DOCSLIB.ORG

Covert Association of Applications on Edge Devices by Processor Workload

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Covert Association of Applications on Edge Devices by Processor Workload 1 Covert Association of Applications on Edge Devices by Processor Workload HangtaiLi YingboLiu RuiTan School of Computer Science and Engineering, Nanyang Technological University, Singapore {N1801735A, liuyb, tanrui}@ntu.edu.sg Abstract—The scheme of application (app) distribution systems involving incentivized third-party app vendors is a desirable option for the emerging edge computing systems. However, such a scheme also brings various security challenges as faced by the current mobile app distribution systems. In this paper, we study a threat named covert device association, in which the vendors of two apps collude to figure out which of their app installations run on the same edge device. If the two colluding apps are popular, the threat can be used to launch various types of further attacks at scale. For example, the user of the compromised edge device, who wishes to remain anonymous to one of the two apps, will be de-anonymized if the user is not anonymous to the other app. Moreover, the coalition of the two apps will have an escalated privilege set that is the union of their individual privilege sets. In this paper, we implement the threat by a reliable and ubiquitous covert channel based on the edge device’s processor workload. The implementations on three edge devices (two smartphones and an embedded compute board) running Android and Android Things do not require any privileged permissions. Our implementations cover three attack scenarios of 1) two apps running on the same Android phone, 2) Fig. 1: Covert device association among colluding apps on an app and a web session in the Tor browser running on the same mobile or edge OSes (e.g., Android and Android Things). Android phone, and 3) two apps running on the same Android Things device. Experiments show that the covert channel gives at least 0.25 bps data rate and the covert device association takes at most 3.2 minutes. being adopted by emerging OSes that target a broader scope of edge devices, such as Ubuntu IoT, Windows IoT, and Android Things. Different from end devices that mostly run I. INTRODUCTION device manufacturers’ firmwares only, edge devices face a The Internet has been fast expanding its edge to interconnect unique challenge of security risks brought by the admission a wide spectrum of smart devices (e.g., embedded sensors, of third-party apps. Although the mobile OS security has smartphones, wearables, and home appliances) and form the received extensive research attention [3]–[5] and the security arXiv:2001.01204v2 [cs.CR] 10 Jan 2020 Internet of Things (IoT). It is estimated that, by 2019, there of prevalent mobile OSes has been continually hardened, the are about 26.66 billion IoT devices [1]. This quantity is attack-defense race will continue and the emerging edge OSes predicted to be doubled by 2022 [2]. The IoT devices can may not be incorporated with the latest security enhancements be roughly categorized into two classes of end devices and that have been adopted by the mobile OSes. edge devices. An end device is often a smart version of a The mobile and edge OSes mostly allow the user to traditional special-purpose physical object. As the end devices run multiple apps concurrently. The communications among do not provide generic computing services, their computing different apps should be performed over the overt channels. units are often customized by the manufacturers. Various smart For instance, in Android, the inter-app interactions should be home appliances are representative examples, such as smart implemented using Android APIs such that the Android OS lights, toothbrushes, body scales, etc. Differently, edge devices can monitor such communications [6] and keep the user’s often provide some form of generic computing services and awareness if needed. The covert communications among apps can serve as the intermediaries between the end devices and that the OS is unaware of will present a serious threat on the cloud backend. Examples include smartphones (as mobile the user’s security and privacy [7]. In this paper, we study edges), set-top boxes, and home gateways. a minimal form of inter-app covert communication called The current prevalent mobile operating systems (OSes), e.g., covert device association, which is illustrated by Fig. 1. Android and iOS, have fostered thriving application (app) Specifically, the vendors of two apps collude stealthily. Any distribution systems involving large communities of third- two installations of their apps, referred to as x and y, can party app vendors and users. Such an app-centric model is determine whether they run on the same device. If yes, they are 2 associated and can exchange massive data over the wideband information relevant to the processor’s utilized cycles and the Internet channel consisting of x’s and y’s connections to their dynamic voltage and frequency scaling (DVFS). The accesses cloud backends as well as the communication channel between to these files do not