The reviewed record of science sign in
Pith

arxiv: 2309.05941 · v1 · pith:HT4H24GA · submitted 2023-09-12 · cs.CR

Random Segmentation: New Traffic Obfuscation against Packet-Size-Based Side-Channel Attacks

Reviewed by Pithpith:HT4H24GAopen to challenge →

classification cs.CR
keywords packetdataaddingnoiseaddedapproachcontroldevice
0
0 comments X
read the original abstract

Despite encryption, the packet size is still visible, enabling observers to infer private information in the Internet of Things (IoT) environment (e.g., IoT device identification). Packet padding obfuscates packet-length characteristics with a high data overhead because it relies on adding noise to the data. This paper proposes a more data-efficient approach that randomizes packet sizes without adding noise. We achieve this by splitting large TCP segments into random-sized chunks; hence, the packet length distribution is obfuscated without adding noise data. Our client-server implementation using TCP sockets demonstrates the feasibility of our approach at the application level. We realize our packet size control by adjusting two local socket-programming parameters. First, we enable the TCP_NODELAY option to send out each packet with our specified length. Second, we downsize the sending buffer to prevent the sender from pushing out more data than can be received, which could disable our control of the packet sizes. We simulate our defense on a network trace of four IoT devices and show a reduction in device classification accuracy from 98% to 63%, close to random guessing. Meanwhile, the real-world data transmission experiments show that the added latency is reasonable, less than 21%, while the added packet header overhead is only about 5%.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Secrets Best Not Shared: DNS Privacy Enhancements for the Constrained IoT

    cs.CR 2026-06 unverdicted novelty 6.0

    DNS over CoAP with packet length equalization, block-wise transfer, header and payload compression reduces DNS identification accuracy to 77-86% in constrained IoT scenarios, outperforming DNS over HTTPS.