeoffs , 2014, IEEE Transactions on Parallel and Distributed Systems.

[26]  D. V. Lindley,et al.  The theory of queues with a single server , 1952, Mathematical Proceedings of the Cambridge Philosophical Society.

[27]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[28]  Anand D. Sarwate,et al.  Randomized requantization with local differential privacy , 2016, 2016 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[29]  Pramod Viswanath,et al.  The Composition Theorem for Differential Privacy , 2013, IEEE Transactions on Information Theory.

[30]  Hamed Haddadi,et al.  Privacy and Utility Preserving Sensor-Data Transformations , 2019, Pervasive Mob. Comput..

[31]  Yizhen Wang,et al.  Pufferfish Privacy Mechanisms for Correlated Data , 2016, SIGMOD Conference.

[32]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[33]  Ashwin Machanavajjhala,et al.  Olympus: Sensor Privacy through Utility Aware Obfuscation , 2019, Proc. Priv. Enhancing Technol..

[34]  R. Gallager Stochastic Processes , 2014 .

[35]  Moni Naor,et al.  Differential privacy under continual observation , 2010, STOC '10.

[36]  Nick Feamster,et al.  Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping , 2018, Proc. Priv. Enhancing Technol..

[37]  Moni Naor,et al.  Our Data, Ourselves: Privacy Via Distributed Noise Generation , 2006, EUROCRYPT.

[38]  Chuan Yue,et al.  Attacking and Protecting Tunneled Traffic of Smart Home Devices , 2020, CODASPY.

[39]  Bart Preneel,et al.  Taxonomy of Mixes and Dummy Traffic , 2004, International Information Security Workshops.

[40]  Stavros Papadopoulos,et al.  Differentially Private Event Sequences over Infinite Streams , 2014, Proc. VLDB Endow..

[41]  Winfried K. Grassmann,et al.  Numerical Solutions of the Waiting Time Distribution and Idle Time Distribution of the Arithmetic GI/G/1 Queue , 1989, Oper. Res..

[42]  Parth H. Pathak,et al.  Uncovering Privacy Leakage in BLE Network Traffic of Wearable Fitness Trackers , 2016, HotMobile.

[43]  Nick Feamster,et al.  Closing the Blinds: Four Strategies for Protecting Smart Home Privacy from Network Observers , 2017, ArXiv.

[44]  Anand D. Sarwate,et al.  Optimal differential privacy mechanisms under Hamming distortion for structured source classes , 2016, 2016 IEEE International Symposium on Information Theory (ISIT).

[45]  Frank McSherry,et al.  Privacy integrated queries: an extensible platform for privacy-preserving data analysis , 2009, SIGMOD Conference.

[46]  Nick Feamster,et al.  Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic , 2017, ArXiv.

[47]  John L. Gustafson,et al.  Little's Law , 2011, Encyclopedia of Parallel Computing.

[48]  Riccardo Bettati,et al.  Analytical and empirical analysis of countermeasures to traffic analysis attacks , 2003, 2003 International Conference on Parallel Processing, 2003. Proceedings..

[49]  Claudia Díaz,et al.  Comparison Between Two Practical Mix Designs , 2004, ESORICS.