More Like this

1. Safeguarding User-Centric Privacy in Smart Homes

   https://doi.org/10.1145/3701726  

   Yu, Keyang; Li, Qi; Chen, Dong; Hu, Liting (November 2024, ACM Transactions on Internet Technology)

   Internet of Things (IoT) devices have been increasingly deployed in smart homes to automatically monitor and control their environments. Unfortunately, extensive recent research has shown that on-path external adversaries can infer and further fingerprint people’s sensitive private information by analyzing IoT network traffic traces. In addition, most recent approaches that aim to defend against these malicious IoT traffic analytics cannot adequately protect user privacy with reasonable traffic overhead. In particular, these approaches often did not consider practical traffic reshaping limitations, user daily routine permitting, and user privacy protection preference in their design. To address these issues, we design a new low-cost, open source user-centric defense system—PrivacyGuard—that enables people to regain the privacy leakage control of their IoT devices while still permitting sophisticated IoT data analytics that is necessary for smart home automation. In essence, our approach employs intelligent deep convolutional generative adversarial network assisted IoT device traffic signature learning, long short-term memory based artificial traffic signature injection, and partial traffic reshaping to obfuscate private information that can be observed in IoT device traffic traces. We evaluate PrivacyGuard using IoT network traffic traces of 31 IoT devices from five smart homes and buildings. We find that PrivacyGuard can effectively prevent a wide range of state-of-the-art adversarial machine learning and deep learning based user in-home activity inference and fingerprinting attacks and help users achieve the balance between their IoT data utility and privacy preserving. 

   more » « less
2. A Haystack Full of Needles: Scalable Detection of IoT Devices in the Wild

   https://doi.org/10.1145/3419394.3423650  

   Saidi, Said Jawad; Mandalari, Anna Maria; Kolcun, Roman; Haddadi, Hamed; Dubois, Daniel J.; Choffnes, David; Smaragdakis, Georgios; Feldmann, Anja (October 2020, IMC '20: Proceedings of the ACM Internet Measurement Conference)

   null (Ed.)

   Consumer Internet of Things (IoT) devices are extremely popular, providing users with rich and diverse functionalities, from voice assistants to home appliances. These functionalities often come with significant privacy and security risks, with notable recent large-scale coordinated global attacks disrupting large service providers. Thus, an important first step to address these risks is to know what IoT devices are where in a network. While some limited solutions exist, a key question is whether device discovery can be done by Internet service providers that only see sampled flow statistics. In particular, it is challenging for an ISP to efficiently and effectively track and trace activity from IoT devices deployed by its millions of subscribers---all with sampled network data. In this paper, we develop and evaluate a scalable methodology to accurately detect and monitor IoT devices at subscriber lines with limited, highly sampled data in-the-wild. Our findings indicate that millions of IoT devices are detectable and identifiable within hours, both at a major ISP as well as an IXP, using passive, sparsely sampled network flow headers. Our methodology is able to detect devices from more than 77% of the studied IoT manufacturers, including popular devices such as smart speakers. While our methodology is effective for providing network analytics, it also highlights significant privacy consequences. 

   more » « less
3. How Can Equitable Peering be Achieved Between ISPs and Content Providers?

   https://doi.org/10.1109/ICCCN58024.2023.10230173  

   Nikkhah, Ali; Jordan, Scott (July 2023, IEEE)

   Disagreements between Internet Service Providers (ISPs) and content providers over peering fees have risen to the level of potential government regulation. ISPs assert that content providers should pay peering fees based on the volume of downstream traffic. Content providers assert that consumers pay ISPs to transmit the content they request, and thus peering agreements should be settlement-free. We determine the fair peering fee between an ISP and a transit provider or content provider. We first consider cost sharing between an ISP and a transit provider. We derive the peering fee that equalizes their net backbone transportation costs. We illustrate how the peering fee depends on the traffic ratio and the amount of localization of that content. We then derive the peering fee between an ISP and a content provider that results in the same net cost to the ISP, and illustrate how the peering fee depends on the number of interconnection points and the amount of localization. We use these results to dispense with the ISP argument that they should be paid regardless of the amount of localization of content. 

   more » « less
4. What a SHAME: Smart Assistant Voice Command Fingerprinting Utilizing Deep Learning

   https://doi.org/10.1145/3463676.3485615  

   Hyland, Jack; Schneggenburger, Conrad; Lim, Nick; Ruud, Jake; Mathews, Nate; Wright, Matthew (November 2021, Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society)

   It is estimated that by the year 2024, the total number of systems equipped with voice assistant software will exceed 8.4 billion devices globally. While these devices provide convenience to consumers, they suffer from a myriad of security issues. This paper highlights the serious privacy threats exposed by information leakage in a smart assistant's encrypted network traffic metadata. To investigate this issue, we have collected a new dataset composed of dynamic and static commands posed to an Amazon Echo Dot using data collection and cleaning scripts we developed. Furthermore, we propose the Smart Home Assistant Malicious Ensemble model (SHAME) as the new state-of-the-art Voice Command Fingerprinting classifier. When evaluated against several datasets, our attack correctly classifies encrypted voice commands with up to 99.81% accuracy on Google Home traffic and 95.2% accuracy on Amazon Echo Dot traffic. These findings show that security measures must be taken to stop internet service providers, nation-states, and network eavesdroppers from monitoring our intimate conversations. 

   more » « less
5. IoTMosaic: Inferring User Activities from IoT Network Traffic in Smart Homes

   https://doi.org/10.1109/INFOCOM48880.2022.9796908  

   Wan, Yinxin; Xu, Kuai; Wang, Feng; Xue, Guoliang (May 2022, IEEE INFOCOM2022)

   Recent advances in cyber-physical systems, artificial intelligence, and cloud computing have driven the wide deployments of Internet-of-things (IoT) in smart homes. As IoT devices often directly interact with the users and environments, this paper studies if and how we could explore the collective insights from multiple heterogeneous IoT devices to infer user activities for home safety monitoring and assisted living. Specifically, we develop a new system, namely IoTMosaic, to first profile diverse user activities with distinct IoT device event sequences, which are extracted from smart home network traffic based on their TCP/IP data packet signatures. Given the challenges of missing and out-of-order IoT device events due to device malfunctions or varying network and system latencies, IoTMosaic further develops simple yet effective approximate matching algorithms to identify user activities from real-world IoT network traffic. Our experimental results on thousands of user activities in the smart home environment over two months show that our proposed algorithms can infer different user activities from IoT network traffic in smart homes with the overall accuracy, precision, and recall of 0.99, 0.99, and 1.00, respectively. 

   more » « less