SniffMislead: Non-Intrusive Privacy Protection against Wireless Packet Sniffers in Smart Homes

With the booming deployment of smart homes, concerns about user privacy keep growing. Recent research has shown that encrypted wireless traffic of IoT devices can be exploited by packet-sniffing attacks to reveal users’ privacy-sensitive information (e.g., the time when residents leave their home and go to work), which may be used to launch further attacks (e.g., a break-in). To address the growing concerns, we propose SniffMislead, a non-intrusive (i.e., without modifying IoT devices, hubs, or platforms) privacy-protecting approach, based on packet injection, against wireless packet sniffers. Instead of randomly injecting packets, which is ineffective against a smarter attacker, SniffMislead proposes the notion of phantom users, “people” who do not exist in the physical world. From an attacker’s perspective, however, they are perceived as real users. SniffMislead places multiple phantom users in a smart home, which can effectively prevent an attacker from inferring useful information. We design a top-down approach to synthesize phantom users’ behaviors, construct the sequence of decoy device events and commands, and then inject corresponding packets into the home. We show how SniffMislead ensures logical integrity and contextual consistency of injected packets, as well as how it makes a phantom user indistinguishable from a real user. Our evaluation results from a smart home testbed demonstrate that SniffMislead significantly reduces an attacker’s privacy-inferring capabilities, bringing the accuracy from 94.8% down to 3.5%.

[1]  Andrea Zanella,et al.  Best Practice in RSS Measurements and Ranging , 2016, IEEE Communications Surveys & Tutorials.

[2]  Trent Jaeger,et al.  A Survey on Sensor-based Threats to Internet-of-Things (IoT) Devices and Applications , 2018, ArXiv.

[3]  Nick Feamster,et al.  A Developer-Friendly Library for Smart Home IoT Privacy-Preserving Traffic Obfuscation , 2018, IoT S&P@SIGCOMM.

[4]  Patrick D. McDaniel,et al.  Sensitive Information Tracking in Commodity IoT , 2018, USENIX Security Symposium.

[5]  Nick Feamster,et al.  Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping , 2018, Proc. Priv. Enhancing Technol..

[6]  Nick Feamster,et al.  Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic , 2017, ArXiv.

[7]  Qian Zhang,et al.  Proximity based IoT device authentication , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[8]  Xiaojiang Du,et al.  Cross-App Interference Threats in Smart Homes: Categorization, Detection and Handling , 2018, 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[9]  Amit Kumar Sikder,et al.  6thSense: A Context-aware Sensor-based Attack Detector for Smart Devices , 2017, USENIX Security Symposium.

[10]  Nirmalya Roy,et al.  Tracking and Behavior Augmented Activity Recognition for Multiple Inhabitants , 2021, IEEE Transactions on Mobile Computing.

[11]  Atul Prakash,et al.  FlowFence: Practical Data Protection for Emerging IoT Application Frameworks , 2016, USENIX Security Symposium.

[12]  William Enck,et al.  HomeSnitch: behavior transparency and control for smart home IoT devices , 2019, WiSec.

[13]  Michel Vacher,et al.  SVM-Based Multimodal Classification of Activities of Daily Living in Health Smart Homes: Sensors, Algorithms, and First Experimental Results , 2010, IEEE Transactions on Information Technology in Biomedicine.

[14]  Amit Kumar Sikder,et al.  IoTDots: A Digital Forensics Framework for Smart Environments , 2018, ArXiv.

[15]  Kamin Whitehouse,et al.  Protecting your daily in-home activity information from a wireless snooping attack , 2008, UbiComp.

[16]  Jaime Lloret,et al.  Network Traffic Classifier With Convolutional and Recurrent Neural Networks for Internet of Things , 2017, IEEE Access.

[17]  Athina Markopoulou,et al.  Packet-Level Signatures for Smart Home Devices , 2020, NDSS.

[18]  Nick Feamster,et al.  Closing the Blinds: Four Strategies for Protecting Smart Home Privacy from Network Observers , 2017, ArXiv.

[19]  Tadayoshi Kohno,et al.  Computer security and the modern home , 2013, CACM.

[20]  Yuval Elovici,et al.  ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis , 2017, SAC.

[21]  Mauro Conti,et al.  Peek-a-boo: i see your smart home activities, even encrypted! , 2018, WISEC.

[22]  Jiwon Choi,et al.  Detecting and Identifying Faulty IoT Devices in Smart Home with Context Extraction , 2018, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[23]  Amrita Roy Chowdhury,et al.  Data Privacy in Trigger-Action Systems , 2021, 2021 IEEE Symposium on Security and Privacy (SP).

[24]  Lawrence B. Holder,et al.  Discovering Activities to Recognize and Track in a Smart Environment , 2011, IEEE Transactions on Knowledge and Data Engineering.

[25]  Sayandeep Sen,et al.  Demultiplexing activities of daily living in IoT enabled smarthomes , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[26]  Anand D. Sarwate,et al.  Defending Against Packet-Size Side-Channel Attacks in Iot Networks , 2018, 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[27]  Tamer Nadeem,et al.  Extreme SDN Framework for IoT and Mobile Applications Flexible Privacy at the Edge , 2019, 2019 IEEE International Conference on Pervasive Computing and Communications (PerCom.

[28]  Atul Prakash,et al.  Decentralized Action Integrity for Trigger-Action IoT Platforms , 2018, NDSS.

