Proceedings of the ACM Internet Measurement Conference 2020
DOI: 10.1145/3419394.3423650
|View full text |Cite
|
Sign up to set email alerts
|

A Haystack Full of Needles

Abstract: Consumer Internet of ings (IoT) devices are extremely popular, providing users with rich and diverse functionalities, from voice assistants to home appliances. ese functionalities o en come with signi cant privacy and security risks, with notable recent largescale coordinated global a acks disrupting large service providers.us, an important rst step to address these risks is to know what IoT devices are where in a network. While some limited solutions exist, a key question is whether device discovery can be do… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
16
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
4
2

Relationship

0
6

Authors

Journals

citations
Cited by 42 publications
(16 citation statements)
references
References 20 publications
0
16
0
Order By: Relevance
“…Data exfiltration: IoT devices typically communicate with a number of remote servers maintained by their manufacturer, cloud providers (e.g., Amazon AWS), common services like time synchronization (e.g., ntp.org), or third-party services (e.g., doubleclick.net) for other services like advertising [35]. As highlighted by [33,35,36], many IoT devices often interact with third-party platforms, enabling those platforms to collect large-scale user data used for tracking and/or advertisement purposes [35]. Work in [35] developed a system to automatically identify "nonessential" network communications of IoT devices so that blocking them would not affect the normal operation of devices.…”
Section: Iot Asset Risk Assessmentmentioning
confidence: 99%
See 4 more Smart Citations
“…Data exfiltration: IoT devices typically communicate with a number of remote servers maintained by their manufacturer, cloud providers (e.g., Amazon AWS), common services like time synchronization (e.g., ntp.org), or third-party services (e.g., doubleclick.net) for other services like advertising [35]. As highlighted by [33,35,36], many IoT devices often interact with third-party platforms, enabling those platforms to collect large-scale user data used for tracking and/or advertisement purposes [35]. Work in [35] developed a system to automatically identify "nonessential" network communications of IoT devices so that blocking them would not affect the normal operation of devices.…”
Section: Iot Asset Risk Assessmentmentioning
confidence: 99%
“…The authors used regular expression matching to label the training dataset by obtaining the device model and vendor from the headers of application protocols like HTTP and SSDP. Some other works [12,36,[43][44][45][46] also focused on determining the make and model of IoT devices from their network traffic. However, they differ from each other in terms of traffic features, visibility levels, and inference models used that will be further explained in §2.3, §2.4, and §2.5.…”
Section: Iot Asset Identificationmentioning
confidence: 99%
See 3 more Smart Citations