Paper 2017/316

Exploring Potential 6LoWPAN Traffic Side Channels

Yan Yan, Elisabeth Oswald, and Theo Tryfonas


The Internet of Things (IoT) has become a reality: small connected devices feature in everyday objects including childrens' toys, TVs, fridges, heating control units, etc. Supply chains feature sensors throughout, and significant investments go into researching next-generation healthcare, where sensors monitor wellbeing. A future in which sensors and other (small) devices interact to create sophisticated applications seems just around the corner. All of these applications have a fundamental need for security and privacy and thus cryptography is deployed as part of an attempt to secure them. In this paper we explore a particular type of flaw, namely side channel information, on the protocol level that can exist despite the use of cryptography. Our research investigates the potential for utilising packet length and timing information (both are easily obtained) to extract interesting information from a system. We find that using these side channels we can distinguish between devices, different programs running on the same device including which sensor is accessed. We also find it is possible to distinguish between different types of ICMP messages despite the use of encryption. Based on our findings, we provide a set of recommendations to efficiently mitigate these side channels in the IoT context.

Available format(s)
Publication info
Published elsewhere. RED-IoT 2018
6LoWPANSide ChannelsTraffic Analysis
Contact author(s)
yanyansmajesty @ gmail com
2018-06-13: last of 3 revisions
2017-04-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Yan Yan and Elisabeth Oswald and Theo Tryfonas},
      title = {Exploring Potential {6LoWPAN} Traffic Side Channels},
      howpublished = {Cryptology ePrint Archive, Paper 2017/316},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.