UC Santa Barbara

Modern software systems such as web clients and Internet of Things (IoT) devices regularly access and transmit private and sensitive data such as location information or user actions. Although these systems use secure and encrypted communications to transmit this information, the information can be recovered by observing the side effects of the communication such as packet sizes, timings and source and destination information which is public to any eavesdropper. These side effects can be obfuscated by delaying packet timings, padding packet contents or injecting dummy packets. These obfuscations also impact the quality of transmission, therefore a balance between user privacy and network overhead is needed.

In this dissertation, we provide methods for (1) detecting and quantifying network side-channel information leakages, (2) input generation for automating analysis of network side-channels, (3) automating side-channel mitigation with user constraints. Firstly, we present how the network side-channels can be detected and quantified by identifying relevant features with trace analysis. Our approach quantifies the information leakage of each feature using Shannon entropy and probability estimation methods, and provides a ranking of features based on the amount of leakage. Secondly, we discuss how the detection and quantification can be improved by dynamically generating inputs based on user provided mutators and seed inputs. Our method determines which features are affecting the information leakage and picks the mutators that influence those features or the secret. Thirdly, we present approaches on measuring the amount of information leakage using upper and lower bounds on the estimates. We also present techniques that synthesize side-channel attacks using classifiers and provide upper bounds on classifier accuracy. Then, we present a search-based method to generate mitigation strategies to information leakages based on user constraints to balance network overhead and leakage amount. Our approach iterates over the top ranking features and tries to reduce the information leakage of each feature by searching a padding and delaying strategy that minimizes an objective function based on the amount of leakage and network overhead, stopping when no further improvement is found. Lastly, we present the tool we developed which unifies the described approaches in a single workflow. For all approaches, we demonstrate their effectiveness on a set of experimental benchmarks.