Secure Goal-Oriented Communication: Defending Against Eavesdropping Timing Attacks

Goal-oriented Communication (GoC) is a new paradigm that activates data transmission only when it is instrumental for the receiver to achieve a certain goal. This leads to the advantage of reducing the frequency of transmissions significantly while maintaining adherence to the receiver’s objectives. However, GoC scheduling also opens a timing-based side channel that an eavesdropper can exploit to estimate the state of the system. This type of attack sidesteps even information-theoretic security, as it exploits the timing of updates rather than their content. In this work, we study such an eavesdropping attack against pull-based goal-oriented scheduling for remote monitoring and control of Markov processes. We provide a theoretical framework for defining the effectiveness of the attack and propose possible countermeasures, including three heuristics that provide a balance between the performance gains offered by GoC and the amount of leaked information. Our results show that, while a naive GoC scheduler allows the eavesdropper to correctly guess the system state about 60% of the time, our heuristic defenses can halve the leakage with a marginal reduction of the benefits of goal-oriented approaches.