skip to main content
10.1145/3412382.3458257acmconferencesArticle/Chapter ViewAbstractPublication PagescpsweekConference Proceedingsconference-collections
research-article

PrivacyGuard: Enhancing Smart Home User Privacy

Published: 20 May 2021 Publication History

Abstract

The Internet of Things (IoT) devices have been increasingly deployed in smart homes and smart buildings to monitor and control their environments. The Internet traffic data produced by these IoT devices are collected by Internet Service Providers (ISPs) and IoT device manufacturers, and often shared with third-parties to maintain and enhance user services. Unfortunately, extensive recent research has shown that on-path adversaries can infer and fingerprint users' sensitive privacy information such as occupancy and user in-home activities by analyzing IoT network traffic traces. Most recent approaches that aim at defending against these malicious IoT traffic analytics can not sufficiently protect user privacy with reasonable traffic overhead. In particular, many approaches did not consider practical limitations, e.g., network bandwidth, maximum package injection rate or actual user in-home behavior in their design.
To address this problem, we design a new low-cost, open-source user "tunable" defense system---PrivacyGuard that enables users to significantly reduce the private information leaked through IoT device network traffic data, while still permitting sophisticated data analytics or control that is necessary in smart home management. In essence, our approach employs intelligent deep convolutional generative adversarial networks (DCGANs)-based IoT device traffic signature learning, long short-term memory (LSTM)-based artificial traffic signature injection, and partial traffic reshaping to obfuscate private information that can be observed in IoT device traffic traces. We evaluate PrivacyGuard using IoT network traffic traces of 31 IoT devices from 5 smart homes. We find that PrivacyGuard can effectively prevent a wide range of state-of-the-art machine learning-based and deep learning-based occupancy and other 9 user in-home activity detection attacks. We release the source code and datasets of PrivacyGuard to IoT research community.

