Privacy Leakage in Smart Homes and Its Mitigation: IFTTT as a Case Study

The combination of smart home platforms and automation apps introduce many conveniences to smart home users. However, this also brings the potential of privacy leakage. If a smart home platform is permitted to collect all the events of a user day and night, then the platform will learn the behavior patterns of this user before long. In this paper, we investigate how IFTTT, one of the most popular smart home platforms, has the capability of monitoring the daily life of a user in a variety of ways that are hardly noticeable. Moreover, we propose multiple ideas for mitigating privacy leakages, which all together form a “Filter-and-Fuzz” (F&F) process: first, it filters out events unneeded by the IFTTT platform. Then, it fuzzifies the values and frequencies of the remaining events. We evaluate the F&F process and the results show that the proposed solution makes the IFTTT unable to recognize any of the user’s behavior patterns.

[1]  Qi Alfred Chen,et al.  ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms , 2017, NDSS.

[2]  Patrick D. McDaniel,et al.  Sensitive Information Tracking in Commodity IoT , 2018, USENIX Security Symposium.

[3]  Nick Feamster,et al.  A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic , 2017, ArXiv.

[4]  Xiaojiang Du,et al.  Security in wireless sensor networks , 2008, IEEE Wireless Communications.

[5]  Xiaojiang Du,et al.  Internet Protocol Television (IPTV): The Killer Application for the Next-Generation Internet , 2007, IEEE Communications Magazine.

[6]  Xiaojiang Du,et al.  PIPAC: Patient infusion pattern based access control scheme for wireless insulin pump system , 2013, 2013 Proceedings IEEE INFOCOM.

[7]  Ricardo Neisse,et al.  Security and privacy issues for an IoT based smart home , 2017, 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO).

[8]  Atul Prakash,et al.  Decentralized Action Integrity for Trigger-Action IoT Platforms , 2018, NDSS.

[9]  Kenji Yoshigoe,et al.  Overcoming invasion of privacy in smart home environment with synthetic packet injection , 2014, 2015 TRON Symposium (TRONSHOW).

[10]  Mohsen Guizani,et al.  MeDShare: Trust-Less Medical Data Sharing Among Cloud Service Providers via Blockchain , 2017, IEEE Access.

[11]  Nick Feamster,et al.  Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic , 2017, ArXiv.

[12]  Xiaojiang Du,et al.  Adaptive cell relay routing protocol for mobile ad hoc networks , 2006, IEEE Transactions on Vehicular Technology.

[13]  Zhipeng Cai,et al.  A Private and Efficient Mechanism for Data Uploading in Smart Cyber-Physical Systems , 2020, IEEE Transactions on Network Science and Engineering.

[14]  Arun Cyril Jose,et al.  Improving Smart Home Security: Integrating Logical Sensing Into Smart Home , 2017, IEEE Sensors Journal.

[15]  Jianhai Su,et al.  A Multiversion Programming Inspired Approach to Detecting Audio Adversarial Examples , 2018, 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[16]  Yi Liang,et al.  Deep Learning Based Inference of Private Information Using Embedded Sensors in Smart Devices , 2018, IEEE Network.

[17]  Praveen Gauravaram,et al.  Blockchain for IoT security and privacy: The case study of a smart home , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[18]  Xiaojiang Du,et al.  Designing efficient routing protocol for heterogeneous sensor networks , 2005, PCCC 2005. 24th IEEE International Performance, Computing, and Communications Conference, 2005..

[19]  Neil W. Bergmann,et al.  IoT Privacy and Security Challenges for Smart Home Environments , 2016, Inf..

[20]  Mohsen Guizani,et al.  Transactions papers a routing-driven Elliptic Curve Cryptography based key management scheme for Heterogeneous Sensor Networks , 2009, IEEE Transactions on Wireless Communications.

[21]  Andrey Brito,et al.  Defending against load monitoring in smart metering data through noise addition , 2015, SAC.

[22]  Yuan Tian,et al.  Understanding and Mitigating the Security Risks of Voice-Controlled Third-Party Skills on Amazon Alexa and Google Home , 2018, ArXiv.

[23]  Jie Wu,et al.  Effective Defense Schemes for Phishing Attacks on Mobile Computing Platforms , 2016, IEEE Transactions on Vehicular Technology.

[24]  Xiaojiang Du,et al.  A survey of key management schemes in wireless sensor networks , 2007, Comput. Commun..

[25]  Jiwon Choi,et al.  FACT: Functionality-centric Access Control System for IoT Programming Frameworks , 2017, SACMAT.

[26]  Xianbin Wang,et al.  Security and privacy considerations for Wireless Sensor Networks in smart home environments , 2012, Proceedings of the 2012 IEEE 16th International Conference on Computer Supported Cooperative Work in Design (CSCWD).

[27]  Jan-Michael Frahm,et al.  Watching the Watchers: Automatically Inferring TV Content From Outdoor Light Effusions , 2014, CCS.

[28]  Xiaojiang Du,et al.  Prometheus: Privacy-aware data retrieval on hybrid cloud , 2013, 2013 Proceedings IEEE INFOCOM.

[29]  Yuan Tian,et al.  SmartAuth: User-Centered Authorization for the Internet of Things , 2017, USENIX Security Symposium.

[30]  Fei Dai,et al.  Load balance and energy efficient data gathering in wireless sensor networks , 2008 .

[31]  Rodrigo Fonseca,et al.  Toward Usable Network Traffic Policies for IoT Devices in Consumer Networks , 2017, IoT S&P@CCS.

[32]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[33]  Roksana Boreli,et al.  Network-level security and privacy control for smart-home IoT devices , 2015, 2015 IEEE 11th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[34]  Anthony Brown,et al.  An Analysis of Home IoT Network Traffic and Behaviour , 2018, ArXiv.

[35]  Karl N. Levitt,et al.  Is Anybody Home? Inferring Activity From Smart Home Network Traffic , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[36]  Mohsen Guizani,et al.  A lightweight live memory forensic approach based on hardware virtualization , 2017, Information Sciences.

[37]  Mohsen Guizani,et al.  An effective key management scheme for heterogeneous sensor networks , 2007, Ad Hoc Networks.

[38]  Hyeong-Ah Choi,et al.  Securing smart home: Technologies, security challenges, and security requirements , 2014, 2014 IEEE Conference on Communications and Network Security.

[39]  Xiaojiang Du,et al.  QoS routing based on multi-class nodes for mobile ad hoc networks , 2004, Ad Hoc Networks.

[40]  Kire Trivodaliev,et al.  A review of Internet of Things for smart home: Challenges and solutions , 2017 .

[41]  Muhammad Awais,et al.  IoT based smart home: Security challenges, security requirements and solutions , 2017, 2017 23rd International Conference on Automation and Computing (ICAC).

[42]  Mohsen Guizani,et al.  LPTD: Achieving Lightweight and Privacy-Preserving Truth Discovery in CIoT , 2018, Future Gener. Comput. Syst..