WO2021073737A1 - Apparatus and method for context based message traffic fuzzying - Google Patents

Apparatus and method for context based message traffic fuzzying Download PDF

Info

Publication number
WO2021073737A1
WO2021073737A1 PCT/EP2019/078161 EP2019078161W WO2021073737A1 WO 2021073737 A1 WO2021073737 A1 WO 2021073737A1 EP 2019078161 W EP2019078161 W EP 2019078161W WO 2021073737 A1 WO2021073737 A1 WO 2021073737A1
Authority
WO
WIPO (PCT)
Prior art keywords
context
traffic
iot devices
processor
noise
Prior art date
Application number
PCT/EP2019/078161
Other languages
French (fr)
Inventor
Oleg Pogorelik
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Priority to CN201980101182.2A priority Critical patent/CN114556995A/en
Priority to PCT/EP2019/078161 priority patent/WO2021073737A1/en
Publication of WO2021073737A1 publication Critical patent/WO2021073737A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/40Jamming having variable characteristics
    • H04K3/45Jamming having variable characteristics characterized by including monitoring of the target or target signal, e.g. in reactive jammers or follower jammers for example by means of an alternation of jamming phases and monitoring phases, called "look-through mode"
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/20Countermeasures against jamming
    • H04K3/22Countermeasures against jamming including jamming detection and monitoring
    • H04K3/224Countermeasures against jamming including jamming detection and monitoring with countermeasures at transmission and/or reception of the jammed signal, e.g. stopping operation of transmitter or receiver, nulling or enhancing transmitted power in direction of or at frequency of jammer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/40Jamming having variable characteristics
    • H04K3/41Jamming having variable characteristics characterized by the control of the jamming activation or deactivation time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/40Jamming having variable characteristics
    • H04K3/46Jamming having variable characteristics characterized in that the jamming signal is produced by retransmitting a received signal, after delay or processing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/60Jamming involving special techniques
    • H04K3/65Jamming involving special techniques using deceptive jamming or spoofing, e.g. transmission of false signals for premature triggering of RCIED, for forced connection or disconnection to/from a network or for generation of dummy target signal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/80Jamming or countermeasure characterized by its function
    • H04K3/82Jamming or countermeasure characterized by its function related to preventing surveillance, interception or detection
    • H04K3/825Jamming or countermeasure characterized by its function related to preventing surveillance, interception or detection by jamming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K2203/00Jamming of communication; Countermeasures
    • H04K2203/10Jamming or countermeasure used for a particular application
    • H04K2203/18Jamming or countermeasure used for a particular application for wireless local area networks or WLAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K2203/00Jamming of communication; Countermeasures
    • H04K2203/30Jamming or countermeasure characterized by the infrastructure components
    • H04K2203/34Jamming or countermeasure characterized by the infrastructure components involving multiple cooperating jammers

Abstract

An apparatus includes a processor coupled to a memory, where the processor is configured to: receive at least one context attribute that includes one or more of a system and environment attributes, a user input, a device information, and a sensed information; select a security context based on the received at least one context attribute; determine a protective action based on the selected security context; determine one or more traffic controls based on the determined protective action and the at least one context attribute; and, send the one or more traffic controls to the one or more IoT devices, where the one or more traffic controls are adapted to cause the one or more IoT devices to perform the protective action.

