Thumbnail Image
Publication

Safeguarding user privacy in the IoT era

Yu, Keyang
Citations
Altmetric:
Advisor
Chen, Dong
Editor
Date
Date Issued
2024
Date Submitted
Keywords
Internet of Things
 machine learning
 privacy and security
Collections
2024 - Mines Theses & Dissertations
Show all metadata
Files
Thumbnail Image
Yu_mines_0052E_12877.pdf
Adobe PDF6.09 MB
Research Projects
Organizational Units
Journal Issue
URI
https://hdl.handle.net/11124/179241
Embargo Expires
Abstract
The Internet of Things (IoT) has been erupting the world widely over the decade. Smart home and smart building owners are increasingly deploying IoT devices to monitor and control their environments due to the rapid decline in the price of IoT devices. However, serious privacy threat was revealed by recent research and media reports. First, the Internet traffic data generated by IoT devices are collected by Internet Service Providers (ISPs) and IoT device manufacturers, and often shared with third-parties to maintain and enhance user services. Extensive recent research has shown that on-path adversaries can infer and fingerprint user's sensitive privacy information such as occupancy and user in-home activities by analyzing IoT network traffic rates alone. Most recent approaches that aim at defending against these malicious IoT traffic analytics can not sufficiently protect user privacy with reasonable Internet traffic and hardware resource overhead. In particular, many approaches did not consider practical limitations, e.g., network bandwidth, maximum package injection rate or actual user in-home behavior in their design. Second, such privacy threats also shows in some specific types of IoT devices, like smart cameras. Significant recent research has uncovered potential user privacy threats associated with popular commercial camera systems. The manufacture design of these commercial camera systems usually requires smart camera users to relinquish their control of camera recorded data. For instance, these cameras often upload camera recordings to their cloud servers or data centers to enable advanced data analysis for camera app services. To facilitate enhanced camera services, the data may also be shared with on-path vendors, third parties of manufacturers, and cloud providers, potentially allowing them to access video footage or image captures without users' awareness or obtaining meaningful consent. To address these problems, my research aims at building and implementing computer systems in different scales of implementation, to allow Cyber-Physical System (CPS) and IoT users to regain the comprehensive control over their privacy, and the following contributions were made: \underline{\textit{SmartAttack}} and \underline{\textit{TrafficSpy}} aim at disaggregating individual IoT devices from both raw and VPN-encrypted IoT network traffic data. I designed and implemented two Machine Learning (ML) and Deep Learning (DL)-based adversarial attack model frameworks to mimic the malicious external adversaries carrying on user activity inference attacks. In addition to proving the severeness of smart home user privacy threat, these two works can also be leveraged by researchers and industrial users from IoT security community, to better evaluate their privacy preserving works. \underline{\textit{PrivacyGuard}}, as the first prototype, successfully provided an open-sourced, low-cost, user-tunable defense system, that enable users to significantly reduce the private information leaked through IoT device network traffic data, while still permitting sophisticated data analytics or control that is necessary in smart home management. I evaluated PrivacyGuard using IoT network traffic traces of 31 IoT devices from 5 smart homes and deploying a Raspberry Pi 4-based prototype. And the result shows that PrivacyGuard can effectively prevent a wide range of state-of-the-art machine learning-based occupancy and other 9 user-in-home activity detection attacks. \underline{\textit{PAROS}} - Privacy As a Router Operating system Service, made significant improvement from PrivacyGuard, to lift the requirement for installation of additional hub hardware, and still maintain comparable privacy preserving performance and system overhead. By leveraging Hidden Markov Model (HMM)-based artificial traffic signature injection, and Support Vector Machines (SVM)-based memory replacement scheme, the performance of PAROS was significantly optimized. \underline{\textit{SecCam}}, designed to solve the second half of the privacy threat, has provided a new open-sourced, adaptive and distributed privacy-preserving camera system. By harnessing the technique of on-device learning, SecCam provided several tiny intelligent camera services that offer the same features found in the commercially available cameras. SecCam enables user to regain the control of their data while still retaining access to regular camera services. The SecCam was evaluated using multiple camera video footage traces and on multiple real camera prototypes. In the future, I plan to dive deeper on safeguarding the IoT user privacy by improving my current systems, developing new attacking approaches, and doing ethical related work in the field of CPS and IoT.
Associated Publications
Rights
Copyright of the original work is retained by the author.
Embedded videos