Abstract
Internet of Things (IoT) devices introduce unprecedented security challenges for protecting the privacy of users inside the home. Despite encrypting wireless communication traffic by standard security protocols (e.g., WPA2), an attacker near the smart home can still extract packet header information (e.g., MAC address, packet length) from the available unencrypted contents to make predictions about the user’s behavior. To prevent this severe breach on privacy, in this paper, we propose a bandwidth efficient defense method through the introduction of changing padding durations for traffic shaping to reduce the confidence of a nearby attacker in the LAN from identifying genuine user activities for WiFi-enabled IoT devices. From our performance evaluation, we decreased bandwidth usage by over 20% at low attacker confidence with our proposal compared to the conventional method of fixed padding.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Newman, P.: IoT report: how Internet of Things technology growth is reaching mainstream companies and consumers, January 2019. www.businessinsider.com/internet-of-things-report
Acar, A., Fereidooni, H., Abera, T., Sikder, A., Miettinen, M., Aksu, H., Conti, M., Sadeghi, A., Uluagac, A.: Peek-a-Boo: I see your smart home activities, even encrypted!, August 2018. arXiv preprint: arXiv:1808.02741
Srinivasan, V., Stankovic, J., Whitehouse, K.: Protecting your daily in-home activity information from a wireless snooping attack. In: ACM International Conference on Ubiquitous Computing, pp. 202–211, September 2008
Lars, N.: Connected medical devices, apps: are they leading the IoT revolution - or vice versa (2014). https://www.wired.com/insights/2014/06/connected-medical-devices-apps-leading-iot-revolution-vice-versa/
Kravets, D.: Sex toys and the internet of things collide - what could go wrong? (2016). https://arstechnica.com/tech-policy/2016/09/sex-toys-and-the-internet-of-things-collide-what-could-go-wrong/
Choe, E.K., Consolvo, S., Jung, J., Harrison, B., Kientz, J.A.: Living in a glass house: a survey of private moments in the home. In: ACM International Conference on Ubiquitous Computing, pp. 41–44, September 2011
Schiefer, M.: Smart home definition and security threats. In: International Conference on IT Security Incident Management & IT Forensics, pp. 114–118, May 2015
Xu, K., Wang, F., Jia, X.: Secure the Internet, one home at a time. Secur. Commun. Netw. 9(16), 3821–3832 (2016)
Frustaci, M., Pace, P., Aloi, G., Fortino, G.: Evaluating critical security issues of the IoT world: present and future challenges. IEEE Internet Things J. 5(4), 2483–2495 (2018)
Stellios, I., Kotzanikolaou, P., Psarakis, M., Alcaraz, C., Lopez, J.: A survey of IoT-enabled cyberattacks: assessing attack paths to critical infrastructures and services. IEEE Commun. Surv. Tutor. 20(4), 3453–3495 (2018)
Apthorpe, N., Reisman, D., Sundaresan, S., Narayanan, A., Feamster, N.: Spying on the smart home: privacy attacks and defenses on encrypted IoT traffic, August 2017. arXiv preprint: arXiv:1708.05044
Apthorpe, N., Huang, D., Reisman, D., Narayanan, A., Feamster, N.: Keeping the smart home private with smart(er) IoT traffic shaping, March 2019. arXiv preprint: arXiv:1812.00955
Apthorpe, N., Reisman, D., Feamster, N., Fereidooni, H.: Closing the blinds: four strategies for protecting smart home privacy from network observers, May 2017. arXiv preprint: arXiv:1705.06809
Park, H., Basaran, C., Park, T., Son, S.H.: Energy-efficient privacy protection for smart home environments using behavioral semantics. Sens. (Basel) 14(9), 16235–16257 (2014)
Miettinen, M., Sadeghi, A., Marchal, S., Asokan, N., Hafeez, I., Tarkoma, S.: IoT SENTINEL: automated device-type identification for security enforcement in IoT. In: IEEE International Conference on Distributed Computing Systems (ICDCS), pp. 2177–2184, June 2017
Vanhoef, M., Matte, C., Cunche, M., Cardoso, L., Piessens, F.: Why MAC address randomization is not enough: an analysis of wi-fi network discovery mechanisms. In: ASIA Conference on Computer and Communications Security, pp. 413–424, May 2016
hostapd (2019). https://w1.fi/hostapd/
Wireshark (2019). https://www.wireshark.org
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Dziubinski, K., Bandai, M. (2020). Your Neighbor Knows What You’re Doing: Defending Smart Home IoT Device Traffic from Privacy LAN Attacks. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds) Web, Artificial Intelligence and Network Applications. WAINA 2020. Advances in Intelligent Systems and Computing, vol 1150. Springer, Cham. https://doi.org/10.1007/978-3-030-44038-1_48
Download citation
DOI: https://doi.org/10.1007/978-3-030-44038-1_48
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44037-4
Online ISBN: 978-3-030-44038-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)