IoT Inspector: Crowdsourcing Labeled Network Traffic from Smart Home Devices at Scale

The proliferation of smart home devices has created new opportunities for empirical research in ubiquitous computing, ranging from security and privacy to personal health. Yet, data from smart home deployments are hard to come by, and existing empirical studies of smart home devices typically involve only a small number of devices in lab settings. To contribute to data-driven smart home research, we crowdsource the largest known dataset of labeled network traffic from smart home devices from within real-world home networks. To do so, we developed and released IoT Inspector, an open-source tool that allows users to observe the traffic from smart home devices on their own home networks. Since April 2019, 4,322 users have installed IoT Inspector, allowing us to collect labeled network traffic from 44,956 smart home devices across 13 categories and 53 vendors. We demonstrate how this data enables new research into smart homes through two case studies focused on security and privacy. First, we find that many device vendors use outdated TLS versions and advertise weak ciphers. Second, we discover about 350 distinct third-party advertiser and tracking domains on smart TVs. We also highlight other research areas, such as network management and healthcare, that can take advantage of IoT Inspector's dataset. To facilitate future reproducible research in smart homes, we will release the IoT Inspector data to the public.

[1]  Nick Sullivan,et al.  The Security Impact of HTTPS Interception , 2017, NDSS.

[2]  Andrei Popov,et al.  Prohibiting RC4 Cipher Suites , 2015, RFC.

[3]  Martin May,et al.  Probe and Pray: Using UPnP for Home Network Measurements , 2012, PAM.

[4]  Rebecca E. Grinter,et al.  Why is my internet slow?: making network speeds visible , 2011, CHI.

[5]  Qiang Li,et al.  Acquisitional Rule-based Engine for Discovering Internet-of-Thing Devices , 2018, USENIX Security Symposium.

[6]  Narseo Vallina-Rodriguez,et al.  Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem , 2018, NDSS.

[7]  Yuval Elovici,et al.  Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection , 2018, NDSS.

[8]  Nick Feamster,et al.  Security and Privacy Analyses of Internet of Things Children’s Toys , 2019, IEEE Internet of Things Journal.

[9]  Mohammad Mannan,et al.  Playing With Danger: A Taxonomy and Evaluation of Threats to Smart Toys , 2019, IEEE Internet of Things Journal.

[10]  Fei-Fei Li,et al.  ImageNet: A large-scale hierarchical image database , 2009, 2009 IEEE Conference on Computer Vision and Pattern Recognition.

[11]  David A. Cooper,et al.  Guidelines for the selection, configuration, and use of Transport Layer Security (TLS) implementations , 2005 .

[12]  Arvind Narayanan,et al.  Online Tracking: A 1-million-site Measurement and Analysis , 2016, CCS.

[13]  Nick Feamster,et al.  Enhancing Transparency: Internet Video Quality Inference from Network Traffic , 2018 .

[14]  Nick Feamster,et al.  Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping , 2018, Proc. Priv. Enhancing Technol..

[15]  Shwetak N. Patel,et al.  Making Sense of Sleep Sensors: How Sleep Sensing Technologies Support and Undermine Sleep Health , 2017, CHI.

[16]  Nick Feamster,et al.  Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices , 2019, CCS.

[17]  Ahmad-Reza Sadeghi,et al.  IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT , 2016, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[18]  Yuval Elovici,et al.  ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis , 2017, SAC.

[19]  Nick Feamster,et al.  BISmark: A Testbed for Deploying Measurements and Applications in Broadband Access Networks , 2014, USENIX ATC.

[20]  Bodo Möller,et al.  This POODLE Bites: Exploiting The SSL 3.0 Fallback , 2014 .

[21]  Boris Nechaev,et al.  Experiences from Netalyzr with engaging users in end-system measurement , 2011, W-MUST '11.

[22]  Nick Feamster,et al.  Cleartext Data Transmissions in Consumer IoT Medical Devices , 2017, IoT S&P@CCS.

[23]  Stefan Feuerriegel,et al.  Improving heart rate variability measurements from consumer smartwatches with machine learning , 2019, UbiComp/ISWC Adjunct.

[24]  Boris Nechaev,et al.  Netalyzr: illuminating the edge network , 2010, IMC '10.

[25]  Rajarshi Gupta,et al.  All Things Considered: An Analysis of IoT Devices on Home Networks , 2019, USENIX Security Symposium.

[26]  Sean Carlisto de Alvarenga,et al.  A survey of intrusion detection in Internet of Things , 2017, J. Netw. Comput. Appl..

[27]  Franck Le,et al.  DeviceMien: network device behavior modeling for identifying unknown IoT devices , 2019, IoTDI.

[28]  Omar Alrawi,et al.  SoK: Security Evaluation of Home-Based IoT Deployments , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[29]  Narseo Vallina-Rodriguez,et al.  Studying TLS Usage in Android Apps , 2018, ANRW.

[30]  Nick Feamster,et al.  Peeking behind the NAT: an empirical study of home networks , 2013, Internet Measurement Conference.

[31]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[32]  G. Priyanka Reddy,et al.  Message Queuing Telemetry Transport , 2017 .

[33]  Catherine Rosenberg,et al.  Measuring Home Networks with HomeNet Profiler , 2013, PAM.

[34]  Nick Feamster,et al.  Web-based Attacks to Discover and Control Local IoT Devices , 2018, IoT S&P@SIGCOMM.