Low-Cost Side Channel Remote Traffic Analysis Attack in Packet Networks

This paper presents a dangerous low-cost traffic analysis attack in packet-based networks, such as the Internet. The attack is mountable in any scenario where a shared routing resource exists among users. A real-world attack successfully compromised the privacy of a user without requiring significant resources in terms of access, memory, or computational power. The effectiveness of our attack is demonstrated in a scenario where the user's DSL router uses FCFS scheduling policy. Specifically, we show that by using a low-rate sequence of probes, a remote attacker can obtain significant traffic-timing and volume information about a particular user, just by observing the round trip time of the probes. We also observe that even when the scheduling policy is changed to round-robin, while the correlation reduces significantly, the attacker can still reliably deduce user's traffic pattern. Most of the router scheduling policies designed to date are evaluated mostly on the metrics of throughput, delay and fairness. Our work is aimed to demonstrate a need for considering an additional metric that quantifies the information leak between the individual traffic flows through the router.