Breaking On-Chip Communication Anonymity using Flow Correlation Attacks

TL;DR

The paper tackles the vulnerability of on-chip anonymity in Network-on-Chip (NoC) systems by demonstrating that existing anonymous routing (ARNoC and SAR) is susceptible to ML-based flow-correlation attacks, which can reveal the communicating pair despite packet-level secrecy. It introduces a lightweight defense built on outbound traffic tunneling and traffic obfuscation (chaffing and random delays) to achieve both packet- and flow-level anonymity, with minimal hardware and performance overhead. Through extensive experiments on synthetic and real traffic in Gem5, the authors show the attack can reach up to about 99% accuracy in deanonymizing sessions, while the countermeasure substantially degrades the attack’s recall and precision, preserving normal NoC performance. The work provides a practical path toward robust NoC anonymity suitable for multi-tenant SoCs and hardware accelerators, balancing security with implementational practicality.

Abstract

Network-on-Chip (NoC) is widely used to facilitate communication between components in sophisticated System-on-Chip (SoC) designs. Security of the on-chip communication is crucial because exploiting any vulnerability in shared NoC would be a goldmine for an attacker that puts the entire computing infrastructure at risk. We investigate the security strength of existing anonymous routing protocols in NoC architectures, making two pivotal contributions. Firstly, we develop and perform a machine learning (ML)-based flow correlation attack on existing anonymous routing techniques in Network-on-Chip (NoC) systems, revealing that they provide only packet-level anonymity. Secondly, we propose a novel, lightweight anonymous routing protocol featuring outbound traffic tunneling and traffic obfuscation. This protocol is designed to provide robust defense against ML-based flow correlation attacks, ensuring both packet-level and flow-level anonymity. Experimental evaluation using both real and synthetic traffic demonstrates that our proposed attack successfully deanonymizes state-of-the-art anonymous routing in NoC architectures with high accuracy (up to 99%) for diverse traffic patterns. It also reveals that our lightweight anonymous routing protocol can defend against ML-based attacks with minor hardware and performance overhead.

Figures (8)

• Figure 1: In a 4x4 mesh NoC, each IP connects to NoC via a network interface and router. A malicious router can intercept packets between $IP_S$ and $IP_D$, forwarding them to a remote adversary for sophisticated attacks.
• Figure 2: Overview of our proposed ML-based attack that consists of two phases (training and attacking).
• Figure 3: Malicious boundary links outside the anonymous tunnel extract flow pair ($IFD_S^o$, $IFD_D^i$) and send them to the collector. Then, collector sends them to ML-model.
• Figure 4: DNN architecture has two convolution layers (C1, C2) and three fully connected layers (FC1 - FC3).
• Figure 5: Overview of the proposed lightweight anonymous routing to defend against flow correlation attack. It has two phases: tunnel creation and data transfer with traffic obfuscation.