The Dark (and Bright) Side of IoT: Attacks and Countermeasures for Identifying Smart Home Devices and Services

Ahmed Mohamed Hussain*, Gabriele Oligeri, Thiemo Voigt

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Citations (Scopus)

Abstract

We present a new machine learning-based attack that exploits network patterns to detect the presence of smart IoT devices and running services in the WiFi radio spectrum. We perform an extensive measurement campaign of data collection, and we build up a model describing the traffic patterns characterizing three popular IoT smart home devices, i.e., Google Nest Mini, Amazon Echo, and Amazon Echo Dot. We prove that it is possible to detect and identify with overwhelming probability their presence and the services running by the aforementioned devices in a crowded WiFi scenario. This work proves that standard encryption techniques alone are not sufficient to protect the privacy of the end-user, since the network traffic itself exposes the presence of both the device and the associated service. While more work is required to prevent non-trusted third parties to detect and identify the user’s devices, we introduce Eclipse, a technique to mitigate these types of attacks, which reshapes the traffic making the identification of the devices and the associated services similar to the random classification baseline.

Original languageEnglish
Title of host publicationSpaCCS 2020 International Workshops, 2020, Proceedings
EditorsGuojun Wang, Bing Chen, Wei Li, Roberto Di Pietro, Xuefeng Yan, Hao Han
PublisherSpringer Science and Business Media Deutschland GmbH
Pages122-136
Number of pages15
ISBN (Print)9783030688837
DOIs
Publication statusPublished - 2021
Event13th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage, SpaCCS 2020 - Nanjing, China
Duration: 18 Dec 202020 Dec 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12383 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference13th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage, SpaCCS 2020
Country/TerritoryChina
CityNanjing
Period18/12/2020/12/20

Keywords

  • Cyberphysical systems
  • Internet of Things
  • Machine learning
  • Privacy
  • Security

Fingerprint

Dive into the research topics of 'The Dark (and Bright) Side of IoT: Attacks and Countermeasures for Identifying Smart Home Devices and Services'. Together they form a unique fingerprint.

Cite this