PrivacyGuard: Enhancing Smart Home User Privacy

The Internet of Things (IoT) devices have been increasingly deployed in smart homes and smart buildings to monitor and control their environments. The Internet traffic data produced by these IoT devices are collected by Internet Service Providers (ISPs) and IoT device manufacturers, and often shared with third-parties to maintain and enhance user services. Unfortunately, extensive recent research has shown that on-path adversaries can infer and fingerprint users' sensitive privacy information such as occupancy and user in-home activities by analyzing IoT network traffic traces. Most recent approaches that aim at defending against these malicious IoT traffic analytics can not sufficiently protect user privacy with reasonable traffic overhead. In particular, many approaches did not consider practical limitations, e.g., network bandwidth, maximum package injection rate or actual user in-home behavior in their design. To address this problem, we design a new low-cost, open-source user "tunable" defense system---PrivacyGuard that enables users to significantly reduce the private information leaked through IoT device network traffic data, while still permitting sophisticated data analytics or control that is necessary in smart home management. In essence, our approach employs intelligent deep convolutional generative adversarial networks (DCGANs)-based IoT device traffic signature learning, long short-term memory (LSTM)-based artificial traffic signature injection, and partial traffic reshaping to obfuscate private information that can be observed in IoT device traffic traces. We evaluate PrivacyGuard using IoT network traffic traces of 31 IoT devices from 5 smart homes. We find that PrivacyGuard can effectively prevent a wide range of state-of-the-art machine learning-based and deep learning-based occupancy and other 9 user in-home activity detection attacks. We release the source code and datasets of PrivacyGuard to IoT research community.

[1]  Prashant Shenoy,et al.  RepEL: A Utility-Preserving Privacy System for IoT-Based Energy Meters , 2020, 2020 IEEE/ACM Fifth International Conference on Internet-of-Things Design and Implementation (IoTDI).

[2]  Vijay Sivaraman,et al.  Classifying IoT Devices in Smart Environments Using Network Traffic Characteristics , 2019, IEEE Transactions on Mobile Computing.

[3]  Vasanthan Raghavan,et al.  Modeling Temporal Activity Patterns in Dynamic Social Networks , 2013, IEEE Transactions on Computational Social Systems.

[4]  Thomas Ristenpart,et al.  Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail , 2012, 2012 IEEE Symposium on Security and Privacy.

[5]  Sungyoung Lee,et al.  A Reconfigurable HMM for Activity Recognition , 2008, 2008 10th International Conference on Advanced Communication Technology.

[6]  Hongxin Hu,et al.  On the Safety of IoT Device Physical Interaction Control , 2018, CCS.

[7]  Sang Hyuk Son,et al.  Energy-Efficient Privacy Protection for Smart Home Environments Using Behavioral Semantics , 2014, Sensors.

[8]  Nikhil Ketkar,et al.  Introduction to Keras , 2017 .

[9]  Tao Wang,et al.  A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses , 2014, CCS.

[10]  Annelie Heuser,et al.  The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations , 2018, IACR Cryptol. ePrint Arch..

[11]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[12]  Wei Wang,et al.  Dependent link padding algorithms for low latency anonymity systems , 2008, CCS.

[13]  Karsten Rothmeier,et al.  Prediction of Player Churn and Disengagement Based on User Activity Data of a Freemium Online Strategy Game , 2020, IEEE Transactions on Games.

[14]  Soumith Chintala,et al.  Unsupervised Representation Learning with Deep Convolutional Generative Adversarial Networks , 2015, ICLR.

[15]  Jinyang Li,et al.  Your Privilege Gives Your Privacy Away: An Analysis of a Home Security Camera Service , 2020, IEEE INFOCOM 2020 - IEEE Conference on Computer Communications.

[16]  Yuan Yu,et al.  TensorFlow: A system for large-scale machine learning , 2016, OSDI.

[17]  Tao Wang,et al.  On Realistically Attacking Tor with Website Fingerprinting , 2016, Proc. Priv. Enhancing Technol..

[18]  Vasanthan Raghavan,et al.  Coupled hidden markov models for user activity in social networks , 2013, 2013 IEEE International Conference on Multimedia and Expo Workshops (ICMEW).

[19]  A. Culyer Spearman’s rank correlation coefficient , 2014, BMJ : British Medical Journal.

[20]  Xiang Cai,et al.  Glove: A Bespoke Website Fingerprinting Defense , 2014, WPES.

[21]  Vitaly Shmatikov,et al.  Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses , 2006, ESORICS.

[22]  Nick Feamster,et al.  Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping , 2018, Proc. Priv. Enhancing Technol..

[23]  Nick Feamster,et al.  A Developer-Friendly Library for Smart Home IoT Privacy-Preserving Traffic Obfuscation , 2018, IoT S&P@SIGCOMM.

[24]  Prashant J. Shenoy,et al.  Combined heat and privacy: Preventing occupancy detection from smart meters , 2014, 2014 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[25]  Josephine Sarpong Akosa,et al.  Predictive Accuracy : A Misleading Performance Measure for Highly Imbalanced Data , 2017 .