Pol Van Aubelhttps://www.polvanaubel.com/2021-11-04T00:00:00+01:00Compromised through Compression: Privacy Implications of Smart Meter Traffic Analysis2021-11-04T00:00:00+01:002021-11-04T00:00:00+01:00Pol Van Aubeltag:www.polvanaubel.com,2021-11-04:/research/compromised-through-compression/index<p>Smart metering comes with risks to privacy.
One concern is the possibility of an attacker seeing the traffic
that reports the energy use of a household and deriving private
information from that.
Encryption helps to mask the actual energy measurements, but
is not sufficient to cover all risks.
One aspect …</p><p>Smart metering comes with risks to privacy.
One concern is the possibility of an attacker seeing the traffic
that reports the energy use of a household and deriving private
information from that.
Encryption helps to mask the actual energy measurements, but
is not sufficient to cover all risks.
One aspect which has yet gone unexplored — and where encryption
does not help — is traffic analysis, i.e.
whether the length of messages communicating energy measurements
can leak privacy-sensitive information to an observer.
In this paper we examine whether using encodings or compression
for smart metering data could potentially leak information
about household energy use.
Our analysis is based on the real-world energy use data of
±80 Dutch households.</p>
<p>We find that traffic analysis could reveal information about the
energy use of individual households if compression is used.
As a result, when messages are sent daily, an attacker performing
traffic analysis would be able to determine when all the members
of a household are away or not using electricity for an entire
day.
We demonstrate this issue by recognizing when households from our
dataset were on holiday.
If messages are sent more often, more granular living patterns
could likely be determined.</p>
<p>We propose a method of encoding the data that is nearly as
effective as compression at reducing message size, but does
not leak the information that compression leaks. By not
requiring compression to achieve the best possible data savings,
the risk of traffic analysis is eliminated.</p>
<p>The paper <a href="compromised-through-compression/compromised-through-compression.pdf">is available directly</a>
or <a href="https://link.springer.com/chapter/10.1007%2F978-3-030-90022-9_16">via Springer</a>.
<a href="compromised-through-compression/securecomm-presentation.mp4">The SecureComm 2021 presentation</a> was
pre-recorded, and <a href="compromised-through-compression/securecomm-presentation.pdf">the slides are also available</a>.</p>
<p>The code written to arrive at these conclusions <a href="compromised-through-compression/code/dlms-compression-analyzer.zip">is available</a>.
It is known to run on Python 3.9 with Pandas 1.3.2.</p>
<p>The dataset to operate on is available from Liander N.V.:</p>
<ul>
<li><a href="https://www.liander.nl/sites/default/files/Over-Liander-slimme-meter-dataset-2013-levering.zip">direct download</a></li>
<li><a href="https://www.liander.nl/partners/datadiensten/open-data/data">landing page, look for the heading “Slimme meter”</a></li>
</ul>My weird name2020-03-04T01:20:30+01:002020-03-04T01:20:30+01:00Pol Van Aubeltag:www.polvanaubel.com,2020-03-04:/weirdname
<p>My full name is Pol Van Aubel. My first name is “Pol”, last name “Van Aubel”. To answer the first questions I’m always asked by Dutch people about this:</p>
<ol>
<li>Yes, that’s a capital “V”.</li>
<li>It’s correctly spelled, including all spaces and capital letters.</li>
<li>No, the “Van” is …</li></ol>
<p>My full name is Pol Van Aubel. My first name is “Pol”, last name “Van Aubel”. To answer the first questions I’m always asked by Dutch people about this:</p>
<ol>
<li>Yes, that’s a capital “V”.</li>
<li>It’s correctly spelled, including all spaces and capital letters.</li>
<li>No, the “Van” is not a middle name nor technically a “<a href="https://en.wikipedia.org/wiki/Tussenvoegsel">tussenvoegsel</a>”, but you probably want to sort my name on “A” anyway.</li>
<li>Yes, this breaks basically all the Dutch “rules” about names. Sorry.</li>
</ol>
<p>This is all very unusual for a Dutch name, and I’m known to be very particular about it, so I figured I owe people an explanation.</p>
<h4 id="how-did-this-name-come-to-be-in-the-first-place">How did this name come to be in the first place?<a class="headerlink" href="#how-did-this-name-come-to-be-in-the-first-place" title="Permanent link"> </a></h4>
<p>At some point several decades ago the municipal government of my then-hometown noticed they had a weird glitch in their citizen registration database. Basically, our last name was stored as “Van Aubel”, with a capital V, rather than “Aubel, van”. My parents were given a choice: keep it as-is, or change it back with all the hassle that brought. Since they figured it wouldn’t make a difference, the choice was to keep it as-is. That’s really all there is to it.</p>
