Classification of Encrypted IoT Traffic despite Padding and Shaping

Aviv Engelberg, Avishai Wool

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations

Abstract

It is well-known that when IoT traffic is unencrypted it is possible to identify the active devices based on their TCP/IP headers. And when traffic is encrypted, packet-sizes and timings can still be used to do so. To defend against such fingerprinting, traffic padding and shaping were introduced. In this paper we show that even with these mitigations, the privacy of IoT consumers can still be violated. The main tool we use in our analysis is the full distribution of packet-size - -as opposed to commonly used statistics such as mean and variance. We evaluate the performance of a local adversary, such as a snooping neighbor or a criminal, against 8∼different padding methods. We show that our classifiers achieve perfect (100% accuracy) classification using the full packet-size distribution for low-overhead methods, whereas prior works that rely on statistical metadata achieved lower rates even when no padding and shaping were used. We also achieve an excellent classification rate even against high-overhead methods. We further show how an external adversary such as a malicious ISP or a government intelligence agency, who only sees the padded and shaped traffic as it goes through a VPN, can accurately identify the subset of active devices with Recall and Precision of at least 96%. Finally, we also propose a new method of padding we call the Dynamic STP (DSTP) that incurs significantly less per-packet overhead compared to other padding methods we tested and guarantees more privacy to IoT consumers.

Original languageEnglish
Title of host publicationWPES 2022 - Proceedings of the 21st Workshop on Privacy in the Electronic Society, co-located with CCS 2022
PublisherAssociation for Computing Machinery, Inc
Pages1-13
Number of pages13
ISBN (Electronic)9781450398732
DOIs
StatePublished - 7 Nov 2022
Event21st Workshop on Privacy in the Electronic Society, WPES 2022 - Los Angeles, United States
Duration: 7 Nov 2022 → …

Publication series

NameWPES 2022 - Proceedings of the 21st Workshop on Privacy in the Electronic Society, co-located with CCS 2022

Conference

Conference21st Workshop on Privacy in the Electronic Society, WPES 2022
Country/TerritoryUnited States
CityLos Angeles
Period7/11/22 → …

Keywords

  • iot devices
  • packet-size
  • traffic padding and shaping

Fingerprint

Dive into the research topics of 'Classification of Encrypted IoT Traffic despite Padding and Shaping'. Together they form a unique fingerprint.

Cite this