Private Memoirs of IoT Devices: Safeguarding User Privacy in the IoT Era

The rise of the Internet-of-Things (IoT) holds great promise to transform people's lives by making society more efficient in many areas, including energy, transportation, healthcare, commerce, manufacturing, etc. At their core, IoT devices use sensors to collect data on real-world physical processes and then transmit it over the Internet to cloud servers, which store, process, and learn from the data to better optimize these processes, either directly (by issuing remote commands that actuate IoT devices) or indirectly (by issuing notifications that direct users to take some action). Unfortunately, IoT devices also expose users to multiple new types of privacy attacks. In particular, the sensor data collected from IoT devices can indirectly reveal a variety of sensitive private information. In addition, users generally connect IoT devices to local networks, which they implicitly trust, with little understanding of what the IoT device is doing on the network. In this visionpaper, we discuss recent work on sensor data privacy in the context of smart energy systems to provide examples of i) the surprising types of private information we can glean from seemingly innocuous IoT data and ii) the different types of defenses we have developed to preserve IoT data privacy for smart energy systems. These defenses lie at different discrete points in the tradeoff between user privacy and IoT functionality, which motivates ongoing work on developing defenses that provide a more tunable tradeoff. We also discuss the privacy implications of connecting tens-to-hundreds of untrusted IoT devices to implicitly trusted local networks, and avenues for research to mitigate these concerns.

[1]  Patrick D. McDaniel,et al.  Protecting consumer privacy from electric load monitoring , 2011, CCS '11.

[2]  Prashant J. Shenoy,et al.  Combined heat and privacy: Preventing occupancy detection from smart meters , 2014, 2014 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[3]  David Irwin,et al.  SunDance: Black-box Behind-the-Meter Solar Disaggregation , 2017, e-Energy.

[4]  Prashant J. Shenoy,et al.  SunSpot: Exposing the Location of Anonymous Solar-powered Homes , 2016, BuildSys@SenSys.

[5]  Silvia Santini,et al.  Occupancy Detection from Electricity Consumption Data , 2013, BuildSys@SenSys.

[6]  David E. Irwin,et al.  Weatherman: Exposing weather-based privacy threats in big energy data , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[7]  J. Zico Kolter,et al.  REDD : A Public Data Set for Energy Disaggregation Research , 2011 .

[8]  B. Matthews Comparison of the predicted and observed secondary structure of T4 phage lysozyme. , 1975, Biochimica et biophysica acta.

[9]  Yuan Qi,et al.  Minimizing private data disclosures in the smart grid , 2012, CCS '12.

[10]  Abhay Gupta,et al.  Is disaggregation the holy grail of energy efficiency? The case of electricity , 2013 .

[11]  Prashant J. Shenoy,et al.  Preventing Occupancy Detection From Smart Meters , 2015, IEEE Transactions on Smart Grid.

[12]  Prashant J. Shenoy,et al.  PowerPlay: creating virtual power meters through online load tracking , 2014, BuildSys@SenSys.

[13]  Jordan M. Malof,et al.  Automatic solar photovoltaic panel detection in satellite imagery , 2015, 2015 International Conference on Renewable Energy Research and Applications (ICRERA).

[14]  Prashant J. Shenoy,et al.  Private memoirs of a smart meter , 2010, BuildSys '10.

[15]  Prashant J. Shenoy,et al.  Non-Intrusive Occupancy Monitoring using Smart Meters , 2013, BuildSys@SenSys.

[16]  Prashant J. Shenoy,et al.  Designing Privacy-Preserving Smart Meters with Low-Cost Microcontrollers , 2012, Financial Cryptography.

[17]  G.W. Hart,et al.  Residential energy monitoring and computerized surveillance via utility power flows , 1989, IEEE Technology and Society Magazine.

[18]  Prashant J. Shenoy,et al.  Empirical characterization and modeling of electrical loads in smart homes , 2013, 2013 International Green Computing Conference Proceedings.