Related papers: The Dark (and Bright) Side of IoT: Attacks and Countermeasures for Identifying Smart Home Devices and Services

The Dark (and Bright) Side of IoT: Attacks and Countermeasures for Identifying Smart Home Devices and Services

URL: http://arxiv.org/abs/2009.07672v4
Date: Sun, 25 Jul 2021 08:26:23 GMT
Title: The Dark (and Bright) Side of IoT: Attacks and Countermeasures for Identifying Smart Home Devices and Services
Authors: Ahmed Mohamed Hussain, Gabriele Oligeri, and Thiemo Voigt
Abstract summary: We build up a model describing the traffic patterns characterizing three popular IoT smart home devices. We prove that it is possible to detect and identify with overwhelming probability their presence and the services running by the aforementioned devices.
Score: 4.568911586155096
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: We present a new machine learning-based attack that exploits network patterns to detect the presence of smart IoT devices and running services in the WiFi radio spectrum. We perform an extensive measurement campaign of data collection, and we build up a model describing the traffic patterns characterizing three popular IoT smart home devices, i.e., Google Nest Mini, Amazon Echo, and Amazon Echo Dot. We prove that it is possible to detect and identify with overwhelming probability their presence and the services running by the aforementioned devices in a crowded WiFi scenario. This work proves that standard encryption techniques alone are not sufficient to protect the privacy of the end-user, since the network traffic itself exposes the presence of both the device and the associated service. While more work is required to prevent non-trusted third parties to detect and identify the user's devices, we introduce Eclipse, a technique to mitigate these types of attacks, which reshapes the traffic making the identification of the devices and the associated services similar to the random classification baseline.

Related papers

I Still See You: Why Existing IoT Traffic Reshaping Fails [14.077052412195263]
Internet traffic data produced by the Internet of Things (IoT) devices are collected by Internet Service Providers (ISPs) and device manufacturers. On-path adversaries could infer and fingerprint users' sensitive privacy information by analyzing these network traffic traces. There's currently no systematic method to compare and evaluate the comprehensiveness of existing studies.
arXiv Detail & Related papers (2024-06-14T18:11:44Z)
Is Your Kettle Smarter Than a Hacker? A Scalable Tool for Assessing Replay Attack Vulnerabilities on Consumer IoT Devices [1.5612101323427952]
ENISA and NIST security guidelines emphasize the importance of enabling default local communication for safety and reliability. We propose a tool, named REPLIOT, able to test whether a replay attack is successful or not, without prior knowledge of the target devices. We find that 75% of the remaining devices are vulnerable to replay attacks with REPLIOT having a detection accuracy of 0.98-1.
arXiv Detail & Related papers (2024-01-22T18:24:41Z)
An Intelligent Mechanism for Monitoring and Detecting Intrusions in IoT Devices [0.7219077740523682]
This work proposes a Host-based Intrusion Detection Systems that leverages Federated Learning and Multi-Layer Perceptron neural networks to detected cyberattacks on IoT devices with high accuracy and enhancing data privacy protection.
arXiv Detail & Related papers (2023-06-23T11:26:00Z)
IoT Device Identification Based on Network Communication Analysis Using Deep Learning [43.0717346071013]
The risk of attacks on an organization's network has increased due to the growing use of less secure IoT devices. To tackle this threat and protect their networks, organizations generally implement security policies in which only white listed IoT devices are allowed on the network. In this research, deep learning is applied to network communication for the automated identification of IoT devices permitted on the network.
arXiv Detail & Related papers (2023-03-02T13:44:58Z)
Unsupervised Ensemble Based Deep Learning Approach for Attack Detection in IoT Network [0.0]
Internet of Things (IoT) has altered living by controlling devices/things over the Internet. To bring down the IoT network, attackers can utilise these devices to conduct a variety of network attacks. In this paper, we have developed an unsupervised ensemble learning model that is able to detect new or unknown attacks in an IoT network from an unlabelled dataset.
arXiv Detail & Related papers (2022-07-16T11:12:32Z)
WiFi-based Spatiotemporal Human Action Perception [53.41825941088989]
An end-to-end WiFi signal neural network (SNN) is proposed to enable WiFi-only sensing in both line-of-sight and non-line-of-sight scenarios. Especially, the 3D convolution module is able to explore thetemporal continuity of WiFi signals, and the feature self-attention module can explicitly maintain dominant features.
arXiv Detail & Related papers (2022-06-20T16:03:45Z)
Rapid IoT Device Identification at the Edge [5.213147236587845]
We show a novel method of rapid IoT device identification using neural networks trained on device DNS traffic. The method identifies devices by fitting a model to the first seconds of DNS second-level-domain traffic following their first connection. We classify 30 consumer IoT devices from 27 different manufacturers with 82% and 93% accuracy for product type and device manufacturers respectively.
arXiv Detail & Related papers (2021-10-26T18:11:38Z)
CAN-LOC: Spoofing Detection and Physical Intrusion Localization on an In-Vehicle CAN Bus Based on Deep Features of Voltage Signals [48.813942331065206]
We propose a security hardening system for in-vehicle networks. The proposed system includes two mechanisms that process deep features extracted from voltage signals measured on the CAN bus.
arXiv Detail & Related papers (2021-06-15T06:12:33Z)
TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack [46.79557381882643]
We present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack. Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets. TANTRA achieves an average success rate of 99.99% in network intrusion detection system evasion.
arXiv Detail & Related papers (2021-03-10T19:03:38Z)
Smart Home, security concerns of IoT [91.3755431537592]
The IoT (Internet of Things) has become widely popular in the domestic environments. People are renewing their homes into smart homes; however, the privacy concerns of owning many Internet connected devices with always-on environmental sensors remain insufficiently addressed. Default and weak passwords, cheap materials and hardware, and unencrypted communication are identified as the principal threats and vulnerabilities of IoT devices.
arXiv Detail & Related papers (2020-07-06T10:36:11Z)
IoT Device Identification Using Deep Learning [43.0717346071013]
The growing use of IoT devices in organizations has increased the number of attack vectors available to attackers. The widely adopted bring your own device (BYOD) policy which allows an employee to bring any IoT device into the workplace and attach it to an organization's network also increases the risk of attacks. In this study, we applied deep learning on network traffic to automatically identify IoT devices connected to the network.
arXiv Detail & Related papers (2020-02-25T12:24:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.