Abbas Acar,Hossein Fereidooni,Tigist Abera,Amit Kumar Sikder,Markus Miettinen,Hidayet Aksu,Mauro Conti,Ahmad-Reza Sadeghi,Selcuk Uluagac

DOI: https://doi.org/10.1145/3395351.3399421

2020-05-14

Abstract:A myriad of IoT devices such as bulbs, switches, speakers in a smart home environment allow users to easily control the physical world around them and facilitate their living styles through the sensors already embedded in these devices. Sensor data contains a lot of sensitive information about the user and devices. However, an attacker inside or near a smart home environment can potentially exploit the innate wireless medium used by these devices to exfiltrate sensitive information from the encrypted payload (i.e., sensor data) about the users and their activities, invading user privacy. With this in mind,in this work, we introduce a novel multi-stage privacy attack against user privacy in a smart environment. It is realized utilizing state-of-the-art machine-learning approaches for detecting and identifying the types of IoT devices, their states, and ongoing user activities in a cascading style by only passively sniffing the network traffic from smart home devices and sensors. The attack effectively works on both encrypted and unencrypted communications. We evaluate the efficiency of the attack with real measurements from an extensive set of popular off-the-shelf smart home IoT devices utilizing a set of diverse network protocols like WiFi, ZigBee, and BLE. Our results show that an adversary passively sniffing the traffic can achieve very high accuracy (above 90%) in identifying the state and actions of targeted smart home devices and their users. To protect against this privacy leakage, we also propose a countermeasure based on generating spoofed traffic to hide the device states and demonstrate that it provides better protection than existing solutions.

Cryptography and Security

Noah Apthorpe,Dillon Reisman,Srikanth Sundaresan,Arvind Narayanan,Nick Feamster

DOI: https://doi.org/10.48550/arXiv.1708.05044

2017-08-16

Cryptography and Security

Abstract:The growing market for smart home IoT devices promises new conveniences for consumers while presenting new challenges for preserving privacy within the home. Many smart home devices have always-on sensors that capture users' offline activities in their living spaces and transmit information about these activities on the Internet. In this paper, we demonstrate that an ISP or other network observer can infer privacy sensitive in-home activities by analyzing Internet traffic from smart homes containing commercially-available IoT devices even when the devices use encryption. We evaluate several strategies for mitigating the privacy risks associated with smart home device traffic, including blocking, tunneling, and rate-shaping. Our experiments show that traffic shaping can effectively and practically mitigate many privacy risks associated with smart home IoT devices. We find that 40KB/s extra bandwidth usage is enough to protect user activities from a passive network adversary. This bandwidth cost is well within the Internet speed limits and data caps for many smart homes.

Shuaike Dong,Zhou Li,Di Tang,Jiongyi Chen,Menghan Sun,Kehuan Zhang

DOI: https://doi.org/10.48550/arXiv.1909.00104

2019-08-31

Abstract:The IoT (Internet of Things) technology has been widely adopted in recent years and has profoundly changed the people's daily lives. However, in the meantime, such a fast-growing technology has also introduced new privacy issues, which need to be better understood and measured. In this work, we look into how private information can be leaked from network traffic generated in the smart home network. Although researchers have proposed techniques to infer IoT device types or user behaviors under clean experiment setup, the effectiveness of such approaches become questionable in the complex but realistic network environment, where common techniques like Network Address and Port Translation (NAPT) and Virtual Private Network (VPN) are enabled. Traffic analysis using traditional methods (e.g., through classical machine-learning models) is much less effective under those settings, as the features picked manually are not distinctive any more. In this work, we propose a traffic analysis framework based on sequence-learning techniques like LSTM and leveraged the temporal relations between packets for the attack of device identification. We evaluated it under different environment settings (e.g., pure-IoT and noisy environment with multiple non-IoT devices). The results showed our framework was able to differentiate device types with a high accuracy. This result suggests IoT network communications pose prominent challenges to users' privacy, even when they are protected by encryption and morphed by the network gateway. As such, new privacy protection methods on IoT traffic need to be developed towards mitigating this new issue.

