Title: Side-Channel Inference Attacks – Activities of Daily Living Inference from Encrypted Video Strems
Abstract: Side-channel attacks refer to the exploits of any information other than the plaintext and ciphertext for cryptanalysis. It’s well-known that side-channel attacks are highly profitable but they are hard to detect and defend. In this talk, I will first summarize a few recent works on size-channel inference attacks; then present our results that demonstrate how user’s basic activities of daily living can be inferred by observing only the data size patterns of the encrypted video stream in video surveillance systems. As we all know, most video encoding standards such as H.264 and MPEG-4 compress the temporal redundancy in a video stream using difference coding. Our experimental study indicated that difference coding causes side-channel information leak even though the video stream is encrypted. Particularly, we observed that the traffic patterns of an encrypted video stream are different when a user conducts different basic activities of daily living, which must be kept private from third parties as obliged by HIPAA regulations. We also observed that by exploiting this side-channel information, attackers can readily infer a user’s basic activities of daily living based only on the traffic size data of an encrypted video stream. The validation results of these observations will also be reported in this talk.
Xiuzhen Cheng received her MS and PhD degrees in computer science from the University of Minnesota -- Twin Cities, in 2000 and 2002, respectively. She is a professor at the Department of Computer Science, The George Washington University, Washington DC. Her current research interests focus on privacy-aware computing, wireless and mobile security, dynamic spectrum access, mobile handset networking systems (mobile health and safety), cognitive radio networks, and algorithm design and analysis. She has served on the editorial boards of several technical journals (e.g. IEEE Transactions on Parallel and Distributed Systems, IEEE Wireless Communications) and the technical program committees of various professional conferences/workshops (e.g. IEEE INFOCOM, ACM Mobihoc, ACM SenSys, IEEE ICDCS). She is the founder of WASA and a co-founder of IEEE PAC. She worked as a program director for the US National Science Foundation (NSF) from April to October in 2006 (full time), and from April 2008 to May 2010 (part time). She published more than 200 peer-reviewed papers. She is a Fellow of IEEE.