Your Neighbor Knows What You're Doing: Defending Smart Home IoT Device Traffic from Privacy LAN Attacks

Internet of Things (IoT) devices introduce unprecedented security challenges for protecting the privacy of users inside the home. Despite encrypting wireless communication traffic by standard security protocols (e.g., WPA2), an attacker near the smart home can still extract packet header information (e.g., MAC address, packet length) from the available unencrypted contents to make predictions about the user’s behavior. To prevent this severe breach on privacy, in this paper, we propose a bandwidth efficient defense method through the introduction of changing padding durations for traffic shaping to reduce the confidence of a nearby attacker in the LAN from identifying genuine user activities for WiFi-enabled IoT devices. From our performance evaluation, we decreased bandwidth usage by over 20% at low attacker confidence with our proposal compared to the conventional method of fixed padding.

[1]  Sunny Consolvo,et al.  Living in a glass house: a survey of private moments in the home , 2011, UbiComp '11.

[2]  Sang Hyuk Son,et al.  Energy-Efficient Privacy Protection for Smart Home Environments Using Behavioral Semantics , 2014, Sensors.

[3]  Cristina Alcaraz,et al.  A Survey of IoT-Enabled Cyberattacks: Assessing Attack Paths to Critical Infrastructures and Services , 2018, IEEE Communications Surveys & Tutorials.

[4]  Ahmad-Reza Sadeghi,et al.  IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT , 2016, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[5]  Frank Piessens,et al.  Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms , 2016, AsiaCCS.

[6]  JiaXiaohua,et al.  Secure the Internet, one home at a time , 2016 .

[7]  Giancarlo Fortino,et al.  Evaluating Critical Security Issues of the IoT World: Present and Future Challenges , 2018, IEEE Internet of Things Journal.

[8]  Xiaohua Jia,et al.  Secure the Internet, one home at a time , 2016, Secur. Commun. Networks.

[9]  Nick Feamster,et al.  Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic , 2017, ArXiv.

[10]  Mauro Conti,et al.  Peek-a-boo: i see your smart home activities, even encrypted! , 2018, WISEC.

[11]  Nick Feamster,et al.  Closing the Blinds: Four Strategies for Protecting Smart Home Privacy from Network Observers , 2017, ArXiv.

[12]  Kamin Whitehouse,et al.  Protecting your daily in-home activity information from a wireless snooping attack , 2008, UbiComp.

[13]  Michael Schiefer Smart Home Definition and Security Threats , 2015, 2015 Ninth International Conference on IT Security Incident Management & IT Forensics.

[14]  Nick Feamster,et al.  Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping , 2018, Proc. Priv. Enhancing Technol..