Description

APPARATUS AND METHOD FOR CONTEXT BASED MESSAGE TRAFFIC
FUZZYING
TECHNICAL FIELD
[0001] The aspects of the disclosed embodiments relate generally to computer security systems, and more particularly to securing computer network communications.
BACKGROUND
[0002] Modem network based information systems, such as security systems, and health or medical monitoring applications, rely on the internet of things (IoT) to gather information necessary for performing their intended tasks. An ever expanding range of IoT devices such as motion detectors, temperature sensors and monitors, communication devices etc. allows gathering a wide range of information. The ever increasing amount and types of data being generated by the IoT devices and transmitted over digital networks open many new attack vectors which all need to be secured.
[0003] Most conventional network based systems employ encryption to protect transmitted data. However, a large amount of information can still be inferred based on the meta data associated with network message traffic. This meta-data may include the size, frequency, source, destination, and even presence, of messages being transmitted by these IoT devices. For example when a motion detector is silent for long periods of time then suddenly transmits messages, an attacker can infer that motion was detected by that IoT device. When data is transmitted to an endpoint belonging to a company producing motion detection and sensing devices, information about occupants within an area may be inferred. These types of security attacks are referred to as side channel attacks.
[0004] Conventional solutions include for example programming an IoT device to transmit a continuous stream of messages, thereby preventing the simple side channel attack described above. This approach however wastes valuable resources such as device power, network bandwidth, and other system resources to transmit these noise messages.
[0005] Thus there is a need for improved methods and apparatus to protect against side channel attacks in a more resource friendly manner. Accordingly, it would be desirable to provide methods and apparatus that address at least some of the problems described above. SUMMARY
[0006] It is an object of the disclosed embodiments to provide improved methods and apparatus that can provide effective side channel protections while minimizing resource usage. This object is solved by the subject matter of the independent claims. Further advantageous modifications can be found in the dependent claims. [0007] According to a first aspect, the above and further obj ects and advantages are obtained by an apparatus that includes a processor coupled to a memory. The processor is configured to: receive at least one context attribute, where the at least one context attribute includes one or more of a system and environment attributes, a user input, a device information, and a sensed information; select a security context based on the received at least one context attribute; determine a protective action based on the selected security context; and determine one or more traffic controls based on the determined protective action and the at least one context attribute. The processor sends the one or more traffic controls to the one or more IoT devices. The one or more traffic controls are adapted to cause the one or more IoT devices to perform the protective action.
[0008] In a first possible implementation form of the apparatus, the security context comprises one of a protecting privacy context, a hiding selected activities context, an intrusion mitigation context, and a no risk context. Using various security contexts allows classification of the system state as a security context indicating differing system goals.
[0009] In a possible implementation form of the apparatus, the processor is configured to select the protecting privacy context when one or more persons are within a protected area and a time is within a predetermined time range. Selection of the protecting privacy context indicates particular protective actions advantageous for protecting the privacy of areas of interest to the system.
[0010] In a possible implementation form of the apparatus, the processor is configured to select the hiding selected activities context when a guard is on-duty and the time is within a predetermined patrol period. Hiding selected activities can be advantageous in many situations, for example to hide the movements of a security guard.
[0011] In a possible implementation form of the apparatus, the protective action includes one or more of a fully suppressing generation of message traffic, a generating fuzzy noise message traffic, a replaying a recorded message traffic, and a replaying a pre-determined message traffic. Use of multiple protective actions allows the apparatus to adjust system behavior for a variety of different goals and states.
[0012] In a possible implementation form of the apparatus, the one or more traffic controls are configured to cause a first IoT device to generate a first noise traffic pattern and to cause a second IoT device to generate a second noise traffic pattern, wherein the first and second noise traffic patterns are offset in time. Coordinating traffic patterns among multiple IoT devices provides additional flexibility which may be used to effectively confuse attackers while minimizing use of system resources.
[0013] In a possible implementation form of the apparatus, when the selected security context is the hiding activities context, the one or more traffic controls are configured to cause one or more of the one or more IoT devices to suppress message traffic. Fully suppressing message traffic prevents a side channel attack from detecting when an event, such as detecting an intruder or the movements of a guard, has occurred.
[0014] In a possible implementation form of the apparatus, the one or more traffic controls are configured to produce randomly spaced noise signals from two or more IoT devices. Coordinating randomly spaced signals from multiple IoT devices provides the advantage of confusing an attacker with significantly reduce resource usage. For example sending occasional messages from several devices with relatively low frequencies will cause the same confusion as all devices frequently transmitting occasional messages. [0015] In a possible implementation form of the apparatus, the device information includes power information, and the processor is configured to adapt the one or more traffic controls based on the power information. The power information includes information about power capabilities of at least one IoT device in the one or more IoT devices. Including power information in the device information. [0016] In a possible implementation form of the apparatus, the processor is configured to determine the one or more traffic controls based on a network bandwidth. Conservation of network bandwidth can provide significant cost savings. [0017] In a possible implementation form of the apparatus, the processor is configured to determine the one or more traffic controls based on a maximum report rate, where the maximum report rate is determined dynamically based on a determined minimum amount of noise traffic and a maximum transmission rate of the one or more IoT devices. This allows the traffic controls to be adapted in a way that optimizes network usage.
