Secure Goal-Oriented Communication: Defending against Eavesdropping Timing Attacks

TL;DR

This paper investigates timing-based eavesdropping attacks on goal-oriented communication systems, proposing countermeasures that significantly reduce information leakage while maintaining most of the system's efficiency.

Contribution

It introduces a theoretical framework for analyzing timing attacks on goal-oriented scheduling and proposes practical heuristics to defend against such attacks.

Findings

Naive scheduler leaks about 60% of system state information.

Proposed heuristics halve the leakage with minimal impact on performance.

Countermeasures effectively balance security and efficiency.

Abstract

Goal-oriented Communication (GoC) is a new paradigm that plans data transmission to occur only when it is instrumental for the receiver to achieve a certain goal. This leads to the advantage of reducing the frequency of transmissions significantly while maintaining adherence to the receiver's objectives. However, GoC scheduling also opens a timing-based side channel that an eavesdropper can exploit to obtain information about the state of the system. This type of attack sidesteps even information-theoretic security, as it exploits the timing of updates rather than their content. In this work, we study such an eavesdropping attack against pull-based goal-oriented scheduling for remote monitoring and control of Markov processes. We provide a theoretical framework for defining the effectiveness of the attack and propose possible countermeasures, including two practical heuristics that provide a balance between the performance gains offered by GoC and the amount of leaked information. Our results show that, while a naive goal-oriented scheduler allows the eavesdropper to correctly guess the system state about 60% of the time, our heuristic defenses can halve the leakage with a marginal reduction of the benefits of goal-oriented approaches.