NetShaper: A Differentially Private Network Side-Channel Mitigation System

TL;DR

NetShaper is a system that uses traffic shaping to mitigate network side-channel leaks, providing differential privacy guarantees while balancing privacy, bandwidth, and latency for various applications.

Contribution

NetShaper introduces a traffic shaping approach that offers differential privacy in network communications, adaptable to workload and congestion conditions, with a modular design for diverse applications.

Findings

Effective mitigation of network side-channel leaks.

Achieves differential privacy guarantees in practical settings.

Supports diverse applications like video streaming and web services.

Abstract

The widespread adoption of encryption in network protocols has significantly improved the overall security of many Internet applications. However, these protocols cannot prevent network side-channel leaks -- leaks of sensitive information through the sizes and timing of network packets. We present NetShaper, a system that mitigates such leaks based on the principle of traffic shaping. NetShaper's traffic shaping provides differential privacy guarantees while adapting to the prevailing workload and congestion condition, and allows configuring a tradeoff between privacy guarantees, bandwidth and latency overheads. Furthermore, NetShaper provides a modular and portable tunnel endpoint design that can support diverse applications. We present a middlebox-based implementation of NetShaper and demonstrate its applicability in a video streaming and a web service application.