Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping

  • 1 Princeton University, Department of Computer Science
  • 2 Princeton University, Department of Computer Science
  • 3 Princeton University, Department of Computer Science
  • 4 Princeton University, Department of Computer Science
  • 5 Princeton University, Department of Computer Science


The proliferation of smart home Internet of things (IoT) devices presents unprecedented challenges for preserving privacy within the home. In this paper, we demonstrate that a passive network observer (e.g., an Internet service provider) can infer private in-home activities by analyzing Internet traffic from commercially available smart home devices even when the devices use end-to-end transport-layer encryption. We evaluate common approaches for defending against these types of traffic analysis attacks, including firewalls, virtual private networks, and independent link padding, and find that none sufficiently conceal user activities with reasonable data overhead. We develop a new defense, “stochastic traffic padding” (STP), that makes it difficult for a passive network adversary to reliably distinguish genuine user activities from generated traffic patterns designed to look like user interactions. Our analysis provides a theoretical bound on an adversary’s ability to accurately detect genuine user activities as a function of the amount of additional cover traffic generated by the defense technique.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J. A., Invernizzi, L., Kallitsis, M., et al. Understanding the Mirai botnet. In 26th USENIX Security Symposium (USENIX Security 17) (2017), pp. 1092–1110.

  • [2] Apthorpe, N., Reisman, D., and Feamster, N. Closing the blinds: Four strategies for protecting smart home privacy from network observers. Workshop on Technology and Consumer Protection (ConPro) (2017).

  • [3] Apthorpe, N., Reisman, D., and Feamster, N. A smart home is no castle: Privacy vulnerabilities of encrypted IoT traffic. Data and Algorithmic Transparency Workshop (DAT) (2017).

  • [4] Apthorpe, N., Reisman, D., Sundaresan, S., Narayanan, A., and Feamster, N. Spying on the smart home: Privacy attacks and defenses on encrypted IoT traffic. arXiv preprint arXiv:1708.05044 (2017).

  • [5] Back, A., Möller, U., and Stiglic, A. Traffic analysis attacks and trade-offs in anonymity providing systems. In International Workshop on Information Hiding (2001), Springer, pp. 245–257.

  • [6] Bellovin, S. M. A technique for counting natted hosts. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment (2002), ACM, pp. 267–272.

  • [7] Caballero, J., Venkataraman, S., Poosankam, P., Kang, M. G., Song, D., and Blum, A. Fig: Automatic fingerprint generation. In Network and Distributed System Security Symposium (2007).

  • [8] Cai, X., Nithyanand, R., Wang, T., Johnson, R., and Goldberg, I. A systematic approach to developing and evaluating website fingerprinting defenses. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014), ACM, pp. 227–238.

  • [9] Chirgwin, R. Internet of snitches: anyone who can sniff ’thing’ traffic knows what you’re doing., May 2017. The Register.

  • [10] Coldewey, D. Internet providers could easily snoop on your smart home., August 2017. TechCrunch.

  • [11] Copos, B., Levitt, K., Bishop, M., and Rowe, J. Is anybody home? Inferring activity from smart home network traffic. In 2016 IEEE Security and Privacy Workshops (SPW) (2016), IEEE, pp. 245–251.

  • [12] Datta, T., Apthorpe, N., and Feamster, N. A developer-friendly library for smart home IoT privacy-preserving traffic obfuscation. In Proceedings of the 2018 Workshop on IoT Security and Privacy (2018), ACM, pp. 43–48.

  • [13] Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., and Halderman, J. A. A search engine backed by Internet-wide scanning. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (2015), ACM, pp. 542–553.

  • [14] Dyer, K. P., Coull, S. E., Ristenpart, T., and Shrimpton, T. Peek-a-boo, I still see you: Why efficient traffic analysis countermeasures fail. In 2012 IEEE Symposium on Security and Privacy (S&P) (2012), IEEE, pp. 332–346.

  • [15] Fachkha, C., Bou-Harb, E., Keliris, A., Memon, N. D., and Ahamad, M. Internet-scale probing of cps: Inference, characterization and orchestration analysis. In the Network and Distributed System Security Symposium (NDSS) (2017).

  • [16] Felten, E. W., and Schneider, M. A. Timing attacks on web privacy. In Proceedings of the 7th ACM Conference on Computer and Communications Security (2000), ACM, pp. 25–32.

  • [17] Feng, X., Li, Q., Wang, H., and Sun, L. Acquisitional rule-based engine for discovering internet-of-things devices. In 27th USENIX Security Symposium (USENIX Security 18) (2018), pp. 327–341.

  • [18] Fu, X., Graham, B., Bettati, R., Zhao, W., and Xuan, D. Analytical and empirical analysis of countermeasures to traffic analysis attacks. In Proceedings of the 2003 International Conference on Parallel Processing (2003), IEEE, pp. 483–492.

  • [19] Gargiulo, M. The future of the VPN market., July 2018. Forbes.

  • [20] Gong, X., Borisov, N., Kiyavash, N., and Schear, N. Website detection using remote traffic analysis. In Privacy Enhancing Technologies Symposium (2012), Springer, pp. 58–78.

