Peek-a-boo

Acar, Abbas; Fereidooni, Hossein; Abera, Tigist; Sikder, Amit Kumar; Miettinen, Markus; Aksu, Hidayet; Conti, Mauro; Sadeghi, Ahmad‐Reza; Uluagac, Selcuk

doi:10.1145/3395351.3399421

Cited by 162 publications

(56 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Fingerprinting attacks have also been studied, by taking into account several types of IoT devices operating on several different (e.g. Bluetooth Low Energy, WiFi, ZigBee) [117]. Not only is it possible to guess what type of IoT device is used in a given environment, but also the activity of the device (on / off) can be identified.…”

Section: • Level Of Protection 1: Encrypted Datamentioning

confidence: 99%

“…In [120], the authors have the same objectives as [117] but develop a new attack more resistant to detection methods and countermeasures such as traffic shaping. For this, the authors have created a 'Ping-Pong' tool, which makes it possible to automate the collection of data and to deduce the type of activity of a device.…”

Section: • Level Of Protection 1: Encrypted Datamentioning

confidence: 99%

See 1 more Smart Citation

How Machine Learning Changes the Nature of Cyberattacks on IoT Networks: A Survey

Bout

Loscrì

Gallais

2022

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

Section: • Level Of Protection 1: Encrypted Datamentioning

confidence: 99%

Section: • Level Of Protection 1: Encrypted Datamentioning

confidence: 99%

How Machine Learning Changes the Nature of Cyberattacks on IoT Networks: A Survey

Bout

Loscrì

Gallais

2022

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

“…We infer sensitive information from the encrypted communications of wearable devices by using traffic-analysis attacks [44], a technique that exploits the communication patterns (e.g., packet sizes and timings) of encrypted traffic. These attacks have been successfully demonstrated in diverse settings: to recognize web pages on Tor traffic [48,67,88,89], to fingerprint devices [68] or to infer the activities performed in a user's smart home [17,81] and to recognize user activities and applications used on a smartphone (e.g., sending an e-mail or browsing a web page) [42,76,83,84,94]. The focus of recent related works has been on inferring user activities in the IoT and smart home setting [17,21,27,28,85], eavesdropping on WLAN or Internet traffic (or both).…”

Section: New Insulin Injectionmentioning

confidence: 99%

“…Second, they show how the traffic is linked to the gait of the wearer, and that the encrypted traffic is enough to recognize a person with 97.6% accuracy across 10 users. Acar et al infer user actions in a smart home using a layered traffic-analysis attack [17]. Their methodology is similar to ours: they first perform device identification and then use it as a stepping stone to further infer device states and user activities.…”

Section: Related Workmentioning

confidence: 99%

“…Traffic-analysis attacks have also been applied on TLS traffic, for instance, to recognize a streamed video [72,73,77] or to identify the operating system and the applications [65]. Many recent related works focus on IoT traffic and smart homes [17,21,27,28,81,85]; while these works often employ a similar attack methodology, they do not consider the same ecosystem of devices, applications and actions. We focus on devices and applications that have access to live fitness-or health-related information of the wearer, both in a fine-grained manner and over a long period of time.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Every Byte Matters

Barman

Dumur

Pyrgelis

et al. 2021

Proc. ACM Interact. Mob. Wearable Ubiquitous Technol.

View full text Add to dashboard Cite

Wearable devices such as smartwatches, fitness trackers, and blood-pressure monitors process, store, and communicate sensitive and personal information related to the health, life-style, habits and interests of the wearer. This data is typically synchronized with a companion app running on a smartphone over a Bluetooth (Classic or Low Energy) connection. In this work, we investigate what can be inferred from the metadata (such as the packet timings and sizes) of encrypted Bluetooth communications between a wearable device and its connected smartphone. We show that a passive eavesdropper can use traffic-analysis attacks to accurately recognize (a) communicating devices, even without having access to the MAC address, (b) human actions (e.g., monitoring heart rate, exercising) performed on wearable devices ranging from fitness trackers to smartwatches, (c) the mere opening of specific applications on a Wear OS smartwatch (e.g., the opening of a medical app, which can immediately reveal a condition of the wearer), (d) fine-grained actions (e.g., recording an insulin injection) within a specific application that helps diabetic users to monitor their condition, and (e) the profile and habits of the wearer by continuously monitoring her traffic over an extended period. We run traffic-analysis attacks by collecting a dataset of Bluetooth communications concerning a diverse set of wearable devices, by designing features based on packet sizes and timings, and by using machine learning to classify the encrypted traffic to actions performed by the wearer. Then, we explore standard defense strategies against traffic-analysis attacks such as padding, delaying packets, or injecting dummy traffic. We show that these defenses do not provide sufficient protection against our attacks and introduce significant costs. Overall, our research highlights the need to rethink how applications exchange sensitive information over Bluetooth, to minimize unnecessary data exchanges, and to research and design new defenses against traffic-analysis tailored to the wearable setting.

show abstract