A probability based hybrid energy-efficient privacy preserving scheme to encounter with wireless traffic snooping in smart home

Application of pervasive computing devices in smart homes are rising sharply and due to this matter, demands for efficient privacy protection are increasing urgently. Possibility of interference in wireless networks is proved by previous work. Adversaries can discover contextual information because of traffic monitoring and classifying transmitters based on their radio fingerprints while data packets are encrypted or content is not important for attackers. To conceal communication patterns various approaches have been investigated. They are mainly based on injection of dummy packets into the network traffic and adding delay to transmission time. In this paper, we introduce a hybrid energy-efficient privacy preserving scheme for generating and sending dummy packets through a decision-making algorithm which works based on probability to maximize confusion of attacker in clarifying the real pattern of network traffi

Side channel attacks on smart home systems: A short overview

This paper provides an overview on side-channel attacks with emphasis on vulnerabilities in the smart home. Smart homes are enabled by the latest developments in sensors, communication technologies, internet protocols, and cloud services. The goal of a smart home is to have smart household devices collaborate without involvement of residents to deliver the variety of services needed for a higher quality of life. However, security and privacy challenges of smart homes have to be overcome in order to fully realize the smart home. Side channel attacks assume data is always leaking, and leakage of data from a smart home reveals sensitive information. This paper starts by reviewing side-channel attack categories, then it gives an overview on recent attack studies on different layers of a smart home and their malicious goals

IoTBeholder: A Privacy Snooping Attack on User Habitual Behaviors from Smart Home Wi-Fi Traffic

With the deployment of a growing number of smart home IoT devices, privacy leakage has become a growing concern. Prior work on privacy-invasive device localization, classification, and activity identification have proven the existence of various privacy leakage risks in smart home environments. However, they only demonstrate limited threats in real world due to many impractical assumptions, such as having privileged access to the user's home network. In this paper, we identify a new end-to-end attack surface using IoTBeholder, a system that performs device localization, classification, and user activity identification. IoTBeholder can be easily run and replicated on commercial off-the-shelf (COTS) devices such as mobile phones or personal computers, enabling attackers to infer user's habitual behaviors from smart home Wi-Fi traffic alone. We set up a testbed with 23 IoT devices for evaluation in the real world. The result shows that IoTBeholder has good device classification and device activity identification performance. In addition, IoTBeholder can infer the users' habitual behaviors and automation rules with high accuracy and interpretability. It can even accurately predict the users' future actions, highlighting a significant threat to user privacy that IoT vendors and users should highly concern

Privacy Mining from IoT-based Smart Homes

Recently, a wide range of smart devices are deployed in a variety of environments to improve the quality of human life. One of the important IoT-based applications is smart homes for healthcare, especially for elders. IoT-based smart homes enable elders' health to be properly monitored and taken care of. However, elders' privacy might be disclosed from smart homes due to non-fully protected network communication or other reasons. To demonstrate how serious this issue is, we introduce in this paper a Privacy Mining Approach (PMA) to mine privacy from smart homes by conducting a series of deductions and analyses on sensor datasets generated by smart homes. The experimental results demonstrate that PMA is able to deduce a global sensor topology for a smart home and disclose elders' privacy in terms of their house layouts.Comment: This paper, which has 11 pages and 7 figures, has been accepted BWCCA 2018 on 13th August 201

Cleartext Data Transmissions in Consumer IoT Medical Devices

This paper introduces a method to capture network traffic from medical IoT devices and automatically detect cleartext information that may reveal sensitive medical conditions and behaviors. The research follows a three-step approach involving traffic collection, cleartext detection, and metadata analysis. We analyze four popular consumer medical IoT devices, including one smart medical device that leaks sensitive health information in cleartext. We also present a traffic capture and analysis system that seamlessly integrates with a home network and offers a user-friendly interface for consumers to monitor and visualize data transmissions of IoT devices in their homes.Comment: 6 pages, 5 figure

Preventing Computer Identity theft

The arrival of the information age has created new challenges to the ability of individuals to protect the security and privacy of their personal information. One such challenge is that of identity theft, which has caused a number of hardships upon its victims. Perpetrators of this fraud may use identities of others to obtain loans, steal money, and violate the law. This paper will discuss the characteristics of the offenders and victims of identity theft. A systematic approach for preventing identity theft will also be presented with the hopes of curtailing this epidemic

Home-Based Intrusion Detection System

Wireless network security has an important role in our daily lives. It has received significant attention, although wireless communication is facing different security threats. Some security efforts have been applied to overcome wireless attacks. Unfortunately, complete attack prevention is not accurately achievable. Intrusion Detection System (IDS) is an additional field of computer security. It is concerned with software that can distinguish between legitimate users and malicious users of a computer system and make a controlled response when an attack is detected. The project proposed to develop IDS technology on the windows platform. The IDS adopted misuse detection, which is based on signature recognition. The main objective of this proposal is to detect any network vulnerabilities and threats that concern home-based attacks or intrusion. There are five steps in our methodology: The first step is to create awareness of the problem by understanding the purpose and scope of the learning, as well as the problem, which are necessary to be solved. The second step is to make suggestion that the intrusion detection system is protecting the network of the homes. The third step is to develop signature by establishing a set of rule thorough processes for testing IDS. The fourth step is evaluating and testing the system that has been developed. This design used the sensor to find and match activity signatures found in the checked environment to the known signatures in the signature database. Finally, the conclusion in this phase showed the results of the study and the achievement of the objectives of the study. This IDS project will contribute to the efforts to protect users from the internal and external intruders

A systematic review of crime facilitated by the consumer Internet of Things

The nature of crime is changing — estimates suggest that at least half of all crime is now committed online. Once everyday objects (e.g. televisions, baby monitors, door locks) that are now internet connected, collectively referred to as the Internet of Things (IoT), have the potential to transform society, but this increase in connectivity may generate new crime opportunities. Here, we conducted a systematic review to inform understanding of these risks. We identify a number of high-level mechanisms through which offenders may exploit the consumer IoT including profiling, physical access control and the control of device audio/visual outputs. The types of crimes identified that could be facilitated by the IoT were wide ranging and included burglary, stalking, and sex crimes through to state level crimes including political subjugation. Our review suggests that the IoT presents substantial new opportunities for offending and intervention is needed now to prevent an IoT crime harvest