  • [21] Grover, S., and Feamster, N. The Internet of un-patched things. FTC PrivacyCon (2016).

  • [22] Hoffman, P., and McManus, P. DNS Queries over HTTPS (DoH). RFC 8484, RFC Editor, October 2018.

  • [23] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., and Hoffman, P. Specification for DNS over Transport Layer Security (TLS). RFC 7858, RFC Editor, May 2016.

  • [24] Inverse inc. Fingerbank.

  • [25] Juarez, M., Imani, M., Perry, M., Diaz, C., and Wright, M. Toward an efficient website fingerprinting defense. In European Symposium on Research in Computer Security (2016), Springer, pp. 27–46.

  • [26] Kastrenakes, J. Project Fi promises privacy with Googlerun VPN., November 2018. The Verge.

  • [27] Kohno, T., Broido, A., and Claffy, K. C. Remote physical device fingerprinting. IEEE Transactions on Dependable and Secure Computing 2, 2 (2005), 93–108.

  • [28] Liu, J., Zhang, C., and Fang, Y. Epic: A differential privacy framework to defend smart homes against internet traffic analysis. IEEE Internet of Things Journal 5, 2 (2018), 1206–1217.

  • [29] Mayer, J., Mutchler, P., and Mitchell, J. C. Evaluating the privacy properties of telephone metadata. Proceedings of the National Academy of Sciences 113, 20 (2016), 5536–5541.

  • [30] Miettinen, M., Marchal, S., Hafeez, I., Asokan, N., Sadeghi, A.-R., and Tarkoma, S. IoT Sentinel: Automated device-type identification for security enforcement in IoT. In Distributed Computing Systems (ICDCS), 2017 IEEE 37th International Conference on (2017), IEEE, pp. 2177–2184.

  • [31] Murdoch, S. J., and Danezis, G. Low-cost traffic analysis of Tor. In 2005 IEEE Symposium on Security and Privacy (S&P) (2005), IEEE, pp. 183–195.

  • [32] Nithyanand, R., Cai, X., and Johnson, R. Glove: A bespoke website fingerprinting defense. In Proceedings of the 13th Workshop on Privacy in the Electronic Society (2014), ACM, pp. 131–134.

  • [33] Park, H., Basaran, C., Park, T., and Son, S. H. Energy-efficient privacy protection for smart home environments using behavioral semantics. Sensors 14, 9 (2014), 16235–16257.

  • [34] Rist, O. The best VPN routers of 2018., November 2018. PCMag.

  • [35] Schmitt, P., Edmundson, A., and Feamster, N. Oblivious DNS: Practical privacy for DNS queries. arXiv preprint arXiv:1806.00276 (2018).

  • [36] Shamsi, Z., Cline, D. B., and Loguinov, D. Faulds: A non-parametric iterative classifier for Internet-wide OS fingerprinting. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017), ACM, pp. 971–982.

  • [37] Shamsi, Z., Nandwani, A., Leonard, D., and Loguinov, D. Hershel: Single-packet OS fingerprinting. In ACM SIGMETRICS Performance Evaluation Review (2014), vol. 42, ACM, pp. 195–206.

  • [38] Shmatikov, V., and Wang, M.-H. Timing analysis in low-latency mix networks: Attacks and defenses. In European Symposium on Research in Computer Security (2006), Springer, pp. 18–33.

  • [39] Srinivasan, V., Stankovic, J., and Whitehouse, K. Protecting your daily in-home activity information from a wireless snooping attack. In Proceedings of the 10th International Conference on Ubiquitous Computing (2008), ACM, pp. 202–211.

  • [40] Stark, H. Your Internet provider has already hacked your smart home., September 2017. Forbes.

  • [41] Van Den Hooff, J., Lazar, D., Zaharia, M., and Zeldovich, N. Vuvuzela: Scalable private messaging resistant to traffic analysis. In Proceedings of the 25th Symposium on Operating Systems Principles (2015), ACM, pp. 137–152.

  • [42] Verde, N. V., Ateniese, G., Gabrielli, E., Mancini, L. V., and Spognardi, A. No NAT’d user left behind: Fingerprinting users behind NAT from Netflow records alone. In 34th International Conference on Distributed Computing Systems (ICDCS) (2014), IEEE, pp. 218–227.

  • [43] Wang, T., Cai, X., Nithyanand, R., Johnson, R., and Goldberg, I. Effective attacks and provable defenses for website fingerprinting. In 23rd USENIX Security Symposium (USENIX Security 14) (2014), pp. 143–157.

  • [44] Wang, T., and Goldberg, I. On realistically attacking Tor with website fingerprinting. Proceedings on Privacy Enhancing Technologies 2016, 4 (2016), 21–36.

  • [45] Wang, T., and Goldberg, I. Walkie-talkie: An efficient defense against passive website fingerprinting attacks. In 26th USENIX Security Symposium (USENIX Security 17) (2017), pp. 1375–1390.

  • [46] Wang, W., Motani, M., and Srinivasan, V. Dependent link padding algorithms for low latency anonymity systems. In Proceedings of the 15th ACM conference on Computer and communications security (2008), ACM, pp. 323–332.


Journal + Issues