Side Channel Leakage

LLMs leak information through observable metadata of the inference process — token count, response latency, packet sizes in streaming mode, speculative decoding acceptance/rejection patterns, and KV cache timing — independently of the textual content of the response. The assumption violated is that encrypting the response content (TLS) is sufficient for confidentiality. Zhang et al.

• Monitor for repeated structurally similar queries varying only in one parameter
• Detect automated high-frequency query patterns targeting timing or length variation
• Observable signal: clients that read response headers/metadata but not response bodies

Side channel signals feed T7-AT-010 (Differential Response Analysis) by providing raw observables for comparative analysis. Timing and packet analysis (T7-AP-004I) enables T7-AT-005 (Metadata Extraction) by revealing model architecture details.