require privileged permissions. We also the two colluding vendors. present the results of evaluating the implementations including The covert device association capability is a stepping stone the impact of interfering computing tasks on the covert channel for a number of further attacks that can be launched by the and smartphone’s heat generation caused by the modulation of associated x and y, including but not limited to the following: bits using processor workload. Results show that, the processor De-anonymization: If the user provides a meaningful identity workload-based covert channel gives at least 0.25 bps data rate with zero empirical bit error rate and maintains the smartphone (e.g., e-mail address or phone number) to x, the y, to which the user wishes to keep anonymous, can obtain the user’s identity temperature below human body temperature. With the 0.25 bps data rate, the covert device association can be completed from the vendor of x over the Internet channel. Particularly, within 3.2 minutes. in this paper, we will show that the y can be a web session running in a mobile Tor browser [8] for anonymity and it can The remainder of this paper is organized as follows. Sec- tion II reviews related work. Section III overviews the covert establish the covert association with a local app x. device association threat. Section IV presents prototype imple- Privilege escalation: Current mobile OSes feature meticu- mentations. Section V presents evaluation results. Section VI lously designed permission control mechanisms to manage discusses countermeasures. Section VII concludes this paper. the information that can be accessed by individual apps. Edge OSes will likely adopt similar designs for edge security. II. RELATED WORK However, through the Internet channel, the associated x and Device fingerprinting and covert channel are two topics can access the information that is defined by the union of y related to the device association threat studied in this paper. ’s and ’s permission sets. Therefore, the privileges of both x y This section reviews the related work in these two topics. x and y are stealthily escalated beyond the awareness of the Device fingerprinting uses device-unique metrics to identify victim edge OS. and track devices. In [14], the accelerometer measurements of The above follow-up attacks launched based on the covert a smartphone are used to construct a hardware fingerprint. The device association can occur at large scales when the two study shows that the entropy of the fingerprint is sufficient to apps are installed on many edge devices. Therefore, the covert uniquely identify a device among thousands of devices with a device association can be a widespread threat should the edge low probability of collision. OSes and the corresponding app distribution systems prevail. In [15], smartphones’ microphones and speakers are shown In this paper, we investigate the covert device association to provide hardware fingerprints. via the edge processor workload. Existing studies [9]–[12] The study [16] shows that a picture captured by a smart- have shown the feasibility of various covert channels via phone camera contains the camera’s fingerprint. Most of touchscreen brightness, vibration actuation and sensing, and such fingerprinting techniques are developed for sensor-rich etc., on mobile OSes. However, they focus on the local data smartphones. The wider spectrum of edge devices may not exchange collusion between two apps that may require non- be equipped with the used sensors. Moreover, when such trivial synchronization mechanisms. Moreover, some covert fingerprinting techniques are used for device association, the channels (e.g., touchscreen) are not ubiquitous on a wider two colluding apps x and y need to access the same fingerprint spectrum of edge platforms. Therefore, although the local bearing sensors. The fingerprint extraction and match pro- data exchange collusion via the identified covert channels cesses often incur considerable compute overhead. In contrast, has been shown feasible, they are inefficient and may not the covert device association technique in this paper uses be always available. Differently, in this paper, we show via the processors that are pervasively available on any edge extensive experiments that the processor workload provides a devices. The process of demodulating the processor workload reliable covert channel that is ubiquitous on edge hardware to information bits involves light computation only. platforms. Moreover, the studied covert device association A covert channel is a communication channel that is not requires a simple synchronization mechanism (i.e., scheduled by design and not managed by the OS. The covert channel rendezvous) and minimizes the usage of the covert channel by between two processes running on the same device is often moving the data exchange collusion to the cloud backends. In based on a shared resource. Memory access-based covert summary, the high availability, the simple synchronization, and channels between two virtual machines in the cloud computing the minimal usage of the processor workload covert channel environment have been studied [17]–[19].