Cryptography and Security

Noah Apthorpe,Danny Yuxing Huang,Dillon Reisman,Arvind Narayanan,Nick Feamster

DOI: https://doi.org/10.2478/popets-2019-0040

2019-03-16

Abstract:The proliferation of smart home Internet of Things (IoT) devices presents unprecedented challenges for preserving privacy within the home. In this paper, we demonstrate that a passive network observer (e.g., an Internet service provider) can infer private in-home activities by analyzing Internet traffic from commercially available smart home devices even when the devices use end-to-end transport-layer encryption. We evaluate common approaches for defending against these types of traffic analysis attacks, including firewalls, virtual private networks, and independent link padding, and find that none sufficiently conceal user activities with reasonable data overhead. We develop a new defense, "stochastic traffic padding" (STP), that makes it difficult for a passive network adversary to reliably distinguish genuine user activities from generated traffic patterns designed to look like user interactions. Our analysis provides a theoretical bound on an adversary's ability to accurately detect genuine user activities as a function of the amount of additional cover traffic generated by the defense technique.

Cryptography and Security

Qingsong Zou,Qing Li,Ruoyu Li,Yucheng Huang,Gareth Tyson,Jingyu Xiao,Yong Jiang

DOI: https://doi.org/10.1145/3580890

2023-01-01

Abstract:With the deployment of a growing number of smart home IoT devices, privacy leakage has become a growing concern. Prior work on privacy-invasive device localization, classification, and activity identification have proven the existence of various privacy leakage risks in smart home environments. However, they only demonstrate limited threats in real world due to many impractical assumptions, such as having privileged access to the user's home network. In this paper, we identify a new end-to-end attack surface using IoTBeholder, a system that performs device localization, classification, and user activity identification. IoTBeholder can be easily run and replicated on commercial off-the-shelf (COTS) devices such as mobile phones or personal computers, enabling attackers to infer user's habitual behaviors from smart home Wi-Fi traffic alone. We set up a testbed with 23 IoT devices for evaluation in the real world. The result shows that IoTBeholder has good device classification and device activity identification performance. In addition, IoTBeholder can infer the users' habitual behaviors and automation rules with high accuracy and interpretability. It can even accurately predict the users' future actions, highlighting a significant threat to user privacy that IoT vendors and users should highly concern.

Su Wang,Keyang Yu,Qi Li,Dong Chen

2024-06-15

Abstract:The Internet traffic data produced by the Internet of Things (IoT) devices are collected by Internet Service Providers (ISPs) and device manufacturers, and often shared with their third parties to maintain and enhance user services. Unfortunately, on-path adversaries could infer and fingerprint users' sensitive privacy information such as occupancy and user activities by analyzing these network traffic traces. While there's a growing body of literature on defending against this side-channel attack-malicious IoT traffic analytics (TA), there's currently no systematic method to compare and evaluate the comprehensiveness of these existing studies. To address this problem, we design a new low-cost, open-source system framework-IoT Traffic Exposure Monitoring Toolkit (ITEMTK) that enables people to comprehensively examine and validate prior attack models and their defending approaches. In particular, we also design a novel image-based attack capable of inferring sensitive user information, even when users employ the most robust preventative measures in their smart homes. Researchers could leverage our new image-based attack to systematize and understand the existing literature on IoT traffic analysis attacks and preventing studies. Our results show that current defending approaches are not sufficient to protect IoT device user privacy. IoT devices are significantly vulnerable to our new image-based user privacy inference attacks, posing a grave threat to IoT device user privacy. We also highlight potential future improvements to enhance the defending approaches. ITEMTK's flexibility allows other researchers for easy expansion by integrating new TA attack models and prevention methods to benchmark their future work.

Cryptography and Security,Systems and Control

Noah Apthorpe,Dillon Reisman,Nick Feamster

DOI: https://doi.org/10.48550/arXiv.1705.06805

2017-05-18

Cryptography and Security

Abstract:The increasing popularity of specialized Internet-connected devices and appliances, dubbed the Internet-of-Things (IoT), promises both new conveniences and new privacy concerns. Unlike traditional web browsers, many IoT devices have always-on sensors that constantly monitor fine-grained details of users' physical environments and influence the devices' network communications. Passive network observers, such as Internet service providers, could potentially analyze IoT network traffic to infer sensitive details about users. Here, we examine four IoT smart home devices (a Sense sleep monitor, a Nest Cam Indoor security camera, a WeMo switch, and an Amazon Echo) and find that their network traffic rates can reveal potentially sensitive user interactions even when the traffic is encrypted. These results indicate that a technological solution is needed to protect IoT device owner privacy, and that IoT-specific concerns must be considered in the ongoing policy debate around ISP data collection and usage.

