Xiaomeng Yu,Yanyong Zhang,Xiang-Yang Li,Xing Guo

DOI: https://doi.org/10.1109/bigcom53800.2021.00033

2021-01-01

Abstract:The sensor network is widely used in the Internet of Things environment to create a more intelligent and convenient life, sensors closely monitor and get information from the living environment, smart home devices respond to user instructions to provide services. The constant interaction data with the cloud server, however, is unwittingly exposing user privacy to danger. This paper attacks a variety of smart home devices and sensors through traffic analysis, proving that encrypted data has the risk of revealing user privacy in the wireless environment, even if the packet content is not obtained, the state of a single IoT device can be analyzed through the number and shape of packets. Also, considering the user behavior may lead to responses from multiple devices in the environment, so that more elaborate information can be further deduced through the analysis of the combination of multiple equipment states. Based on the attack on single devices, we carried out a joint attack on multiple devices using state sequence diagrams of all devices in the smart home. The experiments prove that the traffic patterns of IoT devices do leak private information of users, we provide the corresponding solution of traffic shaping to defend against such attack.

Noah Apthorpe,Danny Yuxing Huang,Dillon Reisman,Arvind Narayanan,Nick Feamster

DOI: https://doi.org/10.2478/popets-2019-0040

2019-03-16

Abstract:The proliferation of smart home Internet of Things (IoT) devices presents unprecedented challenges for preserving privacy within the home. In this paper, we demonstrate that a passive network observer (e.g., an Internet service provider) can infer private in-home activities by analyzing Internet traffic from commercially available smart home devices even when the devices use end-to-end transport-layer encryption. We evaluate common approaches for defending against these types of traffic analysis attacks, including firewalls, virtual private networks, and independent link padding, and find that none sufficiently conceal user activities with reasonable data overhead. We develop a new defense, "stochastic traffic padding" (STP), that makes it difficult for a passive network adversary to reliably distinguish genuine user activities from generated traffic patterns designed to look like user interactions. Our analysis provides a theoretical bound on an adversary's ability to accurately detect genuine user activities as a function of the amount of additional cover traffic generated by the defense technique.

Cryptography and Security

Meng Zhao,Jie Chen,Zhikai Yang,Yaping Liu,Shuo Zhang

DOI: https://doi.org/10.3390/s22239389

2022-12-01

Abstract:As more and more smart devices are deployed in homes, the communication between these smart home devices and elastic computing services may face some risks of privacy disclosure. Different device events (such as the camera on, video on, etc.) will generate different data traffic during communication. However, the current smart home system lacks monitoring of these device events, which may cause the disclosure of private data collected by these devices. In this paper, we present our device event monitor system, HomeMonitor. HomeMonitor runs in the OpenWRT system and supports complete event monitoring for smart home devices. HomeMoitor solves the problem that machine learning models for detecting device events do not scale flexibly. It uses the network packet size and the direction of the device event for unique identification during training. When detecting, it only needs to get the packet size and timestamp and then query the policy table for signature matching to control the device events. We evaluated the effectiveness of HomeMonitor, and the experiments show that the match rate of our method is 98.8%, the false positive rate is 1.8%, and the detection time is only 16.67% for PINBALL. The results mean that our method achieves the balance of applicable protocol scope, detection performance, and detection accuracy.

Haoxiang Wang,Jiasheng Zhang,Chenbei Lu,Chenye Wu

DOI: https://doi.org/10.1109/tsg.2020.3038757

IF: 10.275

2020-01-01

IEEE Transactions on Smart Grid

Abstract:Smart meter devices enable a better understanding of the demand at the potential risk of private information leakage. One promising solution to mitigating such risk is to inject noises into the meter data to achieve a certain level of differential privacy. In this paper, we cast one-shot non-intrusive load monitoring (NILM) in the compressive sensing framework, and bridge the gap between theoretical accuracy of NILM inference and differential privacy's parameters. We then derive the valid theoretical bounds to offer insights on how the differential privacy parameters affect the NILM performance. Moreover, we generalize our conclusions by proposing the hierarchical framework to solve the multishot NILM problem. Numerical experiments verify our analytical results and offer better physical insights of differential privacy in various practical scenarios. This also demonstrates the significance of our work for the general privacy preserving mechanism design.