Load more

Recommended publications
  • HTTP Cookie - Wikipedia, the Free Encyclopedia 14/05/2014
    HTTP cookie - Wikipedia, the free encyclopedia 14/05/2014 Create account Log in Article Talk Read Edit View history Search HTTP cookie From Wikipedia, the free encyclopedia Navigation A cookie, also known as an HTTP cookie, web cookie, or browser HTTP Main page cookie, is a small piece of data sent from a website and stored in a Persistence · Compression · HTTPS · Contents user's web browser while the user is browsing that website. Every time Request methods Featured content the user loads the website, the browser sends the cookie back to the OPTIONS · GET · HEAD · POST · PUT · Current events server to notify the website of the user's previous activity.[1] Cookies DELETE · TRACE · CONNECT · PATCH · Random article Donate to Wikipedia were designed to be a reliable mechanism for websites to remember Header fields Wikimedia Shop stateful information (such as items in a shopping cart) or to record the Cookie · ETag · Location · HTTP referer · DNT user's browsing activity (including clicking particular buttons, logging in, · X-Forwarded-For · Interaction or recording which pages were visited by the user as far back as months Status codes or years ago). 301 Moved Permanently · 302 Found · Help 303 See Other · 403 Forbidden · About Wikipedia Although cookies cannot carry viruses, and cannot install malware on 404 Not Found · [2] Community portal the host computer, tracking cookies and especially third-party v · t · e · Recent changes tracking cookies are commonly used as ways to compile long-term Contact page records of individuals' browsing histories—a potential privacy concern that prompted European[3] and U.S.
    [Show full text]
  • Ant Download Manager (Antdm) V.2.3.2
    English Ant Download Manager (AntDM) v.2.4.0 Some of the contents in this manual may differ from the software, as software development continues. User Guide 2021 Table of Contents Overview ....................................................................................................................................................4 System Requirements .........................................................................................................................5 Installation ..................................................................................................................................................6 Uninstall .............................................................................................................................................11 Premium Link Generators (Debrids) .......................................................................................................12 Torrents ....................................................................................................................................................14 Browser Integration ..................................................................................................................................15 Google Chrome .................................................................................................................................16 Chromium Clones ........................................................................................................................17 Mozilla Firefox ....................................................................................................................................18
    [Show full text]
  • Jonathan Zittrain's “The Future of the Internet: and How to Stop
    The Future of the Internet and How to Stop It The Harvard community has made this article openly available. Please share how this access benefits you. Your story matters Citation Jonathan L. Zittrain, The Future of the Internet -- And How to Stop It (Yale University Press & Penguin UK 2008). Published Version http://futureoftheinternet.org/ Citable link http://nrs.harvard.edu/urn-3:HUL.InstRepos:4455262 Terms of Use This article was downloaded from Harvard University’s DASH repository, and is made available under the terms and conditions applicable to Other Posted Material, as set forth at http:// nrs.harvard.edu/urn-3:HUL.InstRepos:dash.current.terms-of- use#LAA YD8852.i-x 1/20/09 1:59 PM Page i The Future of the Internet— And How to Stop It YD8852.i-x 1/20/09 1:59 PM Page ii YD8852.i-x 1/20/09 1:59 PM Page iii The Future of the Internet And How to Stop It Jonathan Zittrain With a New Foreword by Lawrence Lessig and a New Preface by the Author Yale University Press New Haven & London YD8852.i-x 1/20/09 1:59 PM Page iv A Caravan book. For more information, visit www.caravanbooks.org. The cover was designed by Ivo van der Ent, based on his winning entry of an open competition at www.worth1000.com. Copyright © 2008 by Jonathan Zittrain. All rights reserved. Preface to the Paperback Edition copyright © Jonathan Zittrain 2008. Subject to the exception immediately following, this book may not be reproduced, in whole or in part, including illustrations, in any form (beyond that copying permitted by Sections 107 and 108 of the U.S.
    [Show full text]
  • Moving on to HTML5 HTML5 Is the Newest Incarnation of the HTML Family of Languages
    Part 1 Moving on to HTML5 HTML5 is the newest incarnation of the HTML family of languages. HTML, which stands for HyperText Markup Language, is one of the main reasons the Web is as powerful and useful as it is. HTML is a reasonably simple system of plain-text codes that provide the structure of all Web pages on the Internet. In this part, you take a quick look at how HTML5 fits in the history of the Web, and put together a few tools you’ll need to get started. Be sure to check out my Web site for working examples of every code fragment in the book: www.aharrisbooks.net/h5qr. In this part . ✓ Looking at the History of HTML ✓ Understanding What HTML5 Is ✓ Running Tests for Browser Features ✓ Deciding on a Suitable Browser ✓ Utilizing Chrome Frame to Add Support to IE COPYRIGHTED MATERIAL 03_9781118012529-ch01.indd 1 3/21/11 9:36 AM 2 Part 1: Moving on to HTML5 A Quick History of HTML HTML is a key part of the Internet. It has a short but extremely vibrant history. In order to understand what HTML5 is about, it’s useful to look at where it came from. The Internet (and the Web in particular) has been changing at a dizzying pace. HTML has been trying to keep up. When HTML was first devised, it comprised a handful of tags, and HTML did little more than determine how a page was laid out. As the Web matured, many features were added. Today’s Internet is still about documents, but it’s also about applications.
