Thwarting Wi-Fi Side-Channel Analysis through Traffic Demultiplexing

Fan Zhang, Wenbo He, Yangyi Chen, Zhou Li, XiaoFeng Wang, Shuo Chen, Xue Liu
<span title="">2014</span> <i title="Institute of Electrical and Electronics Engineers (IEEE)"> <a target="_blank" rel="noopener" href="" style="color: black;">IEEE Transactions on Wireless Communications</a> </i> &nbsp;
Side-channel information leaks have been reported in various online applications, especially, in wireless local area networks (WLANs) due to the shared-medium nature of wireless links and the ease of eavesdropping. Even when Wi-Fi traffic is encrypted, its characteristics are identifiable, which can be used to infer sensitive user activities and data. Existing countermeasures do not offer effective and efficient protection: packet padding and traffic morphing often bring in substantial
more &raquo; ... tion overheads; attempts to anonymize user identifiers are vulnerable to the analysis based upon traffic statistics, which allows the adversary to link traffic traces to individual users. In this paper, we present a new technique, called traffic demultiplexing, which offers effective protection against Wi-Fi traffic analysis without incurring noticeable overhead and performance degradation. Our approach utilizes Media Access Control (MAC) layer virtualization and packet scheduling over multiple virtual MAC interfaces to shape the traffic on each virtual MAC interface, so as to hide the original traffic characteristics. Different from the higher-layer defensive approaches designed for specific applications, traffic demultiplexing operates at the MAC layer and therefore provides a general defense for various applications. In addition, it is transparent to users and other protocol stacks. We implemented our technique over Multiband Atheros Driver for Wi-Fi (MadWifi) and evaluated it in real WLAN environments. Our experimental study demonstrates that traffic demultiplexing is effective and efficient in defending against traffic analysis attacks and also easy to deploy. Side-channel information leaks are pervasive in different communication scenarios, including web browsing [1, 2], video-streaming [3], voice over-IP (VoIP) applications [4] [5] , and secure shell (SSH) [6] . These information leaks are mostly caused by analyzing statistical characteristics of encrypted traffic, such as distributions of packet sizes, inter-packet timings and others. Adversaries are found to be able to tailor traffic analysis techniques to seriously threaten user privacy, even when the traffic is protected by up-to-date encryption techniques. Just through the analysis on traffic characteristics, for example, adversaries can identify online activities (e.g., web-browsing, chatting, online gaming, online video, and downloading) [7-9], then infer the sources of web pages or contents of those online activities [1, 10] , and further obtain sensitive information, such as health records, family incomes, and investment strategies etc [2] .
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="">doi:10.1109/twc.2013.121013.121473</a> <a target="_blank" rel="external noopener" href="">fatcat:u7pjtphj2vfm5pnvetikozperq</a> </span>
<a target="_blank" rel="noopener" href="" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href=""> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> </button> </a>