Xuanyu Liu,Qiang Zeng,Xiaojiang Du,Siva Likitha Valluru,Chenglong Fu,Xiao Fu,Bin Luo

DOI: https://doi.org/10.1145/3471621.3471856

2021-01-01

Abstract:With the booming deployment of smart homes, concerns about user privacy keep growing. Recent research has shown that encrypted wireless traffic of IoT devices can be exploited by packet-sniffing attacks to reveal users’ privacy-sensitive information (e.g., the time when residents leave their home and go to work), which may be used to launch further attacks (e.g., a break-in). To address the growing concerns, we propose SniffMislead, a non-intrusive (i.e., without modifying IoT devices, hubs, or platforms) privacy-protecting approach, based on packet injection, against wireless packet sniffers. Instead of randomly injecting packets, which is ineffective against a smarter attacker, SniffMislead proposes the notion of phantom users, “people” who do not exist in the physical world. From an attacker’s perspective, however, they are perceived as real users. SniffMislead places multiple phantom users in a smart home, which can effectively prevent an attacker from inferring useful information. We design a top-down approach to synthesize phantom users’ behaviors, construct the sequence of decoy device events and commands, and then inject corresponding packets into the home. We show how SniffMislead ensures logical integrity and contextual consistency of injected packets, as well as how it makes a phantom user indistinguishable from a real user. Our evaluation results from a smart home testbed demonstrate that SniffMislead significantly reduces an attacker’s privacy-inferring capabilities, bringing the accuracy from 94.8% down to 3.5%.

Shuaike Dong,Zhou Li,Di Tang,Jiongyi Chen,Menghan Sun,Kehuan Zhang

DOI: https://doi.org/10.48550/arXiv.1909.00104

2019-08-31

Abstract:The IoT (Internet of Things) technology has been widely adopted in recent years and has profoundly changed the people's daily lives. However, in the meantime, such a fast-growing technology has also introduced new privacy issues, which need to be better understood and measured. In this work, we look into how private information can be leaked from network traffic generated in the smart home network. Although researchers have proposed techniques to infer IoT device types or user behaviors under clean experiment setup, the effectiveness of such approaches become questionable in the complex but realistic network environment, where common techniques like Network Address and Port Translation (NAPT) and Virtual Private Network (VPN) are enabled. Traffic analysis using traditional methods (e.g., through classical machine-learning models) is much less effective under those settings, as the features picked manually are not distinctive any more. In this work, we propose a traffic analysis framework based on sequence-learning techniques like LSTM and leveraged the temporal relations between packets for the attack of device identification. We evaluated it under different environment settings (e.g., pure-IoT and noisy environment with multiple non-IoT devices). The results showed our framework was able to differentiate device types with a high accuracy. This result suggests IoT network communications pose prominent challenges to users' privacy, even when they are protected by encryption and morphed by the network gateway. As such, new privacy protection methods on IoT traffic need to be developed towards mitigating this new issue.

Cryptography and Security

Noah Apthorpe,Dillon Reisman,Srikanth Sundaresan,Arvind Narayanan,Nick Feamster

DOI: https://doi.org/10.48550/arXiv.1708.05044

2017-08-16

Cryptography and Security

Abstract:The growing market for smart home IoT devices promises new conveniences for consumers while presenting new challenges for preserving privacy within the home. Many smart home devices have always-on sensors that capture users' offline activities in their living spaces and transmit information about these activities on the Internet. In this paper, we demonstrate that an ISP or other network observer can infer privacy sensitive in-home activities by analyzing Internet traffic from smart homes containing commercially-available IoT devices even when the devices use encryption. We evaluate several strategies for mitigating the privacy risks associated with smart home device traffic, including blocking, tunneling, and rate-shaping. Our experiments show that traffic shaping can effectively and practically mitigate many privacy risks associated with smart home IoT devices. We find that 40KB/s extra bandwidth usage is enough to protect user activities from a passive network adversary. This bandwidth cost is well within the Internet speed limits and data caps for many smart homes.

Abbas Acar,Hossein Fereidooni,Tigist Abera,Amit Kumar Sikder,Markus Miettinen,Hidayet Aksu,Mauro Conti,Ahmad-Reza Sadeghi,Selcuk Uluagac

