The widespread adoption of encryption in network protocols has significantly improved the overall security of many Internet applications. However, these protocols cannot prevent network side-channel leaks -- leaks of sensitive information through the sizes and timing of network packets. We present NetShaper, a system that mitigates such leaks based on the principle of traffic shaping. NetShaper's traffic shaping provides differential privacy guarantees while adapting to the prevailing workload and congestion condition, and allows configuring a tradeoff between privacy guarantees, bandwidth and latency overheads. Furthermore, NetShaper provides a modular and portable tunnel endpoint design that can support diverse applications. We present a middlebox-based implementation of NetShaper and demonstrate its applicability in a video streaming and a web service application.

翻译：网络协议中加密技术的广泛采用显著提升了许多互联网应用的整体安全性。然而，这些协议无法阻止网络侧信道泄漏——即通过数据包大小和时间信息泄露敏感数据。我们提出NetShaper系统，该系统基于流量整形原理缓解此类泄漏。NetShaper的流量整形在提供差分隐私保证的同时，能自适应调整当前工作负载与拥塞状态，并允许在隐私保证、带宽与延迟开销之间进行权衡配置。此外，NetShaper采用模块化、可移植的隧道端点设计，可支持多种应用场景。我们实现了基于中间盒的NetShaper系统，并在视频流媒体和Web服务应用中验证了其可行性。