Towards Language-Based Mitigation of Traffic Analysis Attacks

Traffic analysis attacks pose a major risk for online security. Distinctive patterns in communication act as fingerprints, enabling adversaries to de-anonymise communicating parties or to infer sensitive information. Despite the attacks being known for decades, practical solution are scarce. Network...

Full description

Saved in:
Bibliographic Details
Published in:Proceedings (IEEE Computer Security Foundations Symposium) pp. 1 - 15
Main Authors: Blaabjerg, Jeppe Fredsgaard, Askarov, Aslan
Format: Conference Proceeding
Language:English
Published: IEEE 01.06.2021
Subjects:
Bandwidth
Communication channels
Computer security
Eavesdropping
Fingerprint recognition
Knowledge based systems
language-based security
noninterference
Security
Traffic analysis
ISSN:2374-8303
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Traffic analysis attacks pose a major risk for online security. Distinctive patterns in communication act as fingerprints, enabling adversaries to de-anonymise communicating parties or to infer sensitive information. Despite the attacks being known for decades, practical solution are scarce. Network layer countermeasures have relied on black box padding schemes that require significant overheads in latency and bandwidth to mitigate the attacks, without fundamentally preventing them, and the problem has received little attention in the language-based information flow literature. Language-based methods provide a strong foundation for fundamentally addressing security issues, but previous work has overwhelmingly assumed that interactive programs communicate over secure channels, where messages are undetectable by unprivileged adversaries. This assumption is too strong for online communication where packets can be trivially observed by eavesdropping. In this paper we introduce SELENE, a small language for principled, provably secure communication over channels where packets are publicly observable, and we demonstrate how our program level defence can reduce the latency and bandwidth overheads induced compared with program-agnostic defence mechanisms. We believe that our results constitute a step towards practical, secure online communication.
ISSN:2374-8303
DOI:10.1109/CSF51468.2021.00030