Xiaoyu Ji,Wenjun Zhu,Shilin Xiao,Wenyuan Xu

DOI: https://doi.org/10.1038/s44287-024-00073-2

2024-01-01

Abstract:Sensors are extensively used in the Internet of Things (IoT) applications, enhancing daily convenience but also raising concerns about privacy leakage. To address this, we advocate for protecting data privacy at the moment it is generated by sensors, rather than trying to secure it afterwards.

M. Hammad Mazhar,Zubair Shafiq

DOI: https://doi.org/10.1109/iotdi49375.2020.00027

2020-04-01

Abstract:As the smart home IoT ecosystem flourishes, it is imperative to gain a better understanding of the unique challenges it poses in terms of management, security, and privacy. Prior studies are limited because they examine smart home IoT devices in testbed environments or at a small scale. To address this gap, we present a measurement study of smart home IoT devices in the wild by instrumenting home gateways and passively collecting real-world network traffic logs from more than 200 homes across a large metropolitan area in the United States. We characterize smart home IoT traffic in terms of its volume, temporal patterns, and external endpoints along with focusing on certain security and privacy concerns. We first show that traffic characteristics reflect the functionality of smart home IoT devices such as smart TVs generating high volume traffic to content streaming services following diurnal patterns associated with human activity. While the smart home IoT ecosystem seems fragmented, our analysis reveals that it is mostly centralized due to its reliance on a few popular cloud and DNS services. Our findings also highlight several interesting security and privacy concerns in smart home IoT ecosystem such as the need to improve policy-based access control for IoT traffic, lack of use of application layer encryption, and prevalence of third-party advertising and tracking services. Our findings have important implications for future research on improving management, security, and privacy of the smart home IoT ecosystem.

Ishtiaq Rouf,Robert D. Miller,Hossen A. Mustafa,Travis Taylor,Sangho Oh,Wenyuan Xu,Marco Gruteser,Wade Trappe,Ivan Seskar

2010-01-01

Abstract:Wireless networks are being integrated into the modern automobile. The security and privacy implications of such in-car networks, however, have are not well understood as their transmissions propagate beyond the confines of a car's body. To understand the risks associated with these wireless systems, this paper presents a privacy and security evaluation of wireless Tire Pressure Monitoring Systems using both laboratory experiments with isolated tire pressure sensor modules and experiments with a complete vehicle system. We show that eavesdropping is easily possible at a distance of roughly 40m from a passing vehicle. Further, reverse-engineering of the underlying protocols revealed static 32 bit identifiers and that messages can be easily triggered remotely, which raises privacy concerns as vehicles can be tracked through these identifiers. Further, current protocols do not employ authentication and vehicle implementations do not perform basic input validation, thereby allowing for remote spoofing of sensor messages. We validated this experimentally by triggering tire pressure warning messages in a moving vehicle from a customized software radio attack platform located in a nearby vehicle. Finally, the paper concludes with a set of recommendations for improving the privacy and security of tire pressure monitoring systems and other forthcoming in-car wireless sensor networks.

Qingsong Zou,Qing Li,Ruoyu Li,Yucheng Huang,Gareth Tyson,Jingyu Xiao,Yong Jiang

DOI: https://doi.org/10.1145/3580890

2023-01-01

Proceedings of the ACM on Interactive Mobile Wearable and Ubiquitous Technologies

Abstract:With the deployment of a growing number of smart home IoT devices, privacy leakage has become a growing concern. Prior work on privacy-invasive device localization, classification, and activity identification have proven the existence of various privacy leakage risks in smart home environments. However, they only demonstrate limited threats in real world due to many impractical assumptions, such as having privileged access to the user's home network. In this paper, we identify a new end-to-end attack surface using IoTBeholder, a system that performs device localization, classification, and user activity identification. IoTBeholder can be easily run and replicated on commercial off-the-shelf (COTS) devices such as mobile phones or personal computers, enabling attackers to infer user's habitual behaviors from smart home Wi-Fi traffic alone. We set up a testbed with 23 IoT devices for evaluation in the real world. The result shows that IoTBeholder has good device classification and device activity identification performance. In addition, IoTBeholder can infer the users' habitual behaviors and automation rules with high accuracy and interpretability. It can even accurately predict the users' future actions, highlighting a significant threat to user privacy that IoT vendors and users should highly concern.