[0018] In a possible implementation form of the apparatus, the one or more traffic controls include one or more of a packets to replay, a scripts to replay, a random packet sizes, a transmission frequency, a session length, a maximum data volumes, and a stop condition. Having various choices for generation of message traffic allows more efficient system optimization. [0019] According to a second aspect, the above and further objects and advantages are obtained by a method including receiving at least one context attribute, where the received at least one context attribute includes one or more of a system and environment attributes, a user input, a device information, and a sensed information. Selecting a security context based on the received at least one context attribute; determining a protective action based on the selected security context; and determining one or more traffic controls based on the determined protective action and the at least one context attribute. The method sends the traffic controls to one or more IoT devices, where the one or more traffic controls are configured to cause the one or more IoT devices to perform the protective action.
[0020] In a first possible implementation form of the method, the security context comprises one of a protecting privacy context, a hiding selected activities context, an intrusion mitigation context, and a no risk context. Using various security contexts allows classification of the system state as a security context indicating differing system goals. [0021] According to a third aspect, the above and further objects and advantages are obtained by a computer program product including non-transitory computer program instructions that when executed by a processor are configured to cause the processor to perform the method according to the second aspect. [0022] These and other aspects, implementation forms, and advantages of the exemplary embodiments will become apparent from the embodiments described herein considered in conjunction with the accompanying drawings. It is to be understood, however, that the description and drawings are designed solely for purposes of illustration and not as a definition of the limits of the disclosed invention, for which reference should be made to the appended claims. Additional aspects and advantages of the invention will be set forth in the description that follows, and in part will be obvious from the description, or may be learned by practice of the invention. Moreover, the aspects and advantages of the invention may be realized and obtained by means of the instrumentalities and combinations particularly pointed out in the appended claims.
BRIEF DESCRIPTION OF THE DRAWINGS [0023] In the following detailed portion of the present disclosure, the invention will be explained in more detail with reference to the example embodiments shown in the drawings, in which:
[0024] Figure 1 illustrates a block diagram showing a computing system configured to employ context based traffic fuzzying to protect against side channel attacks incorporating aspects of the disclosed embodiments;
[0025] Figure 2 illustrates graphs depicting exemplary message traffic as may be transmitted by IoT devices incorporating aspects of the disclosed embodiments; [0026] Figure 3 illustrates graphs showing how side channel protection may be applied in a system having multiple IoT devices incorporating aspects of the disclosed embodiments;
[0027] Figure 4 illustrates graphs showing a novel approach for protecting against side channel attacks incorporating aspects of the disclosed embodiments;
[0028] Figure 5 illustrates a flow chart of an exemplary method for implementing context based fuzzying techniques incorporating aspects of the disclosed embodiments.
DETAILED DESCRIPTION OF THE DISCLOSED EMBODIMENTS
[0029] Referring to Figure 1 there can be seen a block diagram illustrating a networked computing system 100 configured to employ context based traffic fuzzying to protect against side channel attacks incorporating aspects of the disclosed embodiments. The system 100 includes a computing apparatus 102 communicatively coupled to one or more sensing devices 114, referred to herein as IoT devices, where the computing apparatus 102 is configured to provide improved security by orchestrating generation of message traffic 136 sent by IoT devices 114 in a way that prevents an attacker with access to the generated message traffic 136 from obtaining useful information through side channel attacks.
[0030] Referring to Figure 1, in one embodiment, an apparatus 102 comprises a processor 150 coupled to a memory 152, wherein the processor 150 is configured to receive at least one context attribute, wherein the at least one context attribute comprises one or more of a system and environment attributes 122, a user input 124, a device information 108, and a sensed information 130. A security context 132 is selected based on the received at least one context attribute. A protective action is determined based on the selected security context 132. One or more traffic controls 134 are determined based on the determined protective action and the at least one context attribute. One or more traffic controls 134 are sent to the one or more IoT devices 114, wherein the one or more traffic controls 134 are configured to cause the one or more IoT devices 114 to perform the protective action. [0031] Many modem computing apparatus, such as the computing apparatus 102, interoperate with various devices, such as the one or more devices 114, using wide area networks such as the internet. This collection of devices, which includes the one or more IoT devices 114, together with the network to which they are connected and the various computing apparatus also connected to the network are often referred to as the Internet of Things (IoT). The term IoT device as used herein refers to any of the various networked devices that may be incorporated into the Internet of Things. IoT devices may be configured to provide a wide range of information and perform many various purposes. For example the IoT devices 114 may include video cameras, audio and communication equipment, motion detectors, window and door sensors, medical monitoring devices, light switches or other electric switching devices, cloud based software services, household appliances, as well as online data and software services, etc.
[0032] The computing apparatus 102 may be any appropriate type of computing apparatus configured to process and store data and communicate with other digital devices via a computer based network such as the internet. The computing apparatus 102 includes a processor 150 communicatively coupled to a computer memory, or memory 152, and the processor 150 is configured to read and execute non-transitory program instructions stored in the memory 152.
[0033] The processor 150 may be a single processing device or may comprise a plurality of processing devices including special purpose devices, such as for example, digital signal processing (DSP) devices, microprocessors, specialized processing devices, parallel processing cores, or general purpose computer processors. In certain embodiments the computing apparatus may incorporate cloud based computing apparatus. In one embodiment the processor 150 may include a central processing unit (CPU) working in tandem with a graphics processing unit (GPU) which may include a DSP or other specialized graphics processing hardware. The processor 150 is configured to read non-transitory program instructions from the memory 152 and perform embodiments of the methods and processes disclosed herein.
