Quantifying the Information Leakage in Timing Side Channels in Deterministic Work-Conserving Schedulers

When multiple job processes are served by a single scheduler, the queueing delays of one process are often affected by the others, resulting in a timing side channel that leaks the arrival pattern of one process to the others. In this work, we study such a timing side channel between a regular user and a malicious attacker. Utilizing Shannon’s mutual information as a measure of information leakage between the user and attacker, we analyze privacy-preserving behaviors of common work-conserving schedulers. We find that the attacker can always learn perfectly the user’s arrival process in a longest-queue-first (LQF) scheduler. When the user’s job arrival rate is very low (near zero), first-come–first-serve (FCFS) and round-robin schedulers both completely reveal the user’s arrival pattern. The near-complete information leakage in the low-rate traffic region is proven to be reduced by half in a work-conserving version of TDMA (WC-TDMA) scheduler, which turns out to be privacy-optimal in the class of deterministic working-conserving (det-WC) schedulers, according to a universal lower bound on information leakage we derive for all det-WC schedulers.

[1]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[2]  Ira S. Moskowitz,et al.  A pump for rapid, reliable, secure communication , 1993, CCS '93.

[3]  Nikita Borisov,et al.  Website Detection Using Remote Traffic Analysis , 2011, Privacy Enhancing Technologies.

[4]  Xun Gong,et al.  Information theoretic analysis of side channel information leakage in FCFS schedulers , 2011, 2011 IEEE International Symposium on Information Theory Proceedings.

[5]  Roch Guérin,et al.  Buffer Size Requirements Under Longest Queue First , 1993, Perform. Evaluation.

[6]  Bernhard Plattner,et al.  Introducing MorphMix: peer-to-peer based anonymous Internet usage with collusion detection , 2002, WPES '02.

[7]  Bruce E. Hajek,et al.  An information-theoretic and game-theoretic study of timing channels , 2002, IEEE Trans. Inf. Theory.

[8]  Todd P. Coleman,et al.  Characterizing the Efficacy of the NRL Network Pump in Mitigating Covert Timing Channels , 2012, IEEE Transactions on Information Forensics and Security.

[9]  Parv Venkitasubramaniam,et al.  Mitigating timing based information leakage in shared schedulers , 2012, 2012 Proceedings IEEE INFOCOM.

[10]  Ira S. Moskowitz,et al.  An analysis of the timed Z-channel , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[11]  Bruce S. Davie,et al.  Computer Networks ISE: A Systems Approach , 2007 .

[12]  Xun Gong,et al.  Low-Cost Side Channel Remote Traffic Analysis Attack in Packet Networks , 2010, 2010 IEEE International Conference on Communications.

[13]  Farinaz Koushanfar,et al.  A Timing Channel Spyware for the CSMA/CA Protocol , 2013, IEEE Transactions on Information Forensics and Security.

[14]  Kazuo Murota,et al.  Relationship of M-/L-convex functions with discrete convex functions by Miller and Favati-Tardella , 2001, Discret. Appl. Math..

[15]  Danfeng Zhang,et al.  Predictive black-box mitigation of timing channels , 2010, CCS '10.

[16]  Andrew C. Singer,et al.  Finite block-length achievable rates for queuing timing channels , 2011, 2011 IEEE Information Theory Workshop.

[17]  Xun Gong,et al.  Designing Router Scheduling Policies: A Privacy Perspective , 2012, IEEE Transactions on Signal Processing.

[18]  Peter Green,et al.  Markov chain Monte Carlo in Practice , 1996 .

[19]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[20]  Alexander L. Stolyar,et al.  Scheduling for multiple flows sharing a time-varying channel: the exponential rule , 2000 .

[21]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[22]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[23]  Ove Frank,et al.  Entropy of sums of random digits , 1994 .

[24]  Jonathan K. Millen Finite-state noiseless covert channels , 1989, Proceedings of the Computer Security Foundations Workshop II,.

[25]  Herwig Bruneel,et al.  Message Delay in TDMA Channels with Contiguous Output , 1986, IEEE Trans. Commun..

[26]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[27]  Steven G. Krantz,et al.  Handbook of Complex Variables , 1999 .

[28]  Carla E. Brodley,et al.  IP Covert Channel Detection , 2009, TSEC.

[29]  Negar Kiyavash,et al.  Delay optimal policies offer very little privacy , 2013, 2013 Proceedings IEEE INFOCOM.

[30]  Bruce S. Davie,et al.  Computer Networks: A Systems Approach , 1996 .

[31]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[32]  F. G. Foster On the Stochastic Matrices Associated with Certain Queuing Processes , 1953 .

[33]  Saurabh Bagchi,et al.  Capacity Bounds on Timing Channels with Bounded Service Times , 2007, 2007 IEEE International Symposium on Information Theory.

[34]  Danfeng Zhang,et al.  Predictive mitigation of timing channels in interactive systems , 2011, CCS '11.

[35]  Sergio Verdú,et al.  Bits through queues , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[36]  E. L. Hahne,et al.  Round robin scheduling for fair flow control in data communication networks , 1986, ICC.