Poster: A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic
نویسندگان
چکیده
The increasing popularity of specialized Internetconnected devices and appliances, dubbed the Internet-of-Things (IoT), promises both new conveniences and new privacy concerns. Unlike traditional web browsers, many IoT devices have always-on sensors that constantly monitor fine-grained details of users’ physical environments and influence the devices’ network communications. Passive network observers, such as Internet service providers, could potentially analyze IoT network traffic to infer sensitive details about users. Here, we examine several commercially-available IoT smart home devices and find that their network traffic rates reveal potentially sensitive user interactions even when the traffic is encrypted. These results suggest technical approaches for protecting IoT device owner privacy and indicate that IoT-specific concerns must be considered in the ongoing policy debate around ISP data collection and usage.
منابع مشابه
A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic
The increasing popularity of specialized Internet-connected devices and appliances, dubbed the Internet-of-Things (IoT), promises both new conveniences and new privacy concerns. Unlike traditional web browsers, many IoT devices have al ways-on sensors that constantly monitor fine-grained details of users’ physical environments and influence the devices’ network communications. Passive network ...
متن کاملSpying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic
The growing market for smart home IoT devices promises new conveniences for consumers while presenting new challenges for preserving privacy within the home. Many smart home devices have always-on sensors that capture users’ offline activities in their living spaces and transmit information about these activities on the Internet. In this paper, we demonstrate that an ISP or other network observ...
متن کاملSPIN: a User-centric Security Extension for In-home Networks
We present our ongoing work on a system to curb the security risks that the Internet of Things (IoT) is widely expected to introduce in smart homes, such as exposing large numbers of vulnerable IoT devices that can be misused for massive DDoS attacks on core Internet systems. Our system for Security and Privacy for Inhome Networks (SPIN) extends a user’s home network with network-level function...
متن کاملClosing the Blinds: Four Strategies for Protecting Smart Home Privacy from Network Observers
The growing market for smart home IoT devices promises new conveniences for consumers while presenting novel challenges for preserving privacy within the home. Specifically, Internet service providers or neighborhood WiFi eavesdroppers can measure Internet traffic rates from smart home devices and infer consumers’ private in-home behaviors. Here we propose four strategies that device manufactur...
متن کاملPoster: A Set of Privacy Preserving Requirements For Smart Home Control System Mobile Apps
We propose a set of privacy preserving requirements based on our analysis of the AMX TPControl app for the Honda Smart Home. The Honda Smart Home contains controls and monitors designed to optimize energy use. Our study seeks to define privacy for the smart home app user, identify privacy requirements, while highlighting privacy vulnerabilities and ways to mitigate them. We focus on leaks that ...
متن کامل