[0034] The memory 152 may be any appropriate type of computer memory capable of storing and retrieving computer program instructions and/or data. The memory 152 may be a combination of various types of volatile and non-volatile computer memory such as for example read only memory (ROM), random access memory (RAM), magnetic or optical disk, or other types of computer operable memory capable of storing and retrieving computer program instructions and other types of data.
[0035] The computing apparatus 102 is configured to receive various inputs, data, or information, having meaning with regard to security or other system 100 goals. These various inputs are referred to herein collectively as context attributes. The context attributes may include any information helpful in determining a context or security context for the system 100 including environmental conditions, activity patterns related to a privacy or security subjects, user inputs and preferences 124, sensed parameters 136 such as those obtained from IoT devices 114, and activity patterns. The context attributes may also include inputs from external systems 122 such as a user’s personal devices, cloud services, Internet knowledge base, public alert systems, etc. In certain embodiments it may also be beneficial to include in the context attributes information 108 about the one or more IoT devices 114, such as network capabilities, power requirements, and available resources, of each IoT device 114, as well as meta-data such as the type of each IoT device 114. [0036] The exemplary computing apparatus 102 will select a security context 132 based on the received context attributes. A security context 132 represents a set of context attributes, environmental conditions, activity patterns, and user inputs that relate to a security or system goal. The activity patterns may for example be related to the activity of a security or privacy subject of interest, such as a person or pet within a home, etc.
[0037] Some exemplary security contexts 132 may include a protecting privacy context where the goal is to protect the privacy of occupants such as a homeowner, a guest, or a security guard. In the protecting privacy context it may be desirable to hide information about the location and/or movements of occupants such as when a special or important guest is visiting. A protecting privacy context or a protecting private scenes context could be defined as one or more conditions such as when there are more than zero people at home and the time is during bedtime hours such as between 10pm and 7am, or when the doors are locked and the curtains are closed.
[0038] An appropriate protective action which may be applied during the protecting privacy context could be configured such that when movement is detected in a particular room by one IoT device 138, other IoT devices 114 located in different rooms of the home could be directed to replay the original notification with some randomization. This would confuse an attacker by hiding the occupant’s location amidst the additional noise transmissions.
[0039] An exemplary security context 132 may include an invisible master context.
An invisible master context may be applied to indicate that a guard on patrol within a monitored area would like to remain invisible while on patrol. The invisible master context may be selected for example when a guard is on duty and the time is within a specified patrolling period such as when the time is between the hours of 10pm and 7am or on holidays. A possible protective action that may be applied while the invisible master context is in affect may be that when an IoT device 138 recognizes the on-duty guard, other IoT devices 114 such as motion detectors and other sensors co-located in the same area as the on-duty guard will be directed to suppress message transmissions. These suppressed IoT devices 114 will be switched back to active mode once the on-duty guard moves to a different location. [0040] Advantageously, a security context could be : a no risks context to be applied during public events where there is no need to protect anything because all information is publicly available for a period of time; a protecting privacy context where is it desirable to scramble or hide the movements or interactions between people; a hiding selected activities context where it is desirable to suppress reports about selected people, roles, etc., and to hide their movements; and an intrusion mitigation context where it is desirable to scramble all message traffic or suppress all reporting when anomalies are detected.
[0041] In one embodiment, selection of the security context 132 is performed by a context manager 104 incorporated in the computing apparatus 102. The context manager 104 may be configured to determine or select a suitable security context 132 based on the received context attributes. Selection of the security context 132 may be performed in any appropriate fashion such as through a set of if-then-else rules processed by an inference engine, classification techniques, machine learning algorithms, or deep neural networks, etc. Once the security context 132 has been selected the computing apparatus 102 may then use the selected security context 132 to determine consequent actions. [0042] Identifying or determining an appropriate protective action and determining appropriate traffic controls is accomplished in the exemplary computing apparatus 102 within a traffic orchestrator 106, which may also be referred to as a security orchestrator depending on desired goals of the system 100. In certain embodiments it may be beneficial to adjust the protective action based on IoT device 114 capabilities, network capabilities, available resources and the way they are consumed by the protective action. Traffic controls 134 are generated by the traffic orchestrator 106 and sent to one or more IoT devices 114. The term traffic controls 134 as used herein refers to one or more traffic generation commands or directives that are adapted to cause the one or more IoT devices 114 to generate message traffic consistent with the system 100 goals as indicated by the selected security context 132. Message traffic refers collectively to a group of computer messages or data signals sent between computing apparatus or IoT devices connected by a computer network or network.
[0043] A best or optimal protective action may be chosen for activation within each IoT device 114. A best or optimal protective action may be one that meets certain security goals while minimizing use of system 100 resources. For example, during a power outage the traffic orchestrator 106 may prefer to generate message traffic or noise from an IoT device 114 that has its own battery power over one that requires grid power. Conversely, when grid power is restored, the traffic orchestrator may prefer to use IoT devices 114 that are connected directly to grid power so as to conserve the battery life of standalone or autonomous devices.
