TID-410: Cryptographic Protocol Side Channel
Threat Description
While encrypting data can prevent a threat actor from directly obtaining the plaintext communication, a threat actor may be able to infer information about the device or communicated data through side-channel and metadata analysis of encrypted communication sessions. For example, a threat actor could use information about message lengths, sequences, and frequency to infer some or all of the plaintext content of messages.
Threat Maturity and Evidence
Proof of Concept
Classifying IoT devices in smart environments using network traffic characteristics
“This paper shows that IoT devices can be identified with high accuracy based on their network behavior, and sets the stage for future work in detecting misbehaviors resulting from security breaches in teh [sic] smart environment.”
Traffic Fingerprinting Attacks on Internet of Things using Machine Learning
“However, even if encryption was in place, characteristics of the traffic, such as packet sizes and traffic rates, may expose the user’s current activities”
Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information
“Our paper sheds light on an inherent design weakness of the 4G/5G cellular paging protocol which can be exploited by an attacker to not only obtain the victim’s paging occasion but also to identify the victim’s presence in a particular cell area just from the victim’s soft-identity (e.g., phone number, Twitter handle) with a novel attack called ToRPEDO.”
CWE
CWE-1230: Exposure of Sensitive Information Through Metadata
“The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information.”