431 research outputs found
A Developer-Friendly Library for Smart Home IoT Privacy-Preserving Traffic Obfuscation
The number and variety of Internet-connected devices have grown enormously in
the past few years, presenting new challenges to security and privacy. Research
has shown that network adversaries can use traffic rate metadata from consumer
IoT devices to infer sensitive user activities. Shaping traffic flows to fit
distributions independent of user activities can protect privacy, but this
approach has seen little adoption due to required developer effort and overhead
bandwidth costs. Here, we present a Python library for IoT developers to easily
integrate privacy-preserving traffic shaping into their products. The library
replaces standard networking functions with versions that automatically
obfuscate device traffic patterns through a combination of payload padding,
fragmentation, and randomized cover traffic. Our library successfully preserves
user privacy and requires approximately 4 KB/s overhead bandwidth for IoT
devices with low send rates or high latency tolerances. This overhead is
reasonable given normal Internet speeds in American homes and is an improvement
on the bandwidth requirements of existing solutions.Comment: 6 pages, 6 figure
Machine Learning DDoS Detection for Consumer Internet of Things Devices
An increasing number of Internet of Things (IoT) devices are connecting to
the Internet, yet many of these devices are fundamentally insecure, exposing
the Internet to a variety of attacks. Botnets such as Mirai have used insecure
consumer IoT devices to conduct distributed denial of service (DDoS) attacks on
critical Internet infrastructure. This motivates the development of new
techniques to automatically detect consumer IoT attack traffic. In this paper,
we demonstrate that using IoT-specific network behaviors (e.g. limited number
of endpoints and regular time intervals between packets) to inform feature
selection can result in high accuracy DDoS detection in IoT network traffic
with a variety of machine learning algorithms, including neural networks. These
results indicate that home gateway routers or other network middleboxes could
automatically detect local IoT device sources of DDoS attacks using low-cost
machine learning algorithms and traffic data that is flow-based and
protocol-agnostic.Comment: 7 pages, 3 figures, 3 tables, appears in the 2018 Workshop on Deep
Learning and Security (DLS '18
Evaluating the Contextual Integrity of Privacy Regulation: Parents' IoT Toy Privacy Norms Versus COPPA
Increased concern about data privacy has prompted new and updated data
protection regulations worldwide. However, there has been no rigorous way to
test whether the practices mandated by these regulations actually align with
the privacy norms of affected populations. Here, we demonstrate that surveys
based on the theory of contextual integrity provide a quantifiable and scalable
method for measuring the conformity of specific regulatory provisions to
privacy norms. We apply this method to the U.S. Children's Online Privacy
Protection Act (COPPA), surveying 195 parents and providing the first data that
COPPA's mandates generally align with parents' privacy expectations for
Internet-connected "smart" children's toys. Nevertheless, variations in the
acceptability of data collection across specific smart toys, information types,
parent ages, and other conditions emphasize the importance of detailed
contextual factors to privacy norms, which may not be adequately captured by
COPPA.Comment: 18 pages, 1 table, 4 figures, 2 appendice
The Extent of Multi-particle Quantum Non-locality
It is well known that entangled quantum states can be nonlocal: the
correlations between local measurements carried out on these states cannot
always be reproduced by local hidden variable models. Svetlichny, followed by
others, showed that multipartite quantum states are even more nonlocal than
bipartite ones in the sense that nonlocal classical models with (super-luminal)
communication between some of the parties cannot reproduce the quantum
correlations. Here we study in detail the kinds of nonlocality present in
quantum states. More precisely we enquire what kinds of classical communication
patterns cannot reproduce quantum correlations. By studying the extremal points
of the space of all multiparty probability distributions, in which all parties
can make one of a pair of measurements each with two possible outcomes, we find
a necessary condition for classical nonlocal models to reproduce the statistics
of all quantum states. This condition extends and generalises work of
Svetlichny and others in which it was shown that a particular class of
classical nonlocal models, the ``separable'' models, cannot reproduce the
statistics of all multiparticle quantum states. Our condition shows that the
nonlocality present in some entangled multiparticle quantum states is much
stronger than previously thought. We also study the sufficiency of our
condition.Comment: 10 pages, 2 figures, journal versio
User Perceptions of Smart Home IoT Privacy
Smart home Internet of Things (IoT) devices are rapidly increasing in
popularity, with more households including Internet-connected devices that
continuously monitor user activities. In this study, we conduct eleven
semi-structured interviews with smart home owners, investigating their reasons
for purchasing IoT devices, perceptions of smart home privacy risks, and
actions taken to protect their privacy from those external to the home who
create, manage, track, or regulate IoT devices and/or their data. We note
several recurring themes. First, users' desires for convenience and
connectedness dictate their privacy-related behaviors for dealing with external
entities, such as device manufacturers, Internet Service Providers,
governments, and advertisers. Second, user opinions about external entities
collecting smart home data depend on perceived benefit from these entities.
Third, users trust IoT device manufacturers to protect their privacy but do not
verify that these protections are in place. Fourth, users are unaware of
privacy risks from inference algorithms operating on data from non-audio/visual
devices. These findings motivate several recommendations for device designers,
researchers, and industry standards to better match device privacy features to
the expectations and preferences of smart home owners.Comment: 20 pages, 1 tabl
- …