[0044] A variety of protective actions may be beneficially employed within the system 100. A useful protective action is fully suppressing message traffic generation, where one or more of the IoT devices 114 is directed to suppress transmission of any messages. Suppression of messages prevents a triggered IoT device 140 from sending any messages. This may be accomplished either by discarding the messages or by holding the messages for transmission at a later time. Suppression is useful when it is important to hide messages from an attacker.
[0045] The protective action may include replaying a recorded message traffic.
Replaying recorded message traffic is a way to imitate actual messages and also provides an opportunity to send misinformation to an attacker. These recorded can be replayed at a later time as a way to confuse an attacker.
[0046] In one embodiment the protective action may include playing a pre determined message traffic. In certain embodiments pre-determined message traffic may be designed to mimic actual or real traffic paterns and include occasional deviations. Use of pre determined message traffic provides a means of injecting carefully crafted traffic patterns designed to confuse or mislead an attacker.
[0047] A protective action may include generating fuzzy noise message patterns.
Fuzzy noise message patterns entail dynamically adjusting noise patterns to optimally serve a given situation or context where the dynamic adjustment may include randomness. Dynamic adjustment adapts the message patterns to achieve desired system goals while also optimizing use of system resources.
[0048] Coordination of consequent actions within the system 100, such as noise injection or traffic suppression is provided by the traffic orchestrator 106. The traffic orchestrator is configured to coordinate traffic generated by one or more IoT devices 114 in response to triggers provided by the context manager 104. In one embodiment the traffic orchestrator 106 may also consider additional information such as sensor information 136, device data 108, or any other appropriate information when coordinating consequent actions within the system 100.
[0049] Among other tasks, the traffic orchestrator 106 is responsible for selecting which IoT devices 114 will be used for noise generation. This selection is based on and in accordance with capabilities of each IoT device 114. For example in a case where two or more IoT devices 114 can generate similar noise, the traffic orchestrator 106 may select an IoT device 114 that is directly connected to grid power and avoid an IoT device 114 that has a limited amount of battery power available. In this sense, the term similar noise refers to noise that achieves the same system 100 goals.
[0050] Determining traffic controls 134 within a computing apparatus, such as the computing apparatus 102, provides an opportunity to coordinate generation and transmission of message traffic from multiple IoT devices 114. Coordination can be advantageously applied to effectively confuse and attacker while optimizing use of system 100 resources. For example, traffic controls 134 can be configured to transmit noise from similar IoT Devices, such as motion detectors located in different rooms, at random offsets thereby hiding any real messages among the randomly spaces noise messages. Coordinating noise transmissions from multiple IoT devices can effectively confuse an attacker while using significantly less resources than conventional techniques. The above described protective actions can be advantageously implemented by a traffic orchestrator 106 by configuring the traffic controls to coordinate 134 message traffic transmitted by multiple IoT devices 114.
[0051] In the system 100, at least one of the IoT devices 114 includes a traffic generator 118. The traffic generator 118 is a system component configured to receive traffic controls 134 and adapt message traffic 136 sent by the IoT device 114 in accordance with the received traffic controls 134. Traffic controls 134 or directives processed by the traffic generator 118 include instructions or directives defining noise traffic parameters such as network packets to replay, scripts to replay, instructions to generate random packet sizes, transmission frequency of transmitted message traffic, session length, maximum data volumes, stop conditions, or any other desired traffic related parameters.
[0052] In certain embodiments it is beneficial to process sensed information 136 received from the IoT devices 114 to produce context specific sensorial inputs 130. These context specific sensorial inputs 130 may be adapted to the needs of the currently selected security context 132 or they may be more broadly adapted to suite all security contexts based on the needs to the traffic manager 104. A communication system 110 may be included in the computing apparatus 102 to receive the sensed inputs 136 from the IoT devices 114 and produce context related sensorial inputs 130.
[0053] Figure 2 illustrates graphs 200, 210 depicting exemplary message traffic as may be transmitted by IoT devices. The graphs 200, 210 represent time along a horizontal axis 204 increasing to the right and represent message traffic along a vertical axis 202. Transmitted messages are depicted as rectangles 206, 208, projecting upwards from a baseline 212 where each rectangle represents a transmitted message.
[0054] Graph 200 illustrates the transmission of a single message 206 which may be sent by an IoT device in response to a trigger. For example a motion detector may send a message 206 after having been triggered by a person entering a room, or a door sensor may send a message 206 when a door is opened. The message 206 may include data describing the particular event and providing detailed information about the event. The privacy of data contained in each message 206 is typically protected by cryptography or other appropriate means thereby preventing an attacker form accessing any of the data contained within the message 206. A savvy attacker however can still obtain useful information even without accessing the data contained within messages 206. For example, the presence of message 206 along with meta-data available can provide an attacker with valuable information. The message 206 can reveal to an attacker that there is someone at home, or possibly allow the persons movements to be tracked throughout the home simply by monitoring which IoT devices are sending messages. These types of attacks are referred to herein as a side channel attacks. [0055] Graph 210 illustrates a conventional approach used to protect against side- channel attacks. Graph 210 illustrates the message traffic transmitted by an IoT device configured to transmit emulated signals 208, referred to herein as noise 208, at regular intervals. The noise 208 is configured to look, from the perspective of a side channel attack, the same as an actual message 206, and can only be differentiated after accessing the data contents, which as discussed above is unavailable to an attacker. Thus an attacker will be unable to distinguish the real message 206 from added noise 208.
[0056] Regular or periodic noise injection as illustrate in graph 210 can consume significant system resources. IoT devices relying on battery power may drain down more quickly and added noise 208 consumes network bandwidth thereby limiting side channel protections and increasing operating costs.
