Technical Report Results

Technical Report TR697:
Thwarting Wi-Fi Side-Channel Analysis through Traffic Demultiplexing

Fan Zhang, Wenbo He, Yangyi Chen, Zhou Li, XiaoFeng Wang, Shuo Chen, Xue Liu
(Aug 2011), 21 pages
Side-channel information leaks have been reported in various online applications, especially, in wireless local area networks (WLANs) due to the shared-medium nature of wireless links and the ease of eavesdropping. Even when Wi-Fi traffic is encrypted, its characteristics are identifiable, which can be used to infer sensitive user activities and data. Existing countermeasures do not offer effective and efficient protection: packet padding and traffic morphing often bring in substantial communication overheads; attempts to anonymize user identifiers are vulnerable to the analysis based upon traffic statistics, which allows the adversary to link traffic traces to individual users. In this paper, we present a new technique, called traffic demultiplexing, which offers effective protection against Wi-Fi traffic analysis without incurring noticeable overhead and performance degradation. Our approach utilizes Media Access Control (MAC) layer virtualization and packet scheduling over multiple virtual MAC interfaces to shape the traffic on each virtual MAC interface, so as to hide the original traffic characteristics. Different from the higher-layer defensive approaches designed for specific applications, traffic demultiplexing operates at the MAC layer and therefore provides a general defense for various applications. In addition, it is transparent to users and other protocol stacks. We implemented our technique over Multiband Atheros Driver for Wi-Fi (MadWifi) and evaluated it in real WLAN environments. Our experimental study demonstrates that traffic demultiplexing is effective and efficient in defending against traffic analysis attacks and also easy to deploy

Available as:
  • PDF (1714 KBytes)