    [Show full text]
  • D400.3 Smart Food Awareness Report on Validation Activities And
    Deliverable D400.3 Report on validation activities and Detailed Specification Revision WP 400 Project acronym & number: SmartAgriFood – 285 326 Smart Food and Agribusiness: Future Internet for Safe and Healthy Food from Project title: Farm to Fork Funding scheme: Collaborative Project - Large-scale Integrated Project (IP) Date of latest version of Annex I: 18.08.2011 Start date of the project: 01.04.2011 Duration: 24 Status: Final Augusto Morales(UPM), Ignacio Gonzalez (Atos), Esther Mietzsch (KTBL), Marta Font- Authors / Contributors : sere (Bonpreu), Huub Scholten(WU), Alfredo Pedromingo (Ariadna), Tim Sadowsky (GS1), Yann Cassing (SGS), Ramón Alcarria (UPM), Javier Garcia (Atos) Due date of deliverable: 31.12.2012 Document identifier: D400.3_v1.3.docx Revision: 01 SmartAgriFood The SmartAgriFood Project The SmartAgriFood project is funded in the scope of the Future Internet Public Private Partner- ship Programme (FI-PPP), as part of the 7th Framework Programme of the European Commis- sion. The key objective is to elaborate requirements that shall be fulfilled by a “Future Internet” to drastically improve the production and delivery of safe & healthy food. Project Summary SmartAgriFood aims to boost application & use of Future Internet ICTs in agri-food sector by: Identifying and describing technical, functional and non-functional Future Internet specifications for experimentation in smart agri-food production as a whole system and in particular for smart farming, smart agri-logistics & smart food awareness, Identifying and developing smart agri- food-specific capabilities and concep- tual prototypes, demonstrating criti- cal technological solutions including the feasibility to further develop them in large scale experimentation and validation, Identifying and describing existing experimentation structures and start user community building, resulting in an implementation plan for the next phase in the framework of the FI PPP programme.
    [Show full text]
  • User Equipment Based-Computation Offloading for Real-Time Applications in the Context of Cloud and Edge Networks Farouk Messaoudi
    User equipment based-computation offloading for real-time applications in the context of Cloud and edge networks Farouk Messaoudi To cite this version: Farouk Messaoudi. User equipment based-computation offloading for real-time applications inthe context of Cloud and edge networks. Networking and Internet Architecture [cs.NI]. Université Rennes 1, 2018. English. NNT : 2018REN1S104. tel-02268196 HAL Id: tel-02268196 https://tel.archives-ouvertes.fr/tel-02268196 Submitted on 20 Aug 2019 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. ANNÉE 2018 THÈSE / UNIVERSITÉ DE RENNES 1 sous le sceau de l’Université Bretagne Loire pour le grade de DOCTEUR DE L’UNIVERSITÉ DE RENNES 1 Mention : Informatique Ecole doctorale MathStic Farouk MESSAOUDI Préparée à l’unité de recherche (IRISA – UMR 6074) Institut de Recherche en Informatique et Système Aléatoires Université de Rennes 1 User equipment Thèse à soutenir à Rennes le 16 avril 2018 based computation devant le jury composé de : Houda LABIOD Professeur, Telecom ParisTech / examinateur Offloading for real- Riccardo
    [Show full text]
  • Taking Your Talent to the Web (PDF)
    00 0732 FM 4/24/01 1:38 PM Page i Taking Your Talent to the Web A Guide for the Transitioning Designer By Jeffrey Zeldman 201 West 103rd Street, Indianapolis, Indiana 46290 00 0732 FM 4/24/01 1:38 PM Page ii Taking Your Talent to the Web: Publisher A Guide for the Transitioning Designer David Dwyer Copyright 2001 by New Riders Publishing Associate Publisher Al Valvano All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means—electronic, mechani- Executive Editor cal, photocopying, recording, or otherwise—without written permission Karen Whitehouse from the publisher. No patent liability is assumed with respect to the Acquisitions Editor use of the information contained herein. Although every precaution Michael Nolan has been taken in the preparation of this book, the publisher and au- thor assume no responsibility for errors or omissions. Neither is any li- Technical Editor ability assumed for damages resulting from the use of the information Steve Champeon contained herein. Development Editor Victoria Elzey International Standard Book Number: 0-7357-1073-2 Product Marketing Library of Congress Catalog Card Number: 00-111152 Manager Kathy Malmloff Printed in the United States of America Managing Editor First Printing: May 2001 Sarah Kearns Project Editor 05 04 03 02 01 7 6 5 4 3 2 1 Jake McFarland Interpretation of the printing code: The rightmost double-digit number Copy Editor is the year of the book’s printing; the rightmost single-digit number is Chrissy Andry the number of the book’s printing.