[0057] Figure 3 illustrates graphs SI a, S2a, S3a showing how side channel protection may be applied in a system having multiple IoT devices. Graphs SI a, S2a, S3a use the same nomenclature as used in graphs 200 and 210 to illustrate message traffic transmitted by IoT devices. The graphs SI a, S2a, S3a illustrate how the side channel protection approach described above and illustrated in graph 210 may be applied in a system having three IoT devices. When an IoT device is triggered, a message 306 is transmitted that provides information about the triggering event. As described above, message 306 is hidden by the regular noise messages 308 being transmitted by the active IoT device. To further confuse an attacker, noise messages 310 and 312 may be transmitted by other IoT devices. No coordination between the IoT devices is necessary to implement this approach to side channel protection. The noise messages 308, 310, 312 serve to confuse an attacker, but increase energy and network usage, as well as other system resources. [0058] Figure 4 illustrates graphs Sib, S2b, S3b showing a novel approach for protecting against side channel attacks incorporating aspects of the disclosed embodiments. The graphs Sib, S2b, S3b use the same nomenclature as used in Figure 3 and each graph Sib, S2b, S3b represent messages transmitted by one of three IoT devices (not shown) respectively. This approach, referred to herein as context based traffic fuzzying, generates noise that can provide similar side channel protection as the regular noise generation schemes described above and with respect to Figures 2 and 3, but is significantly more efficient from a power, performance, and system resource usage perspective. With context based traffic fuzzying, noise generation schemes and noise patterns are determined dynamically based on high level factors such as logical states of the system and IoT devices, as well as the applications and users associated with a current state the system. These high level factors are represented by system states referred to herein as context.
[0059] With context based traffic fuzzying, noise transmission is generated by multiple coordinated IoT devices. In contrast, conventional approaches generate from IoT devices individually without coordination. Context based traffic fuzzying incorporates multiple system elements and components including peer IoT devices to generate noise messages crafted to confuse an attacker. Newly introduced processes, such as the context manager 104 and traffic orchestrator 106 described above and with reference to Figure 1 , will assist in generation of artificial messages or noise transmission that will effectively confuse an attacker while minimizing overall use of power, bandwidth, and other system resources. [0060] An exemplary reduced message traffic pattern produced by applying context based traffic fuzzying to a system with three IoT devices is shown in graphs Sib, S2b, S3b. Those skilled in the art will readily recognize that the embodiments disclosed herein may be advantageously employed in systems having more or less than three IoT devices without straying from spirit and scope of the present disclosure. When an IoT devices is triggered and sends a message 314, a traffic orchestrator creates a pattern having only a few randomly spaced noise transmissions 316, 318, 320 on peer IoT devices as well as the triggered IoT device. These noise transmissions 316, 318, 320 are configured to confuse an attacker while minimizing the amount of system resources consumed. Comparing the side channel protection scheme illustrated in Figure 3 to the context based traffic fuzzying approach illustrated in Figure 4 shows that the context based traffic fuzzying technique provides comparable protection with significantly fewer messages and a corresponding reduction of the system resources consumed.
[0061] Figure 5 illustrates a flow chart of an exemplary method 500 for performing context based message traffic fuzzying incorporating aspects of the disclosed embodiments. The exemplary method 500 is appropriate for use in a computing apparatus, such as the computing apparatus 102 described above, to protect systems, such as the exemplary system 100, from side channel attacks through use of the context based traffic fuzzying techniques disclosed herein.
[0062] The exemplary method 500 begins by receiving inputs 502. The received inputs may include any of the context attributes described above such as for example a system and environment attributes, a user inputs, a device information, and a sensed information. The context attributes and system state can be used to determine 504 whether a side channel attack is a possibility and whether protective action may be useful.
[0063] A security context is selected 506 based on the context attributes. The security context provides a representation of the state of the system and is beneficial for adapting consequent actions optimally manage system resources. When the selected security context is different than a currently active security context, it may be advantageous in certain embodiments to update 510 the security context based on the selected security context. [0064] The security context and received inputs may be advantageously employed to determine 512 whether a protective action should be implemented. When no protective action is desired, the method 500 waits for additional inputs. Embodiments of the method 500 may optionally apply any of the protective actions described above including a fully suppressing generation of message traffic, a generating fuzzy noise message traffic, a replaying a recorded message traffic, and a replaying a pre-determined message traffic.
[0065] Traffic controls are determined 516 to implement the desired protective action. Traffic controls include a group of one or more traffic generation directives that when sent to IoT devices cause the IoT devices to generate or suppress message traffic or noise that is adapted to support the desired protective action. To effectively and efficiently execute the traffic controls, IoT devices are selected 518 based on the security context, context attributes, and device information. Device information such as device type, message or noise generation capabilities, power resources, device location etc. may be used in certain embodiments to select one or more IoT devices capable of effectively implementing the desired protective action while minimizing use of system resources. The traffic controls are then sent 520 to the selected IoT devices.
[0066] Thus, while there have been shown, described and pointed out, fundamental novel features of the invention as applied to the exemplary embodiments thereof, it will be understood that various omissions, substitutions and changes in the form and details of apparatus and methods illustrated, and in their operation, may be made by those skilled in the art without departing from the spirit and scope of the presently disclosed invention. Further, it is expressly intended that all combinations of those elements, which perform substantially the same function in substantially the same way to achieve the same results, are within the scope of the invention. Moreover, it should be recognized that structures and/or elements shown and/or described in connection with any disclosed form or embodiment of the invention may be incorporated in any other disclosed, described, or suggested form or embodiment as a general matter of design choice. It is the intention, therefore, to be limited only as indicated by the scope of the claims appended hereto.

