Inferring Legacy IoT Device Behavior over a Layer 2 TLS Tunnel

2021 5th Cyber Security in Networking Conference (CSNet) Pub Date : 2021-10-12 DOI:10.1109/CSNet52717.2021.9614643

Rodrigo Caldas, Carlos Novo, Ricardo Morla, Luis Cruz, António Carvalho, David Campelo

{"title":"Inferring Legacy IoT Device Behavior over a Layer 2 TLS Tunnel","authors":"Rodrigo Caldas, Carlos Novo, Ricardo Morla, Luis Cruz, António Carvalho, David Campelo","doi":"10.1109/CSNet52717.2021.9614643","DOIUrl":null,"url":null,"abstract":"Securing existing legacy device traffic is a necessity when the assumptions used in device security design no longer hold. In this paper we propose a layer 2 tunnel over TLS for legacy device traffic, which is lightweight, generic, and extensible. We then look at one of the threats that the tunnel does not initially address – namely inference attacks on the encrypted tunnel traffic. Inferring device behavior can be an attack by itself as well as a first step for other attacks. Using a legacy commercial, multi-node, embedded system that is aimed at life safety, we show that it is possible to infer legacy device behavior even if the device traffic is encrypted, as is the case with the tunnel. This example shows that simply wrapping legacy traffic with a secure communication protocol does not prevent inference attacks. To illustrate how these attacks can be mitigated, we then introduce padding and dummy traffic on the TLS tunnel, which, as intended, lowers the ability of an eavesdropper to infer legacy device behavior. This is true even if the eavesdropper retrains its model with padding and dummy traffic.","PeriodicalId":360654,"journal":{"name":"2021 5th Cyber Security in Networking Conference (CSNet)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 5th Cyber Security in Networking Conference (CSNet)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSNet52717.2021.9614643","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Securing existing legacy device traffic is a necessity when the assumptions used in device security design no longer hold. In this paper we propose a layer 2 tunnel over TLS for legacy device traffic, which is lightweight, generic, and extensible. We then look at one of the threats that the tunnel does not initially address – namely inference attacks on the encrypted tunnel traffic. Inferring device behavior can be an attack by itself as well as a first step for other attacks. Using a legacy commercial, multi-node, embedded system that is aimed at life safety, we show that it is possible to infer legacy device behavior even if the device traffic is encrypted, as is the case with the tunnel. This example shows that simply wrapping legacy traffic with a secure communication protocol does not prevent inference attacks. To illustrate how these attacks can be mitigated, we then introduce padding and dummy traffic on the TLS tunnel, which, as intended, lowers the ability of an eavesdropper to infer legacy device behavior. This is true even if the eavesdropper retrains its model with padding and dummy traffic.

查看原文本刊更多论文

通过第2层TLS隧道推断遗留物联网设备行为

当设备安全设计中使用的假设不再成立时，保护现有的遗留设备流量是必要的。在本文中，我们提出了一个基于TLS的第二层隧道，用于传统设备流量，它是轻量级的，通用的和可扩展的。然后，我们看看隧道最初没有解决的威胁之一——即对加密隧道流量的推理攻击。推断设备行为本身就是一种攻击，也是其他攻击的第一步。使用传统的商业、多节点、嵌入式系统，以生命安全为目标，我们表明，即使设备流量被加密，也可以推断传统设备的行为，就像隧道的情况一样。这个例子表明，简单地用安全通信协议包装遗留流量并不能防止推理攻击。为了说明如何减轻这些攻击，我们随后在TLS隧道上引入填充和虚拟流量，这降低了窃听者推断遗留设备行为的能力。即使窃听者用填充和虚拟流量重新训练它的模型也是如此。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 5th Cyber Security in Networking Conference (CSNet)

自引率

0.00%

发文量