    [Show full text]
  • INFOSTAT Authorizations and Accessing Instructions USER
    Banca d’Italia INFOSTAT Instructions for access and authorizations - version 2.1 INFOSTAT Authorizations and accessing instructions USER MANUAL Version 2.1 Pag. 1 di 14 Banca d’Italia INFOSTAT Instructions for access and authorizations - version 2.1 TABLE OF CONTENTS NEWS ............................................................................................................................................................................................ 3 1. ENABLING AND MANAGEMENT FUNCTIONS ........................................................................................................ 4 1.1. OPERATING INSTRUCTIONS FOR USING “INFOSTAT” SERVICES .................................................................. 4 1.2. REGISTRATION, AUTHENTICATION AND ACCESS TO INFOSTAT .................................................................. 5 1.3. ACCREDITATION AND ACCESS TO SERVICES ...................................................................................................... 7 1.3.1. ENTERING THE PIN ........................................................................................................................................................ 8 1.3.2. ADVANCED FUNCTIONS FOR AUTHORIZATION MANAGEMENT ................................................................... 9 2. INSTALLING CERTIFICATES .................................................................................................................................... 11 Pag. 2 di 14 Banca d’Italia INFOSTAT Instructions for access and authorizations - version
    [Show full text]
  • Google Chrome
    Google Chrome Google Chrome is a web browser developed by Google that uses the WebKitlayout engine. It was first released as a beta version for Microsoft Windows on September 2, 2008, and the public stable release was on December 11, 2008. The name is derived from the graphical user interface frame, or "chrome", of web browsers. As of August 2011, Chrome is the third most widely used browser with 23.16% worldwide usage share of web browsers, according to StatCounter. In September 2008, Google released a large portion of Chrome's source code, including its V8 JavaScript engine, as an open source project entitledChromium.[3][4] This move enabled third-party developers to study the underlying source code and to help port the browser to the Mac OS X and Linux operating systems. Google also expressed hope that other browsers would adopt V8 to improve web application performance.[5] The Google-authored portion of Chromium is released under the permissive BSD license,[6] which allows portions to be incorporated into both open source and closed source software programs.[7] Other portions of the source code are subject to a variety of open source licenses.[8]Chromium implements a similar feature set as Chrome, but lacks built-in automatic updates, built-in PDF reader and Google branding, and most noticeably has a blue-colored logo in place of the multicolored Google logo.[9][10] developers Google inc. Initial release September 2, 2008; 3 years ago Stable release 14.0.835.163 (September 16, 2011; 3 days ago) [+/í] Preview release 15.0.874.15 (Dev) (September 15, 2011; 4 days ago) [+/í] Written in C++, Assembly, Python, JavaScript Operating system Linux Mac OS X (10.5 and later, Intel only) Microsoft Windows (XP SP2 and later) Engine WebKit (based on KHTML) Available in 50 languages Development status Active Type Web browser License Google Chrome Terms of Service;[note 1] WebKit: BSD/LGPL; V8: BSD Website google.com/chrome History For six years, Google's Chief Executive Eric Schmidt was against the idea of building an independent web browser.