DOI: https://doi.org/10.1145/3395351.3399421

2020-05-14

Abstract:A myriad of IoT devices such as bulbs, switches, speakers in a smart home environment allow users to easily control the physical world around them and facilitate their living styles through the sensors already embedded in these devices. Sensor data contains a lot of sensitive information about the user and devices. However, an attacker inside or near a smart home environment can potentially exploit the innate wireless medium used by these devices to exfiltrate sensitive information from the encrypted payload (i.e., sensor data) about the users and their activities, invading user privacy. With this in mind,in this work, we introduce a novel multi-stage privacy attack against user privacy in a smart environment. It is realized utilizing state-of-the-art machine-learning approaches for detecting and identifying the types of IoT devices, their states, and ongoing user activities in a cascading style by only passively sniffing the network traffic from smart home devices and sensors. The attack effectively works on both encrypted and unencrypted communications. We evaluate the efficiency of the attack with real measurements from an extensive set of popular off-the-shelf smart home IoT devices utilizing a set of diverse network protocols like WiFi, ZigBee, and BLE. Our results show that an adversary passively sniffing the traffic can achieve very high accuracy (above 90%) in identifying the state and actions of targeted smart home devices and their users. To protect against this privacy leakage, we also propose a countermeasure based on generating spoofed traffic to hide the device states and demonstrate that it provides better protection than existing solutions.

Cryptography and Security

Noah Apthorpe,Dillon Reisman,Nick Feamster

DOI: https://doi.org/10.48550/arXiv.1705.06809

2017-05-18

Cryptography and Security

Abstract:The growing market for smart home IoT devices promises new conveniences for consumers while presenting novel challenges for preserving privacy within the home. Specifically, Internet service providers or neighborhood WiFi eavesdroppers can measure Internet traffic rates from smart home devices and infer consumers' private in-home behaviors. Here we propose four strategies that device manufacturers and third parties can take to protect consumers from side-channel traffic rate privacy threats: 1) blocking traffic, 2) concealing DNS, 3) tunneling traffic, and 4) shaping and injecting traffic. We hope that these strategies, and the implementation nuances we discuss, will provide a foundation for the future development of privacy-sensitive smart homes.

Nazar Waheed,Mian Ahmad Jan,Abeer Z. Alalmaie,Priyadarsi Nanda,Fazlullah Kha

DOI: https://doi.org/10.48550/arXiv.2304.07676

2023-04-16

Cryptography and Security

Abstract:The rapid expansion of Internet of Things (IoT) devices in smart homes has significantly improved the quality of life, offering enhanced convenience, automation, and energy efficiency. However, this proliferation of connected devices raises critical concerns regarding security and privacy of the user data. In this paper, we propose a differential privacy-based system to ensure comprehensive security for data generated by smart homes. We employ the randomized response technique for the data and utilize Local Differential Privacy (LDP) to achieve data privacy. The data is then transmitted to an aggregator, where an obfuscation method is applied to ensure individual anonymity. Furthermore, we implement the Hidden Markov Model (HMM) technique at the aggregator level and apply differential privacy to the private data received from smart homes. Consequently, our approach achieves a dual layer of privacy protection, addressing the security concerns associated with IoT devices in smart cities.

M. Hammad Mazhar,Zubair Shafiq

DOI: https://doi.org/10.1109/iotdi49375.2020.00027

2020-04-01

Abstract:As the smart home IoT ecosystem flourishes, it is imperative to gain a better understanding of the unique challenges it poses in terms of management, security, and privacy. Prior studies are limited because they examine smart home IoT devices in testbed environments or at a small scale. To address this gap, we present a measurement study of smart home IoT devices in the wild by instrumenting home gateways and passively collecting real-world network traffic logs from more than 200 homes across a large metropolitan area in the United States. We characterize smart home IoT traffic in terms of its volume, temporal patterns, and external endpoints along with focusing on certain security and privacy concerns. We first show that traffic characteristics reflect the functionality of smart home IoT devices such as smart TVs generating high volume traffic to content streaming services following diurnal patterns associated with human activity. While the smart home IoT ecosystem seems fragmented, our analysis reveals that it is mostly centralized due to its reliance on a few popular cloud and DNS services. Our findings also highlight several interesting security and privacy concerns in smart home IoT ecosystem such as the need to improve policy-based access control for IoT traffic, lack of use of application layer encryption, and prevalence of third-party advertising and tracking services. Our findings have important implications for future research on improving management, security, and privacy of the smart home IoT ecosystem.

