With the emerging trend of smart IoT devices, providing and ensuring the privacy of the users'-devices interaction relationship is a must; risks such as identifying users' activities and detecting user behavior while at home or in the office. We present a new machine learning attack that exploits network patterns to detect the presence of smart IoT devices, and services generated by these devices in the Wi-Fi radio spectrum. This is considered a major problem when it comes to users' privacy since it allows malicious users to infer on the other users' activities. We perform an extensive measurement campaign for data collection. We build up a model describing the traffic patterns characterizing three popular IoT smart home devices, i.e., Google Nest, Google Chromecast, Amazon Echo, and Amazon Echo Dot. We prove that detecting and identifying with overwhelming probability the presence of the aforementioned devices in a crowded Wi-Fi scenario is possible. Finally, we introduce a mitigation technique to preserve the users' privacy in the network. This work proves that standard encryption techniques alone are not sufficient to protect the privacy of the end-user. In contrast, more work is required to prevent non-trusted third parties to detect and identify the users' devices.
| Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:uu-429112 |
| Date | January 2020 |
| Creators | Hussain, Ahmed |
| Publisher | Uppsala universitet, Datorteknik |
| Source Sets | DiVA Archive at Upsalla University |
| Language | English |
| Detected Language | English |
| Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
| Format | application/pdf |
| Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0024 seconds