    [Show full text]
  • Security and Privacy in the Internet of Things Lei Yang
    Security and Privacy in the Internet of Things By Lei Yang Submitted to the Department of Electrical Engineering and Computer Science and the Graduate Faculty of the University of Kansas in partial fulfillment of the requirements for the degree of Doctor of Philosophy Prof. Fengjun Li, Chairperson Prof. Jun Huan Committee members Prof. Prasad Kulkarni Prof. James P.G. Sterbenz Prof. Yong Zeng Date defended: July 25, 2017 The Dissertation Committee for Lei Yang certifies that this is the approved version of the following dissertation : Security and Privacy in the Internet of Things Prof. Fengjun Li, Chairperson Date approved: July 25, 2017 ii Abstract The Internet of Things (IoT) is an emerging paradigm that seamlessly integrates elec- tronic devices with sensing and computing capability into the Internet to achieve intel- ligent processing and optimized controlling. In a connected world built through IoT, where interconnected devices are extending to every facet of our lives, including our homes, offices, utility infrastructures and even our bodies, we are able to do things in a way that we never before imagined. However, as IoT redefines the possibilities in envi- ronment, society and economy, creating tremendous benefits, significant security and privacy concerns arise such as personal information confidentiality, and secure com- munication and computation. Theoretically, when everything is connected, everything is at risk. The ubiquity of connected things gives adversaries more attack vectors and more possibilities, and thus more catastrophic consequences by cybercrimes. There- fore, it is very critical to move fast to address these rising security and privacy concerns in IoT systems before severe disasters happen.
    [Show full text]
  • Ebook Download Udiwww Pdf Free Download
    UDIWWW PDF, EPUB, EBOOK Proteus Val Re Kresten | 124 pages | 31 Dec 2011 | Volutpress | 9786139299225 | English | United States Udiwww PDF Book When released on 8 June it was one of the first graphical web browsers, and the first to run on Windows: Windows 3. These take up a great deal of the server's time, too. It is a completely self-contained, stand-alone 1. Retrieved March 24, To restate the obvious, this page isn't best viewed with Ariadne, or anything else. The web browser has transformed many times in the past two decades, with little improvements here and there that have contributed to the overall experience we have today. One or two sessions with a professional can mean the difference between fighting the change and embarking on a journey of discovery. Our editorial content is not influenced by any commissions we receive. Comes with CompuServe subscription. Developed by Advanced Multimedia System Design in early WorldWideWeb Nexus. What Browsers Do Figure 2. Otherwise, people trying to access your Web site will often find that it just isn't there. Which one is best? Free and open-source web browser developed by the Mozilla Foundation and its subsidiary, Mozilla Corporation. From CompuServe. World Wide Web Consortium. It further provides for the capture or input of information which may be returned to the presenting system, then stored or processed as necessary. March 03, However, a plethora of new server programs has been introduced in the past year, and some of them are gaining market share quickly. Internet Explorer From Microsoft see fig.
    [Show full text]
  • The Multipath Onion Iot Gateways
    Hide Your Hackable Smart Home from Remote Attacks: The Multipath Onion IoT Gateways B Lei Yang1, Chris Seasholtz2,BoLuo2, and Fengjun Li2( ) 1 Amazon LLC., Seattle, WA, USA [email protected] 2 The University of Kansas, Lawrence, KS, USA {seasholtz,bluo,fli}@ku.edu Abstract. The rapid expansion of IoT-enabled home automation is accompanied by substantial security and privacy risks. A large number of real-world security incidents exploiting various device vulnerabilities have been revealed. The Onion IoT gateways have been proposed to provide strong security protection for potentially vulnerable IoT devices by hiding them behind IoT gateways running the Tor hidden services, in which the gateways can only be accessed by authorized users with the .onion addresses of the gateways and correct credentials. However, the limited bandwidth of Tor makes this approach very impractical and unscalable. To tackle this issue, we present two novel designs of multipath Onion IoT gateway and split channel Onion IoT gateway. The first design implements a customized multipath routing protocol in Tor to construct a multi-circuit anonymous tunnel between the user and the Onion gate- way to support applications that require low latency and high bandwidth. The second scheme splits command and data channels so that small-sized command packets are transmitted through the more secure channel over the Tor hidden service, while the less secure data channel over the public network is used for outbound very-high-bandwidth data traffic. Exper- iment results show that the proposed approaches significantly improve the performance of Onion IoT gateways, so that they can be practically adopted to securely transmit low-latency and high-bandwidth data, such as HD video streams from home surveillance cameras.
    [Show full text]