“The use of compression might actually be breaking the privacy that you think encryption is providing to you”Pol Van Aubel
A new paper from the members of the INTERSCT consortium is out.
The paper, namely “Compromised through Compression: How compression might be breaking the privacy provided by encryption”, was presented at the EAI SecureComm 2021 conference, and authored by Pol Van Aubel and Prof. Erik Poll (Radboud University).
In the paper, the authors show that traffic analysis on IoT smart meters can reveal information about the use of energy by individual households, if compression and some of the encodings are used. Smart meters monitor a household energy consumption, taking measurements about their energy consumption levels and then sending them to the Distribution System Operators (DSO), responsible for operating the energy grids. Working on a real dataset provided by one of the leading Dutch grid operators (released as open), they show that the adoption of compression techniques reduces the communication bandwidth, but also generates a side-channel, that can be used by an attacker for several malicious purposes. To solve the issue, they propose an encoding method that is nearly as effective as compression, but that does not allow such traffic analysis.
You can read more about their research here: SecureComm2021.pdf (ru.nl)