Chenxin Duan,Kai Wang,Wenqi Chen,Guanglei Song,Jiahai Yang,Zhiliang Wang

DOI: https://doi.org/10.1109/noms54207.2022.9789817

2022-01-01

Abstract:Recent years have witnessed the proliferation of smart home ecosystems. Well-characterized traffic generated by smart home devices has promoted the development of security enhancing techniques for smart homes but exposes users to the privacy disclosure risk at the same time. Malicious eavesdroppers can infer working states of smart home devices and user activities based on spatial-temporal traffic characteristics. Existing countermeasures towards this kind of side channel attack ignore the utility of smart home traffic profiles and signatures for network management and attempt to completely eliminate them. In this paper, we give a comprehensive study on the trade offs between the usability of smart home traffic for security monitoring and its privacy threat. We propose to monitor the smart homes under differential privacy. Based on our solution, decoy traffic can be generated in a controlled manner so as to confound the attackers without disturbing the running monitoring systems. We prototyped our proposal and demonstrate its effectiveness empirically. An interview study is also conducted to learn the user acceptance of the proposed privacy preserving mechanism.

Wei Zhou,Yan Jia,Yao Yao,Lipeng Zhu,Le Guan,Yuhang Mao,Peng Liu,Yuqing Zhang

DOI: https://doi.org/10.48550/arXiv.1811.03241

2019-06-26

Abstract:A smart home connects tens of home devices to the Internet, where an IoT cloud runs various home automation applications. While bringing unprecedented convenience and accessibility, it also introduces various security hazards to users. Prior research studied smart home security from several aspects. However, we found that the complexity of the interactions among the participating entities (i.e., devices, IoT clouds, and mobile apps) has not yet been systematically investigated. In this work, we conducted an in-depth analysis of five widely-used smart home platforms. Combining firmware analysis, network traffic interception, and blackbox testing, we reverse-engineered the details of the interactions among the participating entities. Based on the details, we inferred three legitimate state transition diagrams for the three entities, respectively. Using these state machines as a reference model, we identified a set of unexpected state transitions. To confirm and trigger the unexpected state transitions, we implemented a set of phantom devices to mimic a real device. By instructing the phantom devices to intervene in the normal entity-entity interactions, we have discovered several new vulnerabilities and a spectrum of attacks against real-world smart home platforms.

Cryptography and Security,Networking and Internet Architecture

Xuanyu Liu,Qiang Zeng,Xiaojiang Du,Siva Likitha Valluru,Chenglong Fu,Xiao Fu,Bin Luo

DOI: https://doi.org/10.1145/3471621.3471856

2021-01-01

Abstract:With the booming deployment of smart homes, concerns about user privacy keep growing. Recent research has shown that encrypted wireless traffic of IoT devices can be exploited by packet-sniffing attacks to reveal users’ privacy-sensitive information (e.g., the time when residents leave their home and go to work), which may be used to launch further attacks (e.g., a break-in). To address the growing concerns, we propose SniffMislead, a non-intrusive (i.e., without modifying IoT devices, hubs, or platforms) privacy-protecting approach, based on packet injection, against wireless packet sniffers. Instead of randomly injecting packets, which is ineffective against a smarter attacker, SniffMislead proposes the notion of phantom users, “people” who do not exist in the physical world. From an attacker’s perspective, however, they are perceived as real users. SniffMislead places multiple phantom users in a smart home, which can effectively prevent an attacker from inferring useful information. We design a top-down approach to synthesize phantom users’ behaviors, construct the sequence of decoy device events and commands, and then inject corresponding packets into the home. We show how SniffMislead ensures logical integrity and contextual consistency of injected packets, as well as how it makes a phantom user indistinguishable from a real user. Our evaluation results from a smart home testbed demonstrate that SniffMislead significantly reduces an attacker’s privacy-inferring capabilities, bringing the accuracy from 94.8% down to 3.5%.

Ahmed Mohamed Hussain,Gabriele Oligeri,Thiemo Voigt

DOI: https://doi.org/10.1007/978-3-030-68884-4_10

2021-01-01

Abstract:We present a new machine learning-based attack that exploits network patterns to detect the presence of smart IoT devices and running services in the WiFi radio spectrum. We perform an extensive measurement campaign of data collection, and we build up a model describing the traffic patterns characterizing three popular IoT smart home devices, i.e., Google Nest Mini, Amazon Echo, and Amazon Echo Dot. We prove that it is possible to detect and identify with overwhelming probability their presence and the services running by the aforementioned devices in a crowded WiFi scenario. This work proves that standard encryption techniques alone are not sufficient to protect the privacy of the end-user, since the network traffic itself exposes the presence of both the device and the associated service. While more work is required to prevent non-trusted third parties to detect and identify the user’s devices, we introduce Eclipse, a technique to mitigate these types of attacks, which reshapes the traffic making the identification of the devices and the associated services similar to the random classification baseline.