Claims

CLAIMS What is claimed is:
1. An apparatus (102) comprising a processor (150) coupled to a memory (152), wherein the processor (150) is configured to: receive at least one context attribute, wherein the at least one context attribute comprises one or more of a system and environment attributes (122), a user input (124), a device information (108), and a sensed information (130); select a security context (132) based on the received at least one context attribute; determine a protective action based on the selected security context (132); determine one or more traffic controls (134) based on the determined protective action and the at least one context attribute; and, send the one or more traffic controls (134) to the one or more IoT devices (114), wherein the one or more traffic controls (134) are configured to cause the one or more IoT devices (114) to perform the protective action.
2. The apparatus (102) according to claim 1 wherein the security context comprises one of a protecting privacy context, a hiding selected activities context, an intrusion mitigation context, and a no risk context.
3. The apparatus (102) according to any one of the preceding claims wherein the processor (150) is configured to select the protecting privacy context when one or more persons are within a protected area and a time is within a predetermined time range.
4. The apparatus (102) according to any one of the preceding claims wherein the processor (150) is configured to select the hiding selected activities context when a guard is on-duty and the time is within a predetermined patrol period.
5. The apparatus (102) according to any one of the preceding claims wherein the protective action comprises one or more of a fully suppressing generation of message traffic, a generating fuzzy noise message traffic, a replaying a recorded message traffic, and a replaying a pre-determined message traffic.
6. The apparatus (102) according to any one of the preceding claims wherein the one or more traffic controls (134) are configured to cause a first IoT device (138) to generate a first noise traffic pattern and to cause a second IoT device ( 140) to generate a second noise traffic pattern, wherein the first and second noise traffic patterns are offset in time.
7. The apparatus (102) according to any one of the preceding claims wherein when the selected security context is the hiding activities context, the one or more traffic controls (134) are configured to cause one or more of the one or more IoT devices (114) to suppress message traffic.
8. The apparatus (102) according to any one the previous claims wherein the one or more traffic controls (134) are configured to produce randomly spaced noise signals from two or more IoT devices (138,140).
9. The apparatus (102) according to any one of a the preceding claims wherein the device information (108) comprises power information, and the processor (150) is configured to configure the one or more traffic controls (134) based on the power information, wherein the power information comprises information about a power capabilities of at least one IoT device in the one or more IoT devices (114).
10. The apparatus (102) according to any one of the preceding claims wherein the processor (150) is configured to determine the one or more traffic controls (134) based on a network bandwidth.
11. The apparatus (102) according to any one of the preceding claims wherein the processor (150) is configured to determine the one or more traffic controls (134) based on a maximum report rate, wherein the maximum report rate is determined dynamically based on a determined minimum amount of noise traffic and a maximum transmission rate of the one or more IoT devices (114).
12. The apparatus (102) according to any one of the preceding claims wherein the one or more traffic controls (134) comprise one or more of a packet to replay, a script to replay, random packet sizes, a transmission frequency, a session length, a maximum data volume, and a stop condition.
13. A method (500) comprising: receiving (502) at least one context attribute, wherein the received at least one context attribute comprises one or more of a system and environment attribute, a user input, a device information, and a sensed information; selecting (506) a security context based on the received at least one context attribute; determining (512) a protective action based on the selected security context; determining (516) one or more traffic controls based on the determined protective action and the at least one context attribute; and, sending (520) the traffic controls to one or more IoT devices, wherein the one or more traffic controls are configured to cause the one or more IoT devices to perform the protective action.
14. The method (500) according to claim 13 wherein the security context comprises one of a protecting privacy context, a hiding selected activities context, an intrusion mitigation context, and a no risk context
15. A computer program product comprising non-transitory computer program instructions that when executed by a processor (150) are configured to cause the processor (150) to perform the method (500) according to any one of claims 13 or 14.
PCT/EP2019/078161 2019-10-17 2019-10-17 Apparatus and method for context based message traffic fuzzying WO2021073737A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201980101182.2A CN114556995A (en) 2019-10-17 2019-10-17 Apparatus and method for context-based message traffic obfuscation
PCT/EP2019/078161 WO2021073737A1 (en) 2019-10-17 2019-10-17 Apparatus and method for context based message traffic fuzzying

