CN-114556995-B - Apparatus and method for context-based message traffic obfuscation

Abstract

An apparatus includes a processor coupled to a memory, wherein the processor is to receive at least one context attribute including one or more of system and environment attributes, user input, device information, and sensed information, select a security context based on the received at least one context attribute, determine a protection action based on the selected security context, determine one or more streams control based on the determined protection action and the at least one context attribute, and send the one or more streams control to one or more IoT devices, wherein the one or more streams control is to cause the one or more IoT devices to perform the protection action.

Inventors

• Oleg Bogonik

Assignees

• 华为技术有限公司
• 华为技术有限公司

Dates

Publication Date

20260421

Application Date

20191017

Priority Date

20191017

Claims (12)

1. 1. An apparatus (102), the apparatus (102) comprising a processor (150) coupled to a memory (152), the processor (150) configured to: Receiving at least one context attribute, wherein the at least one context attribute comprises one or more of system and environment attributes (122), user input (124), device information (108), and sensed information (130); selecting a security context (132) according to the received at least one context attribute, wherein the selected security context (132) comprises one of a privacy preserving context, a hiding selected activity context, an intrusion mitigation context and a risk free context; Determining a protection action according to the selected security context; determining one or more flow control (134) based on the determined protection actions and the at least one context attribute; transmitting the one or more streams (134) to one or more IoT devices (114), Wherein the one or more flow control (134) is to cause the one or more IoT devices (114) to perform the protection action; Wherein the one or more streams control (134) are to generate randomly spaced noise signals from two or more IoT devices (138, 140).
2. 2. The apparatus (102) of claim 1, wherein the processor (150) is configured to select the protection privacy context when one or more persons are within a protected area and the time is within a predefined time range.
3. 3. The apparatus (102) of claim 1, wherein the processor (150) is configured to select the hidden selected activity context when a security personnel is on duty and time is within a predefined patrol period.
4. 4. The apparatus (102) of claim 1, wherein the protection actions include one or more of suppressing generation of message traffic entirely, generating obfuscated noise message traffic, replaying recorded message traffic, and replaying predefined message traffic.
5. 5. The apparatus (102) of any of claims 1-4, wherein the one or more streams (134) are to cause a first IoT device (138) to generate a first noise traffic pattern and a second IoT device (140) to generate a second noise traffic pattern, wherein the first noise traffic pattern and the second noise traffic pattern are offset in time.
6. 6. The apparatus (102) of any of claims 1-4, wherein the one or more streams control (134) to cause one or more of the one or more IoT devices (114) to throttle message traffic when the selected security context is the hidden selected activity context.
7. 7. The apparatus (102) of any of claims 1-4, wherein the device information (108) comprises power information, and the processor (150) is to configure the one or more streams (134) according to the power information, wherein the power information comprises information regarding power capabilities of at least one of the one or more IoT devices (114).
8. 8. The apparatus (102) of any of claims 1-4, wherein the processor (150) is configured to determine the one or more flow control (134) based on network bandwidth.
9. 9. The apparatus (102) of any of claims 1-4, wherein the processor (150) is to determine the one or more streams (134) according to a maximum reporting rate, wherein the maximum reporting rate is dynamically determined according to a minimum amount of determined noise traffic and a maximum transmission rate of the one or more IoT devices (114).
10. 10. The apparatus (102) of any one of claims 1-4, wherein the one or more flow control (134) comprises one or more of a data packet to replay, a script to replay, a random data packet size, a transmission frequency, a session length, a maximum data amount, and a stop condition.
11. 11. A method (500) of context-based message traffic obfuscation, the method (500) comprising: Receiving (502) at least one context attribute, wherein the received at least one context attribute comprises one or more of system and environment attributes, user input, device information, and sensed information; Selecting (506) a security context according to the received at least one context attribute, wherein the selected security context comprises one of a privacy preserving context, a hiding selected activity context, an intrusion mitigation context and a risk free context; determining (512) a protection action based on the selected security context; Determining (516) one or more flow controls based on the determined protection actions and the at least one context attribute; transmitting (520) the one or more streams to one or more IoT devices, Wherein the one or more streams are to cause the one or more IoT devices to perform the protection action; Wherein the one or more streams control (134) are to generate randomly spaced noise signals from two or more IoT devices (138, 140).
12. 12. A computer program product, characterized in that the computer program product comprises non-transitory computer program instructions for causing a processor (150) to perform the method (500) according to claim 11 when executed by the processor (150).

