Targeted Black-Box Side-Channel Mitigation for IoT

In this paper we present techniques for generating targeted mitigation strategies for network side-channel vulnerabilities in IoT applications. Our tool IoTPatch profiles the target IoT application by capturing the network traffic and labeling the network traces with the corresponding user actions. It extracts features such as packet sizes and times from the captured traces, and quantifies the information leakage by modeling the distribution of feature values. In order to mitigate the side-channel vulnerabilities, IoTPatch uses the information leakage measure over features to prioritize specific features and synthesizes a packet padding and delaying strategy based on an objective function for minimizing information leakage and time and space overhead. IoTPatch provides a tunable mitigation strategy where the trade-off between the information leakage and performance overhead can be adjusted to accommodate needs of different applications. We evaluate IoTPatch on three network benchmarks and demonstrate that IoTPatch can discover and quantify the information leakage and synthesize a set of Pareto optimal mitigation strategies performing better than the prior work in terms of reducing leakage and overhead.