Hui Cao,Shubo Liu,Longfei Wu,Zhitao Guan,Xiaojiang Du

DOI: https://doi.org/10.48550/arXiv.1804.01817

2018-04-05

Abstract:Fog computing, a non-trivial extension of cloud computing to the edge of the network, has great advantage in providing services with a lower latency. In smart grid, the application of fog computing can greatly facilitate the collection of consumer's fine-grained energy consumption data, which can then be used to draw the load curve and develop a plan or model for power generation. However, such data may also reveal customer's daily activities. Non-intrusive load monitoring (NILM) can monitor an electrical circuit that powers a number of appliances switching on and off independently. If an adversary analyzes the meter readings together with the data measured by an NILM device, the customer's privacy will be disclosed. In this paper, we propose an effective privacy-preserving scheme for electric load monitoring, which can guarantee differential privacy of data disclosure in smart grid. In the proposed scheme, an energy consumption behavior model based on Factorial Hidden Markov Model (FHMM) is established. In addition, noise is added to the behavior parameter, which is different from the traditional methods that usually add noise to the energy consumption data. The analysis shows that the proposed scheme can get a better trade-off between utility and privacy compared with other popular methods.

Cryptography and Security

Jing Zhao,Taeho Jung,Yu Wang,Xiangyang Li

DOI: https://doi.org/10.1109/infocom.2014.6847974

2014-01-01

Abstract:The smart grid introduces new privacy implications to individuals and their family due to the fine-grained usage data collection. For example, smart metering data could reveal highly accurate real-time home appliance energy load, which may be used to infer the human activities inside the houses. One effective way to hide actual appliance loads from the outsiders is Battery-based Load Hiding (BLH), in which a battery is installed for each household and smartly controlled to store and supply power to the appliances. Even though such technique has been demonstrated useful and can prevent certain types of attacks, none of existing BLH works can provide probably privacy-preserving mechanisms. In this paper, we investigate the privacy of smart meters via differential privacy. We first analyze the current existing BLH methods and show that they cannot guarantee differential privacy in the BLH problem. We then propose a novel randomized BLH algorithm which successfully assures differential privacy, and further propose the Multitasking-BLH-Exp3 algorithm which adaptively updates the BLH algorithm based on the context and the constraints. Results from extensive simulations show the efficiency and effectiveness of the proposed method over existing BLH methods.

Haoxiang Wang,Chenyu Wu

DOI: https://doi.org/10.1145/3396851.3403508

2020-01-01

Abstract:Smart meter devices enable the system operator to better understand the demand at the potential risk of private information leakage. One promising solution to mitigate such risk is to inject noises into the meter data to achieve certain level of differential privacy. In this paper, we cast the non-intrusive load monitoring (NILM) as a compressive sensing problem, and then seek to characterize the physical meaning of the parameters in ϵ-differential privacy in terms of the performance guarantee for NILM inference.

Xin-Yuan Zhang,Liu-Sheng Huang,Shao-Wei Wang,Zhen-Yu Zhu,Hong-Li Xu

DOI: https://doi.org/10.2991/icwcsn-16.2017.45

2016-01-01

Abstract:The aggregation of residents' private data drives improvements in the smart homes, however it comes with compromising on privacy. Hence, privacy preservation has become an increasing requirement for residents. Since users might have different privacy requirements, and their privacy requirements might be sensitive information, smart homes need a privacy preservation scheme to meet their demands. In this scheme, a user preserves the privacy of his/her data and privacy level locally by specifying his own privacy level in confidence, without trusting anyone else in smart homes. In addition, a user replies a single data element to the collector each time, instead of the whole dataset. It makes the scheme more challenging than the traditional centralized situation. In this paper, we propose a novel personalized local differential privacy preservation scheme for smart homes, which retains desirable utility while providing rigorous privacy guarantee.

ZHANG Xinyu,ZHANG Bingsheng,MENG Quanrun,REN Kui

DOI: https://doi.org/10.11959/j.issn.2096-109x.2021057

2021-01-01

Abstract:Existing encrypted traffic detection technologies lack privacy protection for data and models, which will violate the privacy preserving regulations and increase the security risk of privacy leakage. A privacy-preserving encrypted traffic detection system was proposed. It promoted the privacy of the encrypted traffic detection model by combining the gradient boosting decision tree (GBDT) algorithm with differential privacy. The privacy-protected encrypted traffic detection system was designed and implemented. The performance and the efficiency of proposed system using the CICIDS2017 dataset were evaluated, which contained the malicious traffic of the DDoS attack and the port scan. The results show that when the privacy budget value is set to 1, the system accuracy rates are 91.7% and 92.4% respectively. The training and the prediction of our model is efficient. The training time of proposed model is 5.16 s and 5.59 s, that is only 2-3 times of GBDT algorithm. The prediction time is close to the GBDT algorithm.