[29]  Wei Zhang,et al.  HoMonit: Monitoring Smart Home Apps from Encrypted Traffic , 2018, CCS.

[30]  Hamed Haddadi,et al.  Information Exposure From Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach , 2019, Internet Measurement Conference.

[31]  Yuan Tian,et al.  SmartAuth: User-Centered Authorization for the Internet of Things , 2017, USENIX Security Symposium.

[32]  Mauro Conti,et al.  AppScanner: Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[33]  Robert Tibshirani,et al.  Estimating the number of clusters in a data set via the gap statistic , 2000 .

[34]  Antônio J. Pinheiro,et al.  Packet Padding for Improving Privacy in Consumer IoT , 2018, 2018 IEEE Symposium on Computers and Communications (ISCC).

[35]  Jiwon Choi,et al.  FACT: Functionality-centric Access Control System for IoT Programming Frameworks , 2017, SACMAT.

[36]  Jukka Riekki,et al.  Semantic Reasoning for Context-Aware Internet of Things Applications , 2016, IEEE Internet of Things Journal.

[37]  Xueqi Fan,et al.  Security Analysis of Zigbee , 2017 .

[38]  Mohsen Guizani,et al.  Privacy Leakage in Smart Homes and Its Mitigation: IFTTT as a Case Study , 2018, 2018 IEEE 37th International Performance Computing and Communications Conference (IPCCC).

[39]  Abdulsalam Yassine,et al.  Mining Human Activity Patterns From Smart Home Big Data for Health Care Applications , 2017, IEEE Access.

[40]  Hae Young Noh,et al.  Do You Feel What I Hear? Enabling Autonomous IoT Device Pairing Using Different Sensor Types , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[41]  Omar Alrawi,et al.  SoK: Security Evaluation of Home-Based IoT Deployments , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[42]  Jorge Lobo,et al.  Enforcement of Autonomous Authorizations in Collaborative Distributed Query Evaluation , 2015, IEEE Transactions on Knowledge and Data Engineering.

[43]  Kim-Kwang Raymond Choo,et al.  An Ensemble Intrusion Detection Technique Based on Proposed Statistical Flow Features for Protecting Network Traffic of Internet of Things , 2019, IEEE Internet of Things Journal.

[44]  Qi Alfred Chen,et al.  ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms , 2017, NDSS.

[45]  Nick Feamster,et al.  A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic , 2017, ArXiv.

[46]  Patrick D. McDaniel,et al.  IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT , 2019, NDSS.

[47]  Qiang Zeng,et al.  PFirewall: Semantics-Aware Customizable Data Flow Control for Smart Home Privacy Protection , 2021, NDSS.

[48]  Merve Astekin,et al.  Provenance aware run‐time verification of things for self‐healing Internet of Things applications , 2019, Concurr. Comput. Pract. Exp..

[49]  Hongxin Hu,et al.  On the Safety of IoT Device Physical Interaction Control , 2018, CCS.

[50]  Frédéric Le Mouël,et al.  A survey of IoT protocols and their security issues through the lens of a generic IoT stack , 2020, Internet Things.

[51]  Iván Pau,et al.  A Context-Aware System Infrastructure for Monitoring Activities of Daily Living in Smart Home , 2016, J. Sensors.

[52]  Vijay Sivaraman,et al.  Characterizing and classifying IoT traffic in smart cities and campuses , 2017, 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[53]  Frank Piessens,et al.  Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms , 2016, AsiaCCS.

[54]  Chunhua Su,et al.  Enhancing Trust Management for Wireless Intrusion Detection via Traffic Sampling in the Era of Big Data , 2018, IEEE Access.

[55]  Mustafizur R. Shahid,et al.  IoT Devices Recognition Through Network Traffic Analysis , 2018, 2018 IEEE International Conference on Big Data (Big Data).

[56]  Andrew J. Viterbi,et al.  Error bounds for convolutional codes and an asymptotically optimum decoding algorithm , 1967, IEEE Trans. Inf. Theory.

[57]  Songhwai Oh,et al.  Human behavior prediction for smart homes using deep learning , 2013, 2013 IEEE RO-MAN.

[58]  Thomas Ristenpart,et al.  Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail , 2012, 2012 IEEE Symposium on Security and Privacy.

[59]  Kin K. Leung,et al.  A Survey of Indoor Localization Systems and Technologies , 2017, IEEE Communications Surveys & Tutorials.

[60]  Gwenn Englebienne,et al.  UvA-DARE ( Digital Academic Repository ) Activity recognition using semi-Markov models on real world smart home datasets , 2010 .

[61]  Karl N. Levitt,et al.  Is Anybody Home? Inferring Activity From Smart Home Network Traffic , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[62]  Xiaojiang Du,et al.  HAWatcher: Semantics-Aware Anomaly Detection for Appified Smart Homes , 2021, USENIX Security Symposium.

[63]  Li Yujian,et al.  A Normalized Levenshtein Distance Metric , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[64]  Musard Balliu,et al.  If This Then What?: Controlling Flows in IoT Apps , 2018, CCS.

[65]  Hubert Ritzdorf,et al.  TLS-N: Non-repudiation over TLS Enablign Ubiquitous Content Signing , 2018, NDSS.

[66]  Vijay Sivaraman,et al.  Classifying IoT Devices in Smart Environments Using Network Traffic Characteristics , 2019, IEEE Transactions on Mobile Computing.