<p>So yes, my passport really does say “Van Aubel”, that’s really my name. On official documents this can even become a problem, because misspelling a name there may invalidate the entire document. This has happened on my Bachelor’s diploma, which had to be reprinted. And even outside of that I’m pretty particular about this, because hey, it’s my <em>name</em>. Dutch is a language of exceptions to the rules, what’s one more exception?</p>
<h4 id="how-to-sort-cite-me">How to sort <span class="amp">&</span> cite me<a class="headerlink" href="#how-to-sort-cite-me" title="Permanent link"> </a></h4>
<p>Due to how Dutch society works, it makes sense to keep sorting my last name on “A”, because nobody expects to sort a name that starts with something that sounds like a “<a href="https://en.wikipedia.org/wiki/Tussenvoegsel">tussenvoegsel</a>” on the first letter of that tussenvoegsel.</p>
<p>When citing me, please cite me either as “Pol Van Aubel”, “P. Van Aubel”, or “Van Aubel, P.” (or “Van Aubel, <span class="caps">P.J.</span>M.” if you really must). When doing this in LaTeX, be careful it doesn’t actually turn it into “<span class="caps">P. V.</span> Aubel” — this has even happened to myself in a moment of inattention. The easy fix is to just write my author-line down as <code>Pol {Van Aubel}</code> in the bib(la)tex and be done with it. All the bibtex snippets on <a href="/publications">my publications page</a> already do this correctly.</p>
<p>By the way, when citing Dutch names, many non-Dutch-speaking people get this wrong even when the name is as would be expected by a Dutch person. “Jan de Graaf” should be cited as “J. de Graaf”, “De Graaf, J.”, or “Graaf, J. de” (though that last one is <em>highly</em> unusual). Not as “<span class="caps">J. D.</span> Graaf”, nor as “Graaf, J. d.”. Why people get this wrong is a mystery to me — after all, nobody would ever dream of citing, say, Leonardo da Vinci as “Vinci, L. D.”.</p>Side-channel based intrusion detection for industrial control systems — supporting material2018-01-01T00:00:00+01:002018-01-01T00:00:00+01:00Pol Van Aubeltag:www.polvanaubel.com,2018-01-01:/research/em-ics/index<p>Sorry, you have landed on an empty page. This will be updated soon(tm).</p>PUFs, protection, privacy, PRNGs2016-12-31T00:00:00+01:002016-12-31T00:00:00+01:00Pol Van Aubeltag:www.polvanaubel.com,2016-12-31:/pufs-protection-privacy-prngs<p>My talk on the basics of Physically Unclonable Functions got accepted for presentation at the 33<sup>rd</sup> Chaos Communication Congress (33C3).</p>
<blockquote>
<p>A physically unclonable function, or <span class="caps">PUF</span>, is some physical structure with properties that are easy to verify, hard to predict, and practically impossible to clone. Ideally, this means it …</p></blockquote><p>My talk on the basics of Physically Unclonable Functions got accepted for presentation at the 33<sup>rd</sup> Chaos Communication Congress (33C3).</p>
<blockquote>
<p>A physically unclonable function, or <span class="caps">PUF</span>, is some physical structure with properties that are easy to verify, hard to predict, and practically impossible to clone. Ideally, this means it’s a device-unique unchanging identifier, which can be used for improving security. However, it can be at odds with privacy and anonymity. This talk will give you an overview of the thirty years of history behind PUFs, and will include the most recent advances in research. The functions, structure, and design will be discussed, as well as devices and materials that have properties to base PUFs on.</p>
</blockquote>
<p>You can find the (excellent) video registration by <span class="caps">C3POC</span> <a href="https://media.ccc.de/v/33c3-8231-pufs_protection_privacy_prngs">here</a>.</p>SRAM PUFs in large CPUs and GPUS — supporting material2015-07-30T00:00:00+01:002015-07-30T00:00:00+01:00Pol Van Aubeltag:www.polvanaubel.com,2015-07-30:/research/puf/x86-64/code/index<ul>
<li><a href="code/kernel.patch">The kernel patch for Linux Kernel version 3.15.7 to store the <span class="caps">XMM</span> registers.</a></li>
<li><a href="code/pufdata_module.c">The kernel module for Linux Kernel version 3.15.7 to access the stored register values.</a></li>
<li><a href="code/grub.patch">The <span class="caps">GRUB</span> patch for <span class="caps">GRUB</span> version 2.02-beta2 to output the <span class="caps">XMM</span> registers.</a></li>
<li><a href="code/coreboot-registers.patch">The coreboot patch to output the …</a></li></ul><ul>
<li><a href="code/kernel.patch">The kernel patch for Linux Kernel version 3.15.7 to store the <span class="caps">XMM</span> registers.</a></li>
<li><a href="code/pufdata_module.c">The kernel module for Linux Kernel version 3.15.7 to access the stored register values.</a></li>
<li><a href="code/grub.patch">The <span class="caps">GRUB</span> patch for <span class="caps">GRUB</span> version 2.02-beta2 to output the <span class="caps">XMM</span> registers.</a></li>
<li><a href="code/coreboot-registers.patch">The coreboot patch to output the <span class="caps">XMM</span> registers.</a> The patch is based on coreboot git commit c86762657dc7013a56b1d281286789dae17ad936.</li>
<li><a href="code/coreboot-cache.patch">The coreboot patch to output the cache-as-ram stack space.</a> The patch is based on coreboot git commit c86762657dc7013a56b1d281286789dae17ad936.</li>
</ul>