Client-Side Mitigation of Remote Latency Side-Channel Attacks

Abstract

Remote latency side channels reveal sensitive information by only observing latency variations in the attacker’s traffic with the victim. While these attacks are easy to mount and scale, there is no practical defense. Considering the more powerful attacker-in-the-middle scenarios, available mitigations require the cooperation of all communication partners for protection, and cause prohibitive overheads.

In this paper, we propose AckwardDelay, a new unilateral, purely client-side, and lightweight defense against remote latency side channels. In detail, we piece-wise apply constant-time principles on the latency side channel and computationally show that a fully remote attacker requires more than 250 samples to reduce the initial search space to below 1% with our recommended parameters, even in a scenario favoring the attacker. Based on our proof-of-concept AckwardDelay implementation with less than 1000 lines of code on Linux, we demonstrate that the accuracy of website- and video-fingerprinting attacks is reduced to random guessing in practice. With an increase of only 5.55% on website-loading times and a reduction of only 0.51% in transfer rates, we conclude that AckwardDelay is a practical, lightweight, and effective mitigation applicable to the vast number of client systems such as smart phones, tablets, and laptops.

Mehr zum Titel