Privacy Leakage in Smart Homes and Its Mitigation: IFTTT as a Case Study

The combination of an appified smart home platform and third-party apps have enabled developers to contribute their novel ideas to bring more convenience to their users. However, this also brings the potential of privacy leakage. If a third-party app is permitted to monitor a user day and night, then it will learn the behavior pattern of this user before long. In this paper, we exploited how IFTTT monitors the daily life of a user in several ways that are hardly noticeable. We propose the “Specific-fuzzification” to protect the privacy of a user in two steps: filter the unnecessary events to the IFTTT, then fuzz the value of the events that must be uploaded. We evaluated the “Specific-fuzzification” on event records of seven users, the result showed comparing the original IFTTT, the modified IFTTT patched with “Specific-fuzzification” only gained rare events and thus could no longer recognize any behavior patterns of a user.

[1]  Kenji Yoshigoe,et al.  Overcoming invasion of privacy in smart home environment with synthetic packet injection , 2014, 2015 TRON Symposium (TRONSHOW).

[2]  Mohsen Guizani,et al.  MeDShare: Trust-Less Medical Data Sharing Among Cloud Service Providers via Blockchain , 2017, IEEE Access.

[3]  Xiaojiang Du,et al.  A survey of key management schemes in wireless sensor networks , 2007, Comput. Commun..

[4]  Nick Feamster,et al.  A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic , 2017, ArXiv.

[5]  Xiaojiang Du,et al.  Prometheus: Privacy-aware data retrieval on hybrid cloud , 2013, 2013 Proceedings IEEE INFOCOM.

[6]  Neil W. Bergmann,et al.  IoT Privacy and Security Challenges for Smart Home Environments , 2016, Inf..

[7]  Mohsen Guizani,et al.  Transactions papers a routing-driven Elliptic Curve Cryptography based key management scheme for Heterogeneous Sensor Networks , 2009, IEEE Transactions on Wireless Communications.

[8]  Mohsen Guizani,et al.  A lightweight live memory forensic approach based on hardware virtualization , 2017, Information Sciences.

[9]  Xiaojiang Du,et al.  Security in wireless sensor networks , 2008, IEEE Wireless Communications.

[10]  Ricardo Neisse,et al.  Security and privacy issues for an IoT based smart home , 2017, 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO).

[11]  Praveen Gauravaram,et al.  Blockchain for IoT security and privacy: The case study of a smart home , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[12]  Yuan Tian,et al.  SmartAuth: User-Centered Authorization for the Internet of Things , 2017, USENIX Security Symposium.

[13]  Jiwon Choi,et al.  FACT: Functionality-centric Access Control System for IoT Programming Frameworks , 2017, SACMAT.

[14]  Patrick D. McDaniel,et al.  Sensitive Information Tracking in Commodity IoT , 2018, USENIX Security Symposium.

[15]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[16]  Xiaojiang Du,et al.  QoS routing based on multi-class nodes for mobile ad hoc networks , 2004, Ad Hoc Networks.

[17]  Xiaojiang Du,et al.  Internet Protocol Television (IPTV): The Killer Application for the Next-Generation Internet , 2007, IEEE Communications Magazine.

[18]  Xiaojiang Du,et al.  PIPAC: Patient infusion pattern based access control scheme for wireless insulin pump system , 2013, 2013 Proceedings IEEE INFOCOM.

[19]  Jie Wu,et al.  Effective Defense Schemes for Phishing Attacks on Mobile Computing Platforms , 2016, IEEE Transactions on Vehicular Technology.

[20]  Mohsen Guizani,et al.  An effective key management scheme for heterogeneous sensor networks , 2007, Ad Hoc Networks.

[21]  Hyeong-Ah Choi,et al.  Securing smart home: Technologies, security challenges, and security requirements , 2014, 2014 IEEE Conference on Communications and Network Security.

[22]  Roksana Boreli,et al.  Network-level security and privacy control for smart-home IoT devices , 2015, 2015 IEEE 11th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[23]  Yi Liang,et al.  Deep Learning Based Inference of Private Information Using Embedded Sensors in Smart Devices , 2018, IEEE Network.

[24]  Kire Trivodaliev,et al.  A review of Internet of Things for smart home: Challenges and solutions , 2017 .

[25]  Xianbin Wang,et al.  Security and privacy considerations for Wireless Sensor Networks in smart home environments , 2012, Proceedings of the 2012 IEEE 16th International Conference on Computer Supported Cooperative Work in Design (CSCWD).

[26]  Nick Feamster,et al.  Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic , 2017, ArXiv.

[27]  Xiaojiang Du,et al.  Adaptive cell relay routing protocol for mobile ad hoc networks , 2006, IEEE Transactions on Vehicular Technology.

[28]  Zhipeng Cai,et al.  A Private and Efficient Mechanism for Data Uploading in Smart Cyber-Physical Systems , 2020, IEEE Transactions on Network Science and Engineering.

[29]  Fei Dai,et al.  Load balance and energy efficient data gathering in wireless sensor networks , 2008 .

[30]  Arun Cyril Jose,et al.  Improving Smart Home Security: Integrating Logical Sensing Into Smart Home , 2017, IEEE Sensors Journal.

[31]  Jianhai Su,et al.  A Multiversion Programming Inspired Approach to Detecting Audio Adversarial Examples , 2018, 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[32]  Xiaojiang Du,et al.  Designing efficient routing protocol for heterogeneous sensor networks , 2005, PCCC 2005. 24th IEEE International Performance, Computing, and Communications Conference, 2005..

[33]  Muhammad Awais,et al.  IoT based smart home: Security challenges, security requirements and solutions , 2017, 2017 23rd International Conference on Automation and Computing (ICAC).

[34]  Qi Alfred Chen,et al.  ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms , 2017, NDSS.