PingPong: Packet-Level Signatures for Smart Home Device Events

Smart home devices are vulnerable to passive inference attacks based on network traffic, even in the presence of encryption. In this paper, we present PINGPONG, a tool that can automatically extract packet-level signatures for device events (e.g., light bulb turning ON/OFF) from network traffic. We evaluated PINGPONG on popular smart home devices ranging from smart plugs and thermostats to cameras, voice-activated devices, and smart TVs. We were able to: (1) automatically extract previously unknown signatures that consist of simple sequences of packet lengths and directions; (2) use those signatures to detect the devices or specific events with an average recall of more than 97%; (3) show that the signatures are unique among hundreds of millions of packets of real world network traffic; (4) show that our methodology is also applicable to publicly available datasets; and (5) demonstrate its robustness in different settings: events triggered by local and remote smartphones, as well as by homeautomation systems.

[1]  Tadayoshi Kohno,et al.  Devices That Tell on You: Privacy Trends in Consumer Ubiquitous Computing , 2007, USENIX Security Symposium.

[2]  Mauro Conti,et al.  Peek-a-boo: i see your smart home activities, even encrypted! , 2018, WISEC.

[3]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.

[4]  Nick Feamster,et al.  Closing the Blinds: Four Strategies for Protecting Smart Home Privacy from Network Observers , 2017, ArXiv.

[5]  Nick Feamster,et al.  Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic , 2017, ArXiv.

[6]  Hamed Haddadi,et al.  Information Exposure From Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach , 2019, Internet Measurement Conference.

[7]  William Enck,et al.  HomeSnitch: behavior transparency and control for smart home IoT devices , 2019, WiSec.

[8]  Shwetak N. Patel,et al.  Experimental Security Analyses of Non-Networked Compact Fluorescent Lamps: A Case Study of Home Automation Security , 2013, LASER.

[9]  Hans-Peter Kriegel,et al.  A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise , 1996, KDD.

[10]  H. Vincent Poor,et al.  BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid , 2018, USENIX Security Symposium.

[11]  Nick Feamster,et al.  Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping , 2018, Proc. Priv. Enhancing Technol..

[12]  Charles V. Wright,et al.  Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? , 2007, USENIX Security Symposium.

[13]  Xiapu Luo,et al.  HTTPOS: Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows , 2011, NDSS.

[14]  Vijay Sivaraman,et al.  Classifying IoT Devices in Smart Environments Using Network Traffic Characteristics , 2019, IEEE Transactions on Mobile Computing.

[15]  Dongsu Han,et al.  SGX-Box: Enabling Visibility on Encrypted Traffic using a Secure Middlebox Module , 2017, APNet.

[16]  Xiang Cai,et al.  CS-BuFLO: A Congestion Sensitive Website Fingerprinting Defense , 2014, WPES.

[17]  Jaime Lloret,et al.  Network Traffic Classifier With Convolutional and Recurrent Neural Networks for Internet of Things , 2017, IEEE Access.

[18]  Brian Neil Levine,et al.  Inferring the source of encrypted HTTP connections , 2006, CCS '06.

[19]  Thomas Ristenpart,et al.  Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail , 2012, 2012 IEEE Symposium on Security and Privacy.

[20]  Charles V. Wright,et al.  Uncovering Spoken Phrases in Encrypted Voice over IP Conversations , 2010, TSEC.

[21]  Tao Wang,et al.  A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses , 2014, CCS.

[22]  Nick Feamster,et al.  Machine Learning DDoS Detection for Consumer Internet of Things Devices , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[23]  Grenville J. Armitage,et al.  A survey of techniques for internet traffic classification using machine learning , 2008, IEEE Communications Surveys & Tutorials.

[24]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[25]  Wei Zhang,et al.  HoMonit: Monitoring Smart Home Apps from Encrypted Traffic , 2018, CCS.

[26]  Rui Wang,et al.  Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow , 2010, 2010 IEEE Symposium on Security and Privacy.

[27]  Tao Wang,et al.  Effective Attacks and Provable Defenses for Website Fingerprinting , 2014, USENIX Security Symposium.

[28]  George Danezis,et al.  k-fingerprinting: A Robust Scalable Website Fingerprinting Technique , 2015, USENIX Security Symposium.

[29]  Omar Alrawi,et al.  SoK: Security Evaluation of Home-Based IoT Deployments , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[30]  Brijesh Joshi,et al.  Touching from a distance: website fingerprinting attacks and defenses , 2012, CCS.

[31]  Mun Choon Chan,et al.  Website Fingerprinting and Identification Using Ordered Feature Sequences , 2010, ESORICS.

[32]  Blake Anderson,et al.  Identifying Encrypted Malware Traffic with Contextual Flow Data , 2016, AISec@CCS.

[33]  Karl N. Levitt,et al.  Is Anybody Home? Inferring Activity From Smart Home Network Traffic , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[34]  Klaus Wehrle,et al.  Website Fingerprinting at Internet Scale , 2016, NDSS.

[35]  Erik Tews,et al.  A privacy protection system for HbbTV in Smart TVs , 2014, 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC).

[36]  Nick Feamster,et al.  Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces , 2010, NSDI.

[37]  Antônio J. Pinheiro,et al.  Packet Padding for Improving Privacy in Consumer IoT , 2018, 2018 IEEE Symposium on Computers and Communications (ISCC).

[38]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[39]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[40]  Blase Ur,et al.  The Current State of Access Control for Smart Devices in Homes , 2013 .

[41]  Hannes Federrath,et al.  Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier , 2009, CCSW '09.

[42]  Gary Steri,et al.  Privacy leakages in Smart Home wireless technologies , 2014, 2014 International Carnahan Conference on Security Technology (ICCST).

[43]  Vijay Sivaraman,et al.  Characterizing and classifying IoT traffic in smart cities and campuses , 2017, 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[44]  Tadayoshi Kohno,et al.  Computer security and the modern home , 2013, CACM.

[45]  Thomas Engel,et al.  Website fingerprinting in onion routing based anonymization networks , 2011, WPES.

[46]  Sylvia Ratnasamy,et al.  BlindBox: Deep Packet Inspection over Encrypted Traffic , 2015, SIGCOMM.

[47]  Zhi-Li Zhang,et al.  Unveiling core network-wide communication patterns through application traffic activity graph decomposition , 2009, SIGMETRICS '09.

[48]  Nick Feamster,et al.  A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic , 2017, ArXiv.

[49]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[50]  David D. Jensen,et al.  Privacy Vulnerabilities in Encrypted HTTP Streams , 2005, Privacy Enhancing Technologies.