References

[1]
2020. Ostinato: Packet Generator and Network Traffic Generator. https://ostinato.org/.
[2]
2021. PrivacyGuard. https://github.com/cyber-physical-systems/PrivacyGuard.
[3]
Martín Abadi, Paul Barham, Jianmin Chen, Zhifeng Chen, Andy Davis, Jeffrey Dean, Matthieu Devin, Sanjay Ghemawat, Geoffrey Irving, Michael Isard, et al. 2016. Tensorflow: A system for large-scale machine learning. In 12th {USENIX} symposium on operating systems design and implementation ({OSDI} 16). 265--283.
[4]
Josephine Akosa. [n.d.]. Predictive accuracy: a misleading performance measure for highly imbalanced data.
[5]
Noah Apthorpe, Danny Yuxing Huang, Dillon Reisman, Arvind Narayanan, and Nick Feamster. 2019. Keeping the smart home private with smart (er) iot traffic shaping. Proceedings on Privacy Enhancing Technologies 2019, 3 (2019), 128--148.
[6]
Phuthipong Bovornkeeratiroj, Srinivasan Iyengar, Stephen Lee, David Irwin, and Prashant Shenoy. 2020. RepEL: A Utility-preserving Privacy System for IoT-based Energy Meters. In 2020 IEEE/ACM Fifth International Conference on Internet-of-Things Design and Implementation (IoTDI). IEEE, 79--91.
[7]
T. Brewster. 2017. Now Those, Privacy Rules Are Gone, This Is How ISPs Will Actually Sell Your Personal Data. https://www.forbes.com/sites/thomasbrewster/2017/03/30/fcc-privacy-rules-how-isps-will-actually-sell-your-data/.
[8]
Xiang Cai, Rishab Nithyanand, Tao Wang, Rob Johnson, and Ian Goldberg. 2014. A systematic approach to developing and evaluating websitefingerprinting defenses. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 227--238.
[9]
Dong Chen, David Irwin, Prashant Shenoy, and Jeannie Albrecht. 2014. Combined heat and privacy: Preventing occupancy detection from smart meters. In 2014 IEEE International Conference on Pervasive Computing and Communications. 208--215.
[10]
CKA [n.d.]. Cohen's Kappa. https://en.wikipedia.org/wiki/Cohen%27s_kappa.
[11]
Trisha Datta, Noah Apthorpe, and Nick Feamster. 2018. A developer-friendly library for smart home iot privacy-preserving traffic obfuscation. In Proceedings of the 2018 Workshop on IoT Security and Privacy. ACM, 43--48.
[12]
Wenbo Ding and Hongxin Hu. 2018. On the Safety of IoT Device Physical Interaction Control. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (Toronto, Canada) (CCS '18). 832--846.
[13]
Kevin P Dyer, Scott E Coull, Thomas Ristenpart, and Thomas Shrimpton. 2012. Peek-a-boo, i still see you: Why efficient traffic analysis countermeasures fail. In 2012 IEEE symposium on security and privacy. IEEE, 332--346.
[14]
Md Kamrul Hasan, Husne Ara Rubaiyeat, Yong-Koo Lee, and Sungyoung Lee. 2008. A reconfigurable HMM for activity recognition. In 2008 10th International Conference on Advanced Communication Technology, Vol. 1. IEEE, 843--846.
[15]
Marc Juarez, Mohsen Imani, Mike Perry, Claudia Diaz, and Matthew Wright. 2016. Toward an efficient website fingerprinting defense. In European Symposium on Research in Computer Security. Springer, 27--46.
[16]
Sean Kennedy, Haipeng Li, Chenggang Wang, Hao Liu, Boyang Wang, and Wenhai Sun. 2019. I can hear your alexa: Voice command fingerprinting on smart home speakers. In 2019 IEEE Conference on Communications and Network Security (CNS). IEEE, 232--240.
[17]
Nikhil Ketkar. 2017. Introduction to keras. In Deep learning with Python. Springer, 97--111.
[18]
Jinyang Li, Zhenyu Li, Gareth Tyson, X Gaogang, et al. 2020. Your Privilege Gives Your Privacy Away: An Analysis of a Home Security Camera Service. In IEEE INFOCOM 2020-IEEE Conference on Computer Communications. IEEE.
[19]
Nicole Lindsey. 2019. Smart Devices Leaking Data to Tech Giants Raises New IoT Privacy Issues. https://www.cpomagazine.com/data-privacy/smart-devices-leaking-data-to-tech-giants-raises-new-iot-privacy-issues/.
[20]
Jianqing Liu, Chi Zhang, and Yuguang Fang. 2018. Epic: A differential privacy framework to defend smart homes against internet traffic analysis. IEEE Internet of Things Journal 5, 2 (2018), 1206--1217.
[21]
mcc [n.d.]. Matthews Correlation Coefficient. https://en.wikipedia.org/wiki/Matthews%_correlation%_coefficient.
[22]
Mirimir. 2018. Collection of User Data by ISPs and Telecom Providers, and Sharing with Third Parties. https://www.ivpn.net/blog/collection-of-user-data-by-isps-and-telecom-providers-and-sharing-with-third-parties.
[23]
mozilla 2019. ISPs Lied to Congress to Spread Confusion about Encrypted DNS, Mozilla says. https://arstechnica.com/tech-policy/2019/11/isps-lied-to-congress-to-spread-confusion-about-encrypted-dns-mozilla-says/.
[24]
Rishab Nithyanand, Xiang Cai, and Rob Johnson. 2014. Glove: A bespoke website fingerprinting defense. In Proceedings of the 13th Workshop on Privacy in the Electronic Society. ACM, 131--134.
[25]
Homin Park, Can Basaran, Taejoon Park, and Sang Hyuk Son. 2014. Energy-efficient privacy protection for smart home environments using behavioral semantics. Sensors 14, 9 (2014), 16235--16257.
[26]
pcc [n.d.]. Pearson Correlation Coefficient. https://en.wikipedia.org/wiki/Pearson_correlation_coeicient.
[27]
Stjepan Picek, Annelie Heuser, Alan Jovic, Shivam Bhasin, and Francesco Regazzoni. 2018. The curse of class imbalance and conflicting metrics with machine learning for side-channel evaluations. (2018).
[28]
Alec Radford, Luke Metz, and Soumith Chintala. 2015. Unsupervised representation learning with deep convolutional generative adversarial networks. arXiv preprint arXiv:1511.06434 (2015).
[29]
Vasanthan Raghavan, Greg Ver Steeg, Aram Galstyan, and Alexander G Tartakovsky. 2013. Coupled hidden markov models for user activity in social networks. In 2013 IEEE International Conference on Multimedia and Expo Workshops.
[30]
Vasanthan Raghavan, Greg Ver Steeg, Aram Galstyan, and Alexander G Tartakovsky. 2014. Modeling temporal activity patterns in dynamic social networks. IEEE Transactions on Computational Social Systems 1, 1 (2014), 89--107.
[31]
Karsten Rothmeier, Nicolas Pflanzl, Joschka Hüllmann, and Mike Preuss. 2020. Prediction of Player Churn and Disengagement Based on User Activity Data of a Freemium Online Strategy Game. IEEE Transactions on Games (2020).
[32]
Vitaly Shmatikov and Ming-Hsiu Wang. 2006. Timing analysis in low-latency mix networks: Attacks and defenses. In European Symposium on Research in Computer Security. Springer, 18--33.
[33]
Arunan Sivanathan, Hassan Habibi Gharakheili, Franco Loi, Adam Radford, Chamith Wijenayake, Arun Vishwanath, and Vijay Sivaraman. 2018. Classifying IoT Devices in Smart Environments Using Network Traffic Characteristics. IEEE Transactions on Mobile Computing (2018).
[34]
srcc [n.d.]. Spearman's Rank Correlation Coefficient. https://en.wikipedia.org/wiki/Spearman%27s_rank_correlation_coefficient.
[35]
Statista. 2016. Internet of Things Connected Devices Installed base Worldwide from 2015 to 2025 (in billions). https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/.
[36]
vgg [n.d.]. Very Deep Convolutional Networks for Large-Scale Visual Recognition. https://www.robots.ox.ac.uk/~vgg/research/very_deep/.
[37]
Tao Wang, Xiang Cai, Rishab Nithyanand, Rob Johnson, and Ian Goldberg. 2014. Effective attacks and provable defenses for website fingerprinting. In 23rd USENIX Security Symposium (USENIX Security 14). 143--157.
[38]
Tao Wang and Ian Goldberg. 2016. On realistically attacking for with website fingerprinting. Proceedings on Privacy Enhancing Technologies 4 (2016), 21--36.
[39]
Tao Wang and Ian Goldberg. 2017. Walkie-talkie: An efficient defense against passive website fingerprinting attacks. In 26th USENIX Security Symposium. 1375--1390.
[40]
Wei Wang, Mehul Motani, and Vikram Srinivasan. 2008. Dependent link padding algorithms for low latency anonymity systems. In Proceedings of the 15th ACM conference on Computer and communications security. 323--332.
[41]
WeiWang, Mehul Motani, and Vikram Srinivasan. 2008. Dependent Link Padding Algorithms for Low Latency Anonymity Systems. In Proceedings of the 15th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA) (CCS '08). 323--332.

