Paper accepted at IMC ’23.

 

In the Room Where It Happens: Characterizing Local Communication and Threats in Smart Homes

 

Aniketh Girish (IMDEA Networks / Universidad Carlos III de Madrid), Tianrui Hu (Northeastern University), Vijay Prakash (New York University), Daniel J. Dubois (Northeastern University), Srdjan Matic (IMDEA Software Institute), Danny Yuxing Huang (New York University), Serge Egelman (UC Berkeley / ICSI), Joel Reardon (University of Calgary), Juan Tapiador (Universidad Carlos III de Madrid), David Choffnes (Northeastern University), Narseo Vallina-Rodriguez (IMDEA Networks/AppCensus)

Last updated: 10/26/2023

This is a summary page for this paper. The official page with all the material is TO BE ADDED SOON.

 iot-local

News

  • 09/23/2023. This research has been accepted for publication at the 23rd ACM Internet Measurement Conference (IMC 2023with the paper titled “In the Room Where It Happens: Characterizing Local Communication and Threats in Smart Homes.

Abstract


The network communication between Internet of Things (IoT) devices on the same local network has significant implications for security, privacy, and correctness. Yet, local network traffic has been largely ignored by prior literature, which typically focuses on studying the communication between devices and wide-area endpoints or detecting vulnerable IoT devices exposed to the Internet. In this paper, we present a comprehensive measurement study to shed light on the local communication within a smart home deployment and its associated threats. We use a unique combination of passive network traffic captures, honeypot interactions, and crowdsourced data from participants to identify a wide range of device activities on the local network. We then analyze these diverse datasets to characterize local network protocols, security and privacy threats associated with them, and real examples of information exposure due to local IoT traffic. Our analysis reveals vulnerable devices and insecure network protocols, how sensitive network and device data is exposed in the local network, and how this is abused by malicious actors and even exfiltrated to remote servers, potentially for tracking purposes. We will make our datasets and analysis publicly available to support further research in this area.

About this publication

Paper title: In the Room Where It Happens: Characterizing Local Communication and Threats in Smart Homes
Authors: Aniketh Girish (IMDEA Networks / Universidad Carlos III de Madrid), Tianrui Hu (Northeastern University), Vijay Prakash (New York University), Daniel J. Dubois (Northeastern University), Srdjan Matic (IMDEA Software Institute), Danny Yuxing Huang (New York University), Serge Egelman (UC Berkeley / ICSI), Joel Reardon (University of Calgary), Juan Tapiador (Universidad Carlos III de Madrid), David Choffnes (Northeastern University), Narseo Vallina-Rodriguez (IMDEA Networks/AppCensus)
Paper official page (with all the material): under construction now
Full Text: available via ACM open access.
Datasets: Testbed local traffic dataapp analysis and IoT Inspector data
Code: Protocol analysisapp analysis, active scan, honeypot, traffic classification
Presentation: slides
Citation:

@inproceedings{girish-imc23,
title={{In the Room Where It Happens: Characterizing Local Communication and Threats in Smart Homes}},
author={Girish, Aniketh and Hu, Tianrui and Prakash, Vijay and Dubois, Daniel J. and Matic, Srdjan and Huang, Danny Yuxing and Egelman, Serge and Reardon, Joel and Tapiador, Juan and Choffnes, David and Vallina-Rodriguez, Narseo},
booktitle={Proc. of the Internet Measurement Conference (IMC'23)},
year={2023}
}

Acknowledgments

We thank our shepherd and the anonymous reviewers for their valuable comments and suggestions. We also thank Nipuna Weerasekara (IMDEA Networks) for his help developing the PoC apps. The project is partially funded by the NSF ProperData award (SaTC1955227). IMDEA Networks and UC3M are funded by the EU H2020 grant TRUST aWARE (101021377). The IoT Inspector work is funded in part by National Science Foundation Award CNS-2219867. Srdjan Matic was partially supported by the Atracciòn de Talento grant (Ref. 2020-T2/TIC-20184) funded by Madrid regional government, the PRODIGY Project (TED2021-132464B-I00) funded by MCIN/AEI/10.13039/501100011033 the European Union NextGenerationEU/PRTR, and the grant PID2022-142290OB-I00, funded by MCIN/AEI/10.13039/501100011033 and by the ESF+. Narseo VallinaRodriguez has been appointed as a 2019 Ramon y Cajal fellow (RYC2020-030316-I) by the Ministry of Science of Spain. The opinions, findings, and conclusions, or recommendations expressed are those of the authors and do not necessarily reflect the views of any of the funding bodies.