Traffic analysis attacks remain a significant problem for online security. Communication between nodes can be observed by network level attackers as it inherently takes place in the open. Despite online services increasingly using encrypted traffic, the shape of the traffic is not hidden. To prevent traffic analysis, the shape of a system's traffic must be independent of secrets. We investigate adapting the data-oblivious approach the reactive setting and present OblivIO, a secure language for writing reactive programs driven by network events. Our approach pads with dummy messages to hide which program sends are genuinely executed. We use an information-flow type system to provably enforce timing-sensitive noninterference. The type system is extended with potentials to bound the overhead in traffic introduced by our approach. We address challenges that arise from joining data-oblivious and reactive programming and demonstrate the feasibility of our resulting language by developing an interpreter that implements security critical operations as constant-time algorithms.
翻译:网络级别的攻击者可以观察到节点之间的通信,因为其内在的开放性。尽管在线服务越来越多地使用加密的交通,但交通的形状并不隐藏。为了防止交通分析,系统交通的形状必须独立于秘密。我们调查如何调整数据透明的方法,即反应性设置,并介绍ObliviIO,这是由网络事件驱动的写作反应程序的一种安全语言。我们使用的带有隐藏程序发送的虚假信息的方法板是真正执行的。我们使用信息流类型系统来执行对时间敏感的不干预。类型系统扩展了,有可能约束我们采用的方法带来的交通管理。我们应对加入数据渗透性和反应性编程所产生的挑战,并通过开发一个将安全关键操作作为固定时间算法的翻译来显示我们由此产生的语言的可行性。