Mark Yen,Geir E. Dullerud,Yu Wang

DOI: https://doi.org/10.48550/arXiv.2302.01388

2023-02-28

Abstract:Traffic systems are multi-agent cyber-physical systems whose performance is closely related to human welfare. They work in open environments and are subject to uncertainties from various sources, making their performance hard to verify by traditional model-based approaches. Alternatively, statistical model checking (SMC) can verify their performance by sequentially drawing sample data until the correctness of a performance specification can be inferred with desired statistical accuracy. This work aims to verify traffic systems with privacy, motivated by the fact that the data used may include personal information (e.g., daily itinerary) and get leaked unintendedly by observing the execution of the SMC algorithm. To formally capture data privacy in SMC, we introduce the concept of expected differential privacy (EDP), which constrains how much the algorithm execution can change in the expectation sense when data change. Accordingly, we introduce an exponential randomization mechanism for the SMC algorithm to achieve the EDP. Our case study on traffic intersections by Vissim simulation shows the high accuracy of SMC in traffic model verification without significantly sacrificing computing efficiency. The case study also shows EDP successfully bounding the algorithm outputs to guarantee privacy.

Cryptography and Security,Systems and Control,Computation

Zhetao Li,Zhirun Zheng,Suiming Guo,Bin Guo,Fu Xiao,Kui Ren

DOI: https://doi.org/10.1109/tmc.2022.3173642

IF: 6.075

2022-01-01

IEEE Transactions on Mobile Computing

Abstract:Although crowdsensing has emerged as a popular information collection paradigm, its security and privacy vulnerabilities have come to the forefront in recent years. However, one big limitation of previous research is that the security domain and the privacy domain are typically considered separately. Therefore, it is unclear whether the defense methods in the privacy domain will have unexpected impact on the security domain. To bridge this gap, in this paper, we propose a novel Disguise-based Data Poisoning Attack (DDPA) against the differentially private crowdsensing systems empowered with the truth discovery method. Specifically, we propose a novel stealth strategy, i.e., disguising the malicious behavior as privacy behavior, to avoid being detected by truth discovery methods. With this stealth strategy, the shortcoming of failing to maximize the attack effectiveness is avoided naturally through structuring a bi-level optimization problem, which can be solved with the alternating optimization algorithm. Moreover, we show that the differentially private crowdsensing systems are vulnerable to data poisoning attacks, and enhancing the level of privacy will bring more serious security threats. Finally, the evaluation results on the real-world dataset Emotion and the synthetic dataset SynData demonstrate that DDPA can not only achieve maximum utility damage but also remain undetected.

Chenbei Lu,Jingshi Cui,Haoxiang Wang,Hongyu Yi,Chenye Wu

DOI: https://doi.org/10.1109/tsg.2023.3315690

IF: 10.275

2023-01-01

IEEE Transactions on Smart Grid

Abstract:The smart grid benefits and suffers from smart meter data. Proper use of massive data can improve energy services but may raise privacy concerns. For example, user energy consumption profiling, a classic method, can identify energy consumption patterns based on the collected load profiles from users. Thus, the privacy of these individual load profiles needs to be protected. However, most of the existing works focus on data transmission and calculation privacy, and often require additional computation, communication, or platform construction costs. In contrast, noise-injection-based data source privacy-protecting works can avoid such additional costs and provide theoretical differential privacy (DP) guarantee. This paper theoretically analyzes noise-injection-based user profiling mechanisms in terms of both privacy protection and accuracy. Specifically, we establish the privacy-accuracy trade-off. We then propose an optimal user energy consumption pattern estimation method for heterogeneous noise-injection-based data. Finally, we design a valid information ratio-based pricing scheme for noisy data that is independent of downstream tasks and easy to implement. Numerical studies based on field data confirm the effectiveness of our theoretical results.

Qilong Han,Qianqian Chen,Kejia Zhang,Xiaojiang Du,Nadra Guizani

DOI: https://doi.org/10.48550/arXiv.1804.02052

2018-04-05

Cryptography and Security

Abstract:Collection of user's location and trajectory information that contains rich personal privacy in mobile social networks has become easier for attackers. Network traffic control is an important network system which can solve some security and privacy problems. In this paper, we consider a network traffic control system as a trusted third party and use differential privacy for protecting more personal trajectory data. We studied the influence of the high dimensionality and sparsity of trajectory data sets based on the availability of the published results. Based on similarity point aggregation reconstruction ideas and a prefix tree model, we proposed a hybrid publishing method of differential privacy spatiotemporal trajectory data sets APTB.