Network Traffic Shaping for Enhancing Privacy in IoT Systems

Motivated by traffic analysis attacks based on the packet sizes and timing information in the Internet of Things (IoT) networks, we establish a rigorous event-level differential privacy (DP) model on infinite packet streams. We propose a traffic shaper satisfying a first-come-first-served queuing discipline that outputs traffic dependent on the input using a DP mechanism. We show that in special cases the proposed mechanism recovers existing shapers which standardize the output independently from the input. To find the optimal shapers for given levels of privacy and transmission efficiency, we formulate the constrained problem of minimizing the expected delay per packet and propose using the expected queue size across time as a proxy. We further show that the constrained minimization is a convex program. We demonstrate the effect of shapers on both synthetic data and packet traces from actual IoT devices. The experimental results reveal inherent privacy-overhead tradeoffs: more shaping overhead provides better privacy protection. Under the same privacy level, there is a tradeoff between dummy traffic and delay. When shaping heavier or less bursty traffic, all shapers become more overhead-efficient. We also show that increased traffic from more IoT devices makes guaranteeing event-level privacy easier. The DP shaper offers tunable privacy that is invariant with the change in the input traffic distribution and has an advantage in handling burstiness over traffic-independent shapers. This approach accommodates heterogeneous network conditions and user demands in privacy and overhead.