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
IPSN '21: Proceedings of the 20th International Conference on Information Processing in Sensor Networks (co-located with CPS-IoT Week 2021)
May 2021
423 pages
ISBN:9781450380980
DOI:10.1145/3412382
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 May 2021

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Deep Learning
  2. IoT privacy
  3. Machine Learning
  4. Smart Home

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Funding Sources

  • Cyber Florida Collaborative Seed Program

Conference

IPSN '21
Sponsor:

Acceptance Rates

Overall Acceptance Rate 143 of 593 submissions, 24%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)94
  • Downloads (Last 6 weeks)5
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)PACAS: A Privacy-Aware Smart Camera System2024 IEEE Cloud Summit10.1109/Cloud-Summit61220.2024.00035(170-177)Online publication date: 27-Jun-2024
  • (2024)A Transcendental Number-Based Random Insertion Method for Privacy ProtectionAdvances in Information and Communication10.1007/978-3-031-54053-0_42(637-649)Online publication date: 17-Mar-2024
  • (2023)Data Instrumentation From IoT Network Traffic as Support for Security ManagementIEEE Transactions on Network and Service Management10.1109/TNSM.2022.323367320:2(1392-1404)Online publication date: 1-Jun-2023
  • (2022)A Dynamic Method to Protect User Privacy Against Traffic-based Attacks on Smart Home2022 IEEE Latin-American Conference on Communications (LATINCOM)10.1109/LATINCOM56090.2022.10000503(1-6)Online publication date: 30-Nov-2022
  • (2022)A Survey of Traffic Obfuscation Technology for Smart Home2022 International Wireless Communications and Mobile Computing (IWCMC)10.1109/IWCMC55113.2022.9825227(997-1002)Online publication date: 30-May-2022
  • (2022)TrafficSpy: Disaggregating VPN-encrypted IoT Network Traffic for User Privacy Inference2022 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS56114.2022.9947251(145-153)Online publication date: 3-Oct-2022

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media