7 research outputs found
Your Smart Home Can't Keep a Secret: Towards Automated Fingerprinting of IoT Traffic with Neural Networks
The IoT (Internet of Things) technology has been widely adopted in recent
years and has profoundly changed the people's daily lives. However, in the
meantime, such a fast-growing technology has also introduced new privacy
issues, which need to be better understood and measured. In this work, we look
into how private information can be leaked from network traffic generated in
the smart home network. Although researchers have proposed techniques to infer
IoT device types or user behaviors under clean experiment setup, the
effectiveness of such approaches become questionable in the complex but
realistic network environment, where common techniques like Network Address and
Port Translation (NAPT) and Virtual Private Network (VPN) are enabled. Traffic
analysis using traditional methods (e.g., through classical machine-learning
models) is much less effective under those settings, as the features picked
manually are not distinctive any more. In this work, we propose a traffic
analysis framework based on sequence-learning techniques like LSTM and
leveraged the temporal relations between packets for the attack of device
identification. We evaluated it under different environment settings (e.g.,
pure-IoT and noisy environment with multiple non-IoT devices). The results
showed our framework was able to differentiate device types with a high
accuracy. This result suggests IoT network communications pose prominent
challenges to users' privacy, even when they are protected by encryption and
morphed by the network gateway. As such, new privacy protection methods on IoT
traffic need to be developed towards mitigating this new issue
Movable Platform-Based Topology Detection for a Geographic Routing Wireless Sensor Network
With the increasing adoption of the Internet-of-Things (IoT), the wireless sensors network (WSN), as an underlying application of IoT, has attracted increasing attention. Topology, the working structure used to observe WSN, is the most instinctive form in troubleshooting and has great significance to WSN management and safety. To this end, it is imperative to recover WSN topology for the purpose of network management and non-cooperative network detection. Traditional network topology recovery mainly relies on the monitoring modules installed in nodes, or an extra network attached. However, these two approaches have several limitations, such as high energy consumption for monitoring nodes, time synchronization problems, reuse failure, limitation to specific targeted networks and high cost. In this paper, we present a new approach to recover the topology of WSN that adopts location-based routing protocols, based on movable platforms. Our observation is that the network topology is consistent with the node routing, as the nodes choose the next hop according to the geological position of neighbor nodes. Hence, we calculate the cost parameters of choosing routing nodes for the targeted network according to the partial connection of the nodes. Based on those cost parameters, we can determine the topology of the whole network. More specifically, by collecting the geological position and data packets of the nodes from movable platforms, we are able to infer the topology of the WSN according to the recovered partial connection of nodes. Our approach can be easily adopted to many scenarios, especially for non-cooperative large-scale networks. The evaluation of 30 simulations shows that the accuracy of recovery is above 90%
Authorisation inconsistency in IoT thirdâparty integration
Abstract Today's IoT platforms provide rich functionalities by integrating with popular thirdâparty services. Due to the complexity, it is critical to understand whether the IoT platforms have properly managed the authorisation in the crossâcloud IoT environments. In this study, the authors report the first systematic study on authorisation management of IoT thirdâparty integration by: (1) presenting two attacks that leak control permissions of the IoT device in the integration of thirdâparty services; (2) conducting a measurement study over 19 realâworld IoT platforms and three major thirdâparty services. Results show that eight of the platforms are vulnerable to the threat. To educate IoT developers, the authors provide inâdepth discussion about existing design principles and propose secure design principles for IoT crossâcloud control frameworks