Paper 2017/316

Exploring Potential 6LoWPAN Traffic Side Channels

Yan Yan, Elisabeth Oswald, and Theo Tryfonas

Abstract

The Internet of Things (IoT) has become a reality: small connected devices feature in everyday objects including childrens' toys, TVs, fridges, heating control units, etc. Supply chains feature sensors throughout, and significant investments go into researching next-generation healthcare, where sensors monitor wellbeing. A future in which sensors and other (small) devices interact to create sophisticated applications seems just around the corner. All of these applications have a fundamental need for security and privacy and thus cryptography is deployed as part of an attempt to secure them. In this paper we explore a particular type of flaw, namely side channel information, on the protocol level that can exist despite the use of cryptography. Our research investigates the potential for utilising packet length and timing information (both are easily obtained) to extract interesting information from a system. We find that using these side channels we can distinguish between devices, different programs running on the same device including which sensor is accessed. We also find it is possible to distinguish between different types of ICMP messages despite the use of encryption. Based on our findings, we provide a set of recommendations to efficiently mitigate these side channels in the IoT context.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. RED-IoT 2018
Keywords
6LoWPANSide ChannelsTraffic Analysis
Contact author(s)
yanyansmajesty @ gmail com
History
2018-06-13: last of 3 revisions
2017-04-14: received
See all versions
Short URL
https://ia.cr/2017/316
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/316,
      author = {Yan Yan and Elisabeth Oswald and Theo Tryfonas},
      title = {Exploring Potential 6LoWPAN Traffic Side Channels},
      howpublished = {Cryptology ePrint Archive, Paper 2017/316},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/316}},
      url = {https://eprint.iacr.org/2017/316}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.