Fingerprinting the Smart Home: Detection of Smart Assistants Based on Network Activity

Hashemi, Arshan

01 December 2018

As the concept of the Smart Home is being embraced globally, IoT devices such as the Amazon Echo, Google Home, and Nest Thermostat are becoming a part of more and more households. In the data-driven world we live in today, internet service providers (ISPs) and companies are collecting large amounts of data and using it to learn about their customers. As a result, it is becoming increasingly important to understand what information ISPs are capable of collecting. IoT devices in particular exhibit distinct behavior patterns and specific functionality which make them especially likely to reveal sensitive information. Collection of this data provides valuable information and can have some serious privacy implications. In this work I present an approach to fingerprinting IoT devices behind private networks while only examining last-mile internet traffic . Not only does this attack only rely on traffic that would be available to an ISP, it does not require changes to existing infrastructure. Further, it does not rely on packet contents, and therefore works despite encryption. Using a database of 64 million packets logged over 15 weeks I was able to train machine learning models to classify the Amazon Echo Dot, Amazon Echo Show, Eufy Genie, and Google Home consistently. This approach combines unsupervised and supervised learning and achieves a precision of 99.95\%, equating to one false positive per 2,000 predictions. Finally, I discuss the implication of identifying devices within a home.

IoT

Smart Assistants

Machine Learning

Fingerprinting

IoT Privacy

IoT Security

Internet-of-Things Privacy in WiFi Networks: Side-Channel Leakage and Mitigations

Alyami, Mnassar

01 January 2024

WiFi networks are susceptible to statistical traffic analysis attacks. Despite encryption, the metadata of encrypted traffic, such as packet inter-arrival time and size, remains visible. This visibility allows potential eavesdroppers to infer private information in the Internet of Things (IoT) environment. For example, it allows for the identification of sleep monitors and the inference of whether a user is awake or asleep. WiFi eavesdropping theoretically enables the identification of IoT devices without the need to join the victim's network. This attack scenario is more realistic and much harder to defend against, thus posing a real threat to user privacy. However, researchers have not thoroughly investigated this type of attack due to the noisy nature of wireless channels and the relatively low accuracy of WiFi sniffers. Furthermore, many countermeasures proposed in the literature are inefficient in addressing side-channel leakage in WiFi networks. They often burden internet traffic with high data overhead and disrupt the user experience by introducing deliberate delays in packet transmission. This dissertation investigates privacy leakage resulting from WiFi eavesdropping and proposes efficient defensive techniques. We begin by assessing the practical feasibility of IoT device identification in WiFi networks. We demonstrate how an eavesdropper can fingerprint IoT devices by passively monitoring the wireless channel without joining the network. After exploring this privacy attack, we introduce a traffic spoofing-based defense within the WiFi channel to protect against such threats. Additionally, we propose a more data-efficient obfuscation technique to counter traffic analytics based on packet size without adding unnecessary noise to the traffic.

IoT Privacy

Device Fingerprinting

Eavesdropping

Digital Communications and Networking

Security and Privacy Concerns for IoTAdoption : A User Perspective

Mazvimba, Dennis

January 2022

The Internet of Things (IoT) is one of the most rapidly evolving technologies aroundthe globe that has changed the way people live due to the benefits that comes with itsadoption. However, they have been associated with privacy and security risks. Witha focus on technical mechanisms and a lack of attention to consumer concerns over along time, it is unsurprising that manufacturers lack an understanding of consumersecurity and privacy concerns. While there has been significant empirical researchwarranting consumer concerns, their perceptions remain afoot.The purpose of this study is to understand the consumer privacy and securityperceptions associated with adoption of IoT devices within a smart home. Without an understanding of the consumer perceptions on privacy and security issues, manu-facturers may not address these issues which may hinder the adoption of IoT. While a significant number of studies have shown the privacy and security issues surrounding IoT devices, they have only extended to technical issues, mostly from the manufac-turer’s perspective. Since security is a complex issue involving several stakeholders, these studies cannot be applied from a consumer perspective.In this study we adopt an interpretive philosophical orientation and a qualitativeapproach. In depth interviews are used to collect data from smart homeowners,investigating their perceptions of smart home privacy issues. We have identified threesignificant recurring themes that need to be addressed: ethical and regulatory issues,information control and ownership, and technology design issues.

IoT security concerns

IoT privacy concerns

smart-home privacy

Internet-of Things adoption

Information Systems, Social aspects