HomeSnitch: behavior transparency and control for smart home IoT devices

The widespread adoption of smart home IoT devices has led to a broad and heterogeneous market with flawed security designs and privacy concerns. While the quality of IoT device software is unlikely to be fixed soon, there is great potential for a network-based solution that helps protect and inform consumers. Unfortunately, the encrypted and proprietary protocols used by devices limit the value of traditional network-based monitoring techniques. In this paper, we present HomeSnitch, a building block for enhancing smart home transparency and control by classifying IoT device communication by semantic behavior (e.g., heartbeat, firmware check, motion detection). HomeSnitch ignores payload content (which is often encrypted) and instead identifies behaviors using features of connection-oriented application data unit exchanges, which represent application-layer dialog between clients and servers. We evaluate HomeSnitch against an independent labeled corpus of IoT device network flows and correctly detect over 99% of behaviors. We further deployed HomeSnitch in a home environment and empirically evaluated its ability to correctly classify known behaviors as well as discover new behaviors. Through these efforts, we demonstrate the utility of network-level services to classify behaviors of and enforce control on smart home devices.

[1]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[2]  Ramjee Prasad,et al.  Identity Management Framework towards Internet of Things (IoT): Roadmap and Key Challenges , 2010, CNSA.

[3]  Wei Zhang,et al.  HoMonit: Monitoring Smart Home Apps from Encrypted Traffic , 2018, CCS.

[4]  Erich M. Nahum,et al.  ksniffer: Determining the Remote Client Perceived Response Time from Live Packet Streams , 2004, OSDI.

[5]  Kevin Jeffay,et al.  Modeling and generating TCP application workloads , 2007, 2007 Fourth International Conference on Broadband Communications, Networks and Systems (BROADNETS '07).

[6]  Tsutomu Matsumoto,et al.  IoTPOT: Analysing the Rise of IoT Compromises , 2015, WOOT.

[7]  Omar Alrawi,et al.  SoK: Security Evaluation of Home-Based IoT Deployments , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[8]  William Enck,et al.  PivotWall: SDN-Based Information Flow Control , 2018, SOSR.

[9]  Mauro Conti,et al.  Peek-a-boo: i see your smart home activities, even encrypted! , 2018, WISEC.

[10]  Qi Alfred Chen,et al.  ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms , 2017, NDSS.

[11]  William Enck,et al.  Blinded and confused: uncovering systemic flaws in device telemetry for smart-home internet of things , 2019, WiSec.

[12]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[13]  Srinivasan Seshan,et al.  Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things , 2015, HotNets.

[14]  Indrajit Ray,et al.  Behavioral Fingerprinting of IoT Devices , 2018, ASHES@CCS.

[15]  Saifur Rahman,et al.  Deploying IoT devices to make buildings smart: Performance evaluation and deployment experience , 2016, 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT).

[16]  Kevin Jeffay,et al.  Passive, Streaming Inference of TCP Connection Structure for Network Server Management , 2009, TMA.

[17]  Michalis Faloutsos,et al.  Internet traffic classification demystified: myths, caveats, and the best practices , 2008, CoNEXT '08.

[18]  Antonio Pescapè,et al.  Issues and future directions in traffic classification , 2012, IEEE Network.

[19]  Christian Esteve Rothenberg,et al.  Mininet-WiFi: Emulating software-defined wireless networks , 2015, 2015 11th International Conference on Network and Service Management (CNSM).

[20]  Ahmad-Reza Sadeghi,et al.  IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT , 2016, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[21]  Sasu Tarkoma,et al.  IOTURVA: Securing Device-to-Device (D2D) Communication in IoT Networks , 2017, CHANTS@MOBICOM.

[22]  Vijay Sivaraman,et al.  Characterizing and classifying IoT traffic in smart cities and campuses , 2017, 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[23]  Ahmad-Reza Sadeghi,et al.  DÏoT: A Crowdsourced Self-learning Approach for Detecting Compromised IoT Devices , 2018, ArXiv.

[24]  Jiyun Lee,et al.  Trigger-Action Programming in the Wild: An Analysis of 200,000 IFTTT Recipes , 2016, CHI.

[25]  Jason Nieh,et al.  Understanding the management of client perceived response time , 2006, SIGMETRICS '06/Performance '06.

[26]  Roksana Boreli,et al.  Smart-Phones Attacking Smart-Homes , 2016, WISEC.

[27]  Ahmad-Reza Sadeghi,et al.  Invited: Things, trouble, trust: On building trust in IoT systems , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[28]  Ian Molloy,et al.  IDIoT: Securing the Internet of Things like it's 1994 , 2017, ArXiv.

[29]  Hans-Peter Kriegel,et al.  A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise , 1996, KDD.

[30]  Sebastian Zander,et al.  A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification , 2006, CCRV.