Nisha Panwar,Shantanu Sharma,Sharad Mehrotra,Łukasz Krzywiecki,Nalini Venkatasubramanian

DOI: https://doi.org/10.48550/arXiv.1904.05476

2019-05-04

Abstract:Smart homes are a special use-case of the Internet-of-Things (IoT) paradigm. Security and privacy are two prime concern in smart home networks. A threat-prone smart home can reveal lifestyle and behavior of the occupants, which may be a significant concern. This article shows security requirements and threats to a smart home and focuses on a privacy-preserving security model. We classify smart home services based on the spatial and temporal properties of the underlying device-to-device and owner-to-cloud interaction. We present ways to adapt existing security solutions such as distance-bounding protocols, ISO-KE, SIGMA, TLS, Schnorr, Okamoto Identification Scheme (IS), Pedersen commitment scheme for achieving security and privacy in a cloud-assisted home area network.

Cryptography and Security,Networking and Internet Architecture

Noah Apthorpe,Dillon Reisman,Nick Feamster

DOI: https://doi.org/10.48550/arXiv.1705.06809

2017-05-18

Cryptography and Security

Abstract:The growing market for smart home IoT devices promises new conveniences for consumers while presenting novel challenges for preserving privacy within the home. Specifically, Internet service providers or neighborhood WiFi eavesdroppers can measure Internet traffic rates from smart home devices and infer consumers' private in-home behaviors. Here we propose four strategies that device manufacturers and third parties can take to protect consumers from side-channel traffic rate privacy threats: 1) blocking traffic, 2) concealing DNS, 3) tunneling traffic, and 4) shaping and injecting traffic. We hope that these strategies, and the implementation nuances we discuss, will provide a foundation for the future development of privacy-sensitive smart homes.

Yang Li,Anna Maria Mandalari,Isabel Straw

2023-07-26

Abstract:For smart homes to be safe homes, they must be designed with security in mind. Yet, despite the widespread proliferation of connected digital technologies in the home environment, there is a lack of research evaluating the security vulnerabilities and potential risks present within these systems. Our research presents a comprehensive methodology for conducting systematic IoT security attacks, intercepting network traffic and evaluating the security risks of smart home devices. We perform hundreds of automated experiments using 11 popular commercial IoT devices when deployed in a testbed, exposed to a series of real deployed attacks (flooding, port scanning and OS scanning). Our findings indicate that these devices are vulnerable to security attacks and our results are relevant to the security research community, device engineers and the users who rely on these technologies in their daily lives.

Cryptography and Security

Xiaoyu Ji,Yushi Cheng,Wenyuan Xu,Xinyan Zhou

DOI: https://doi.org/10.1155/2018/3980371

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:Wireless cameras are widely deployed in smart homes for security guarding, baby monitoring, fall detection, and so on. Those security cameras, which are supposed to protect users, however, may in turn leak a user’s personal privacy. In this paper, we reveal that attackers are able to infer whether users are at home or not, that is, the user presence, by eavesdropping the traffic of wireless cameras from distance. We propose HomeSpy, a system that infers user presence by inspecting the intrinsic pattern of the wireless camera traffic. To infer the user presence, HomeSpy first eavesdrops the wireless traffic around the target house and detects the existence of wireless cameras with a Long Short-Term Memory (LSTM) network. Then, HomeSpy infers the user presence using the bitrate variation of the wireless camera traffic based on a cumulative sum control chart (CUSUM) algorithm. We implement HomeSpy on the Android platform and validate it on 20 cameras. The evaluation results show that HomeSpy can achieve a successful attack rate of 97.2%.

Yushi Cheng,Xiaoyu Ji,Xinyan Zhou,Wenyuan Xu

DOI: https://doi.org/10.1109/ICPADS.2017.00106

2017-01-01

Abstract:Wireless cameras are widely deployed in homes and offices for security guarding, and play as an important part of smart home devices. Those security cameras, which are supposed to provide protection services, however, may in turn leak personal privacy that can result in security issues. In this paper, we reveal that attackers are able to eavesdrop the traffic of wireless cameras and analyze whether you are at home or not without entering the house. We propose HomeSpy, an attack tool that infers the house status by inspecting the bitrate variation of the wireless camera traffic. We implement Home Spy on the Android platform and validate it on 3 cameras. The evaluation results show that HomeSpy can achieve a successful attack rate of 97.2%.