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2019/078161 WO2021073737A1 (en) 2019-10-17 2019-10-17 Apparatus and method for context based message traffic fuzzying

Publications (1)

Publication Number Publication Date
WO2021073737A1 true WO2021073737A1 (en) 2021-04-22

Family

ID=68289992

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2019/078161 WO2021073737A1 (en) 2019-10-17 2019-10-17 Apparatus and method for context based message traffic fuzzying

Country Status (2)

Country Link
CN (1) CN114556995A (en)
WO (1) WO2021073737A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080119130A1 (en) * 2006-11-22 2008-05-22 Airdefense, Inc. Systems and methods for proactively enforcing a wireless free zone
US20190159222A1 (en) * 2017-11-23 2019-05-23 Korea University Research And Business Foundation Method for allocating transfer times in a wireless powered communication network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080119130A1 (en) * 2006-11-22 2008-05-22 Airdefense, Inc. Systems and methods for proactively enforcing a wireless free zone
US20190159222A1 (en) * 2017-11-23 2019-05-23 Korea University Research And Business Foundation Method for allocating transfer times in a wireless powered communication network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WENYUAN XU ET AL: "Jamming Sensor Networks: Attack and Defense Strategies", IEEE NETWORK, IEEE SERVICE CENTER, NEW YORK, NY, US, vol. 20, no. 3, May 2006 (2006-05-01), pages 41 - 47, XP001546793, ISSN: 0890-8044, DOI: 10.1109/MNET.2006.1637931 *

Also Published As

Publication number Publication date
CN114556995A (en) 2022-05-27

Similar Documents

Publication Publication Date Title
EP3428827B1 (en) Cyber security system with adaptive machine learning features
Stakhanova et al. A taxonomy of intrusion response systems
Radoglou-Grammatikis et al. Spear siem: A security information and event management system for the smart grid
Kabiri et al. Research on intrusion detection and response: A survey.
JP2005523539A (en) Malicious code detection and countermeasures in enterprise networks
US11843634B2 (en) High-fidelity model-driven deception platform for cyber-physical systems
Neisse et al. Dynamic context-aware scalable and trust-based IoT security, privacy framework
Sang-Hyun et al. Smart home security system using multiple ANFIS
Evesti et al. Ontology-based security adaptation at run-time
Pandey et al. Towards automated threat-based risk assessment for cyber security in smarthomes
Rieger et al. {ARGUS}:{Context-Based} Detection of Stealthy {IoT} Infiltration Attacks
Kesswani et al. SmartGuard: an IoT-based intrusion detection system for smart homes
Pérez et al. Trustworthy placements: Improving quality and resilience in collaborative attack detection
WO2021073737A1 (en) Apparatus and method for context based message traffic fuzzying
EP3018878B1 (en) Firewall based prevention of the malicious information flows in smart home
Nigussie et al. Energy-aware adaptive security management for wireless sensor networks
Zhang et al. M-AID: An adaptive middleware built upon anomaly detectors for intrusion detection and rational response
US11503049B2 (en) Method and apparatus for compromised IoT device detection
Al Ameedee Exploiting User Privacy from IoT Devices Using Deep Learning And Its Mitigation
Armstrong et al. Autonomic defense: Thwarting automated attacks via real‐time feedback control
US11979616B1 (en) Managing remote access to image capture devices
Fasui et al. Fault tolerant surveillance system based on a network of mobile devices
Pan A context aware anomaly behavior analysis methodology for building automation systems
Yu Securing internet-of-things via fine-grained network detection and prevention
Zhang et al. Measuring intrusion impacts for rational response: A state-based approach

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19789964

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19789964

Country of ref document: EP

Kind code of ref document: A1