Researchers Figure Out How to Blind ISPs from Smart Home Device Traffic

[Exterminator]

Researchers have come up with a way to blind ISPs and attackers in a man-in-the-middle position to network traffic emanating from smart home devices.

Smart devices such as sleep monitors, electric switches, security cameras and many others require an internet connection to function properly. They also transmit data back to the manufacturer, and that traffic—even if it’s encrypted—can reveal private personal information in the form of metadata that can erode an individual’s privacy.

The researchers, a team from Princeton University, published a paper on their work called “Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic.” In it, they suggest that a relatively straightforward technique known as traffic rate shaping is a solid strategy for mitigating privacy risks posed by these devices.

“Our experiments show that traffic shaping can effectively and practically mitigate many privacy risks associated with smart home IoT devices,” the researchers wrote. “We find that 40KB/s extra bandwidth usage is enough to protect user activities from a passive network adversary. This bandwidth cost is well within the Internet speed limits and data caps for many smart homes.”

The researchers propose traffic shaping through independent link padding which shapes traffic rates to a constant size, eliminating the ability to snoops to infer activity from spikes and certain traffic patterns.

“Implementations typically involve padding or fragmenting all packets to a constant size and buffering device traffic or sending cover traffic to enforce the predetermined rate,” the researchers wrote. “We empirically determined shaped traffic rates resulting in low bandwidth overheads and tolerable network latencies for a variety of smart home devices.”

For example, for homes with devices that don’t transmit audio or video, only 7.5 KB/second of traffic to mask activity, an amount that is .4 percent less than average broadband upload and download speeds. A consumer would see a jump in data of about 19GB per month, under data limits imposed by most ISPs, the paper says.

Devices that stream audio or video require 40 KB/second of cover traffic, still below average upload speeds, they wrote.

“Although ILP shaping is well-understood, it is typically dismissed as requiring excessive latency or bandwidth overhead to be practical for real-world use,” the researchers wrote. “Our results contradict this common belief. ILP traffic shaping is a reasonable privacy protection method for smart homes with rate-limited broadband access or data caps.”

The researchers say passive attackers can infer activities from a smart device even if traffic is protected by TLS. They describe a two-stage attack where one could use DNS queries or device fingerprinting allows an attacker to identify a smart home device from network traffic, and infer activity from changes in traffic rates once a device is identified.

“We tested this attack on several commercially available smart home devices and found that all revealed potentially private user behaviors through network traffic metadata,” the researchers wrote.

Giving more urgency to this threat is the Trump administration’s recent about-face on the broadband privacy rules. ISPs now will not have to adhere to restrictions preventing them from collecting information from consumers from traffic analysis and deep packet inspection.

“In the debate surrounding these regulations, some argued that the privacy risks of smart home device traffic analysis are minimal, because the increasing pervasiveness of encryption prevents network observers from viewing sensitive data in traffic content,” the researchers wrote. “We demonstrate that despite the broad adoption of transport layer encryption, smart home traffic metadata is sufficient for a passive network adversary to infer sensitive in-home activities.”

 

[HarborFront]

Quote from Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic

https://arxiv.org/pdf/1708.05044.pdf

In testing smart home devices, we discover that many devices do not work without an active Internet connection. This means that firewalling smart home devices from the Internet is not an effective means of mitigating the problem of traffic rate metadata. Additionally, tunneling smart home traffic through a VPN makes the traffic metadata privacy attack considerably more challenging, but does not provide guaranteed protection. We find that certain common device combinations and user activity patterns minimize the ability of a VPN to obfuscate smart home traffic metadata.

It'll be great if there's a practical solution now. I wonder where the ILP would be implemented...in the router and/or the IoT device?