Description

Apparatus and method for context-based message traffic obfuscation Technical Field Aspects of the disclosed embodiments relate generally to computer security systems and, more particularly, to protecting computer network communications. Background Modern network-based information systems, such as security systems and health or medical monitoring applications, rely on the internet of things (internet of things, ioT) to collect information necessary to perform their intended tasks. An increasing number of IoT devices, such as motion detectors, temperature sensors and monitors, communication devices, and the like, may collect a variety of different information. The increasing amount and type of data generated by IoT devices and transmitted over digital networks has led to the creation of many new attack paths, all of which require protection. Most conventional network-based systems employ encryption to protect the transmitted data. However, there is still a large amount of information that can be inferred from metadata associated with network message traffic. Such metadata may include the size, frequency, source, destination, and even presentation information of messages transmitted by these IoT devices. For example, when a motion detector is silent for a long time, and then a message is suddenly transmitted, an attacker may infer that the IoT device detected motion. When transmitting data to a terminal belonging to a certain motion detection and sensing device production company, information of users in the area can be inferred. These types of security attacks are referred to as side channel attacks. Conventional approaches include preventing the simple side channel attacks described above by programming IoT devices to transmit a continuous stream of messages, and so on. However, this approach wastes valuable resources such as device power, network bandwidth, and other system resources to transmit these noise messages. Accordingly, there is a need for an improved method and apparatus for preventing side channel attacks in a more resource efficient manner. Accordingly, it is desirable to provide methods and apparatus that at least partially address the above-described problems. Disclosure of Invention It is an object of the disclosed embodiments to provide an improved method and apparatus capable of providing effective side channel protection while minimizing resource usage. The subject matter of the independent claims is to achieve this object. Further advantageous modifications can be found in the dependent claims. According to a first aspect, the above and other objects and advantages are achieved by an apparatus comprising a processor coupled to a memory. The processor is configured to receive at least one context attribute, wherein the at least one context attribute includes one or more of system and environment attributes, user inputs, device information, and sensed information, select a security context based on the received at least one context attribute, determine a protection action based on the selected security context, and determine one or more flow control based on the determined protection action and the at least one context attribute. The processor sends the one or more streams to one or more IoT devices. The one or more streams are to cause the one or more IoT devices to perform the protection action. In a first possible implementation of the device, the security context comprises one of a protection privacy context, a hiding of selected activity context, an intrusion mitigation context, and a risk-free context. Using various security contexts, the system state may be classified as a security context that indicates different system goals. In a possible implementation of the apparatus, the processor is configured to select the protection privacy context when one or more persons are within a protected area and the time is within a predefined time range. The selection of the protection privacy context indicates a particular protection action that facilitates protecting the privacy of the region of interest of the system. In one possible implementation of the apparatus, the processor is configured to select the hidden selected activity context when a security personnel is on duty and the time is within a predefined patrol period. Hiding selected activities may be beneficial in many situations, such as hiding security personnel's movements. In a possible implementation of the apparatus, the protection action comprises one or more of suppressing generation of message traffic entirely, generating obfuscated noise message traffic, replaying recorded message traffic, and replaying predefined message traffic. Multiple protection actions are used so that the device can adjust system behavior for a variety of different goals and conditions. In one possible implementation of the apparatus, the one or more streams are to cause a first IoT device to generate a first noise traffic pattern and a second IoT dev