An increasing number of Internet of Things (IoT) devices are connecting to the Internet, yet many of these devices are fundamentally insecure, exposing the Internet to a variety of attacks. Botnets such as Mirai have used insecure consumer IoT devices to conduct distributed denial of service (DDoS) attacks on critical Internet infrastructure. This motivates the development of new techniques to automatically detect consumer IoT attack traffic. In this paper, we demonstrate that using IoT-specific network behaviors (e.g. limited number of endpoints and regular time intervals between packets) to inform feature selection can result in high accuracy DDoS detection in IoT network traffic with a variety of machine learning algorithms, including neural networks. These results indicate that home gateway routers or other network middleboxes could automatically detect local IoT device sources of DDoS attacks using low-cost machine learning algorithms and traffic data that is flow-based and protocol-agnostic.
Smart home Internet of Things (IoT) devices are rapidly increasing in popularity, with more households including Internet-connected devices that continuously monitor user activities. In this study, we conduct eleven semi-structured interviews with smart home owners, investigating their reasons for purchasing IoT devices, perceptions of smart home privacy risks, and actions taken to protect their privacy from those external to the home who create, manage, track, or regulate IoT devices and/or their data. We note several recurring themes. First, users' desires for convenience and connectedness dictate their privacy-related behaviors for dealing with external entities, such as device manufacturers, Internet Service Providers, governments, and advertisers. Second, user opinions about external entities collecting smart home data depend on perceived benefit from these entities. Third, users trust IoT device manufacturers to protect their privacy but do not verify that these protections are in place. Fourth, users are unaware of privacy risks from inference algorithms operating on data from non-audio/visual devices. These findings motivate several recommendations for device designers, researchers, and industry standards to better match device privacy features to the expectations and preferences of smart home owners.CCS Concepts: • Security and privacy → Human and societal aspects of security and privacy; • Human-centered computing → Empirical studies in HCI ; Ubiquitous and mobile devices;
Discovering Smart Home Internet of Things Privacy Norms Using Contextual Integrity
The proliferation of Internet of Things (IoT) devices for consumer "smart" homes raises concerns about user privacy. We present a survey method based on the Contextual Integrity (CI) privacy framework that can quickly and efficiently discover privacy norms at scale. We apply the method to discover privacy norms in the smart home context, surveying 1,731 American adults on Amazon Mechanical Turk. For $2,800 and in less than six hours, we measured the acceptability of 3,840 information flows representing a combinatorial space of smart home devices sending consumer information to first and third-party recipients under various conditions. Our results provide actionable recommendations for IoT device manufacturers, including design best practices and instructions for adopting our method for further research.CCS Concepts: • Security and privacy → Human and societal aspects of security and privacy; Privacy protections;• Human-centered computing → Empirical studies in ubiquitous and mobile computing;In this paper, we present a general, scalable survey method for discovering consumer privacy norms based on the Contextual Integrity (CI) privacy framework [44] (Section 3). CI is a well-established theory that defines privacy norms as the generally accepted appropriateness of specific information exchanges, or "information flows," in specific contexts. Information flows and associated contexts can be described using five parameters: sender, recipient, subject, attribute, and transmission principle. This precise formulation makes it possible to thoroughly investigate the combinatorial space of contextual information flows and associated privacy norms with an automated, large-scale survey on a crowdsourcing platform. Our use of CI also ensures that the method is repeatable, both for the same types of devices over time, as well as for entirely new classes of devices.The method we develop is effective for discovering privacy norms in general. In this paper, we focus on applying the method to discover smart home privacy norms. We conducted a survey with a population of 1,731 adults from the United States on the Amazon Mechanical Turk (MTurk) platform. The survey cost $2,800 and allowed us to query the acceptability of 3,840 information flows involving smart home devices in less than six hours and identify associated privacy norms (Section 4). Our results provide insightful observations and actionable recommendations for IoT device manufacturers, regulators, and consumer advocates (Section 5).Device manufacturers can use our survey method to perform their own research on how consumers might view the use of data that their products collect. We designed the method to make it easy to customize with new information flows and contexts, allowing manufacturers to discover privacy norms relevant to specific products, including ones we have not studied in this paper. The results will indicate whether existing or proposed devices may violate established privacy norms, providing an opportunity to preempt negative user feedback, public relati...
The proliferation of smart home Internet of things (IoT) devices presents unprecedented challenges for preserving privacy within the home. In this paper, we demonstrate that a passive network observer (e.g., an Internet service provider) can infer private in-home activities by analyzing Internet traffic from commercially available smart home devices even when the devices use end-to-end transport-layer encryption. We evaluate common approaches for defending against these types of traffic analysis attacks, including firewalls, virtual private networks, and independent link padding, and find that none sufficiently conceal user activities with reasonable data overhead. We develop a new defense, "stochastic traffic padding" (STP), that makes it difficult for a passive network adversary to reliably distinguish genuine user activities from generated traffic patterns designed to look like user interactions. Our analysis provides a theoretical bound on an adversary's ability to accurately detect genuine user activities as a function of the amount of additional cover traffic generated by the defense technique.
This paper introduces a method to capture network traffic from medical IoT devices and automatically detect cleartext information that may reveal sensitive medical conditions and behaviors. The research follows a three-step approach involving traffic collection, cleartext detection, and metadata analysis. We analyze four popular consumer medical IoT devices, including one smart medical device that leaks sensitive health information in cleartext. We also present a traffic capture and analysis system that seamlessly integrates with a home network and offers a user-friendly interface for consumers to monitor and visualize data transmissions of IoT devices in their homes.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Contact Info
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Product
Resources
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.
