Designing Router Scheduling Policies: A Privacy Perspective

We study the privacy compromise due to a queuing side channel which arises when a resource is shared between two users in the context of packet networks. The adversary tries to learn about the legitimate user´s activities by sending a small but frequent probe stream to the shared resource (e.g., a router). We show that for current frequently used scheduling policies, the waiting time of the adversary is highly correlated with traffic pattern of the legitimate user, thus compromising user privacy. Through precise modeling of the constituent flows and the scheduling policy of the shared resource, we develop a dynamic program to compute the optimal privacy preserving policy that minimizes the correlation between user´s traffic and adversary´s waiting times. While the explosion of state-space for the problem prohibits us from characterizing the optimal policy, we derive a suboptimal policy using a myopic approximation to the problem. Through simulation results, we show that indeed the suboptimal policy does very well in the high traffic regime. Adapting the intuition from the myopic policy, we propose scheduling policies that demonstrate good tradeoff between privacy and delay in the low and medium traffic regime as well.