Packet-Level Signatures for Smart Home Devices

Trimananda, Rahmadi; Varmarken, Janus; Markopoulou, Athina; Demsky, Brian

doi:10.14722/ndss.2020.24097

Cited by 98 publications

(116 citation statements)

References 16 publications

Supporting

Mentioning

111

Contrasting

Unclassified

Order By: Relevance

“…from devices, indicating that device data flow out via the hub even when they are not needed by any automation. Besides our experiment, traffic analysis researches [33], [34] also show that certain traffic patterns for transmitting device events from the SmartThings hub to the backend cloud can be observed when the corresponding events are generated by devices, which is consistent with our result.…”

Section: Motivation and Threat Modelsupporting

confidence: 90%

PFirewall: Semantics-Aware Customizable Data Flow Control for Smart Home Privacy Protection

Chi

Zeng

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Internet of Things (IoT) platforms enable users to deploy home automation applications. Meanwhile, privacy issues arise as large amounts of sensitive device data flow out to IoT platforms. Most of the data flowing to a platform actually do not trigger automation actions, while homeowners currently have no control once devices are bound to the platform. We present PFIREWALL, a customizable data-flow control system to enhance the privacy of IoT platform users. PFIREWALL automatically generates data-minimization policies, which only disclose minimum amount of data to fulfill automation. In addition, PFIRE-WALL provides interfaces for homeowners to customize individual privacy preferences by defining user-specified policies. To enforce these policies, PFIREWALL transparently intervenes and mediates the communication between IoT devices and the platform, without modifying the platform, IoT devices, or hub. Evaluation results on four real-world testbeds show that PFIREWALL reduces IoT data sent to the platform by 97% without impairing home automation, and effectively mitigates user-activity inference/tracking attacks and other privacy risks.

show abstract

Section: Motivation and Threat Modelsupporting

confidence: 90%

PFirewall: Semantics-Aware Customizable Data Flow Control for Smart Home Privacy Protection

Chi

Zeng

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Zhang et al extracted fingerprints for several event types in order to detect misbehaving smart home applications [41]. Trimananda et al were able to infer events related to Zigbee devices by identifying packet-level signatures from the Wi-Fi and Ethernet traffic that the smartphone and smart hub generated in order to communicate with cloud servers [35]. Gu et al extracted event fingerprints in order to detect anomalies in smart home applications and discover hidden vulnerabilities [17].…”

Section: Related Workmentioning

confidence: 99%

“…To add to the challenge, there is a lack of robust security analysis tools for Zigbee networks, commercial Zigbee devices use closed-source software, and certain specification documents have not been released to the public. Previous studies that incorporate centralized Zigbee networks largely demonstrate information leakage from encrypted traffic [1,17,35,41], such as the identification of triggered events, without exploring how an attacker may use this information to disrupt the operation of centralized Zigbee networks. While several command injection attacks have been demonstrated against centralized Zigbee networks [8,21,49], these attacks require knowledge of the network key.…”

Section: Introductionmentioning

confidence: 99%

Zigator

Akestoridis

Harishankar

Michael

et al. 2020

Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

View full text Add to dashboard Cite

As the popularity of Internet-connected devices for residential use increases, it is important to ensure that they meet appropriate security goals, given that they interact with the physical world through sensors and actuators. Zigbee is a wireless communication protocol that is commonly used in smart home environments, which builds on top of the IEEE 802.15.4 standard. In this work we present a security analysis tool, called Zigator, that enables in-depth study of Zigbee networks. In particular, we study the security consequences of the design choice to disable MAC-layer security in centralized Zigbee networks. We show that valuable information can be gained from passive inspection of Zigbee traffic, including the identification of certain encrypted NWK commands, which we then use to develop selective jamming and spoofing attacks. An attacker may launch these attacks in order to force the end user to factory reset targeted devices and eventually expose the network key. We validated our attacks by setting up a testbed, using open-source tools, that incorporates commercial Zigbee devices. Finally, we publicly release the software tools that we developed and the Zigbee packets that we captured, to contribute back to the research community. CCS CONCEPTS • Security and privacy → Mobile and wireless security; • Networks → Mobile and wireless security; Home networks; Mobile ad hoc networks; Sensor networks.

show abstract

“…There are several works studying the security issues of IoT devices via public traces [70], [78]. However, as the ground truth for unknown protocols is often absent, it is difficult to use public datasets and evaluate the clustering results like what we do in Section V-B.…”

Section: F Evaluation Of Unknown Protocolsmentioning

confidence: 99%

NetPlier: Probabilistic Network Protocol Reverse Engineering from Message Traces

Zhang

Wang

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Network protocol reverse engineering is an important challenge with many security applications. A popular kind of method leverages network message traces. These methods rely on pair-wise sequence alignment and/or tokenization. They have various limitations such as difficulties of handling a large number of messages and dealing with inherent uncertainty. In this paper, we propose a novel probabilistic method for network trace based protocol reverse engineering. It first makes use of multiple sequence alignment to align all messages and then reduces the problem to identifying the keyword field from the set of aligned fields. The keyword field determines the type of a message. The identification is probabilistic, using random variables to indicate the likelihood of each field (being the true keyword). A joint distribution is constructed among the random variables and the observations of the messages. Probabilistic inference is then performed to determine the most likely keyword field, which allows messages to be properly clustered by their true types and enables the recovery of message format and state machine. Our evaluation on 10 protocols shows that our technique substantially outperforms the state-of-the-art and our case studies show the unique advantages of our technique in IoT protocol reverse engineering and malware analysis.

show abstract

Packet-Level Signatures for Smart Home Devices

Cited by 98 publications

References 16 publications

PFirewall: Semantics-Aware Customizable Data Flow Control for Smart Home Privacy Protection

PFirewall: Semantics-Aware Customizable Data Flow Control for Smart Home Privacy Protection

Zigator

NetPlier: Probabilistic Network Protocol Reverse Engineering from Message Traces

Contact Info

Product

Resources

About