1. bookVolume 2022 (2022): Issue 2 (April 2022)
Journal Details
License
Format
Journal
eISSN
2299-0984
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

Analyzing the Feasibility and Generalizability of Fingerprinting Internet of Things Devices

Published Online: 03 Mar 2022
Page range: 578 - 600
Received: 31 Aug 2021
Accepted: 16 Dec 2021
Journal Details
License
Format
Journal
eISSN
2299-0984
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
Abstract

In recent years, we have seen rapid growth in the use and adoption of Internet of Things (IoT) devices. However, some loT devices are sensitive in nature, and simply knowing what devices a user owns can have security and privacy implications. Researchers have, therefore, looked at fingerprinting loT devices and their activities from encrypted network traffic. In this paper, we analyze the feasibility of fingerprinting IoT devices and evaluate the robustness of such fingerprinting approach across multiple independent datasets — collected under different settings. We show that not only is it possible to effectively fingerprint 188 loT devices (with over 97% accuracy), but also to do so even with multiple instances of the same make-and-model device. We also analyze the extent to which temporal, spatial and data-collection-methodology differences impact fingerprinting accuracy. Our analysis sheds light on features that are more robust against varying conditions. Lastly, we comprehensively analyze the performance of our approach under an open-world setting and propose ways in which an adversary can enhance their odds of inferring additional information about unseen devices (e.g., similar devices manufactured by the same company).

Keywords

[1] Smarthomedb. https://www.smarthomedb.com/. Accessed: 2021-12-02. Search in Google Scholar

[2] OpenWrt Project, 2020. https://openwrt.org/. Search in Google Scholar

[3] A. Acar, H. Fereidooni, T. Abera, A. K. Sikder, M. Miettinen, H. Aksu, M. Conti, A. Sadeghi, and A. S. Uluagac. Peek-a-boo: I see your smart home activities, even encrypted! CoRR, abs/1808.02741, 2018. Search in Google Scholar

[4] G. Acar, M. Juarez, N. Nikiforakis, C. Diaz, S. Gürses, F. Piessens, and B. Preneel. Fpdetective: dusting the web for fingerprinters. In Proceedings of the 20th ACM SIGSAC conference on Computer and Communications Security (CCS), pages 1129–1140, 2013.10.1145/2508859.2516674 Search in Google Scholar

[5] O. Alrawi, C. Lever, M. Antonakakis, and F. Monrose. Sok: Security evaluation of home-based IoT deployments. In Proceedings of the 40th IEEE Symposium on Security and Privacy (SP), pages 1362–1380, 2019.10.1109/SP.2019.00013 Search in Google Scholar

[6] B. Anderson and D. McGrew. Identifying encrypted malware traffic with contextual flow data. In Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security (AISec), pages 35–46, 2016.10.1145/2996758.2996768 Search in Google Scholar

[7] N. Apthorpe, D. Y. Huang, D. Reisman, A. Narayanan, and N. Feamster. Keeping the smart home private with smart(er) IoT traffic shaping. Proceedings on Privacy Enhancing Technologies, 2019(3):128–148, 2019.10.2478/popets-2019-0040 Search in Google Scholar

[8] N. Apthorpe, D. Reisman, and N. Feamster. A smart home is no castle: Privacy vulnerabilities of encrypted IoT traffic. CoRR, abs/1705.06805, 2017. Search in Google Scholar

[9] N. Apthorpe, D. Reisman, S. Sundaresan, A. Narayanan, and N. Feamster. Spying on the smart home: Privacy attacks and defenses on encrypted IoT traffic. CoRR, abs/1708.05044, 2017. Search in Google Scholar

[10] G. D. Bissias, M. Liberatore, D. Jensen, and B. N. Levine. Privacy vulnerabilities in encrypted http streams. In Proceedings of the 5th International Conference on Privacy Enhancing Technologies (PETS), pages 1–11, 2005.10.1007/11767831_1 Search in Google Scholar

[11] X. Cai, X. C. Zhang, B. Joshi, and R. Johnson. Touching from a distance: Website fingerprinting attacks and defenses. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS), pages 605–616, 2012.10.1145/2382196.2382260 Search in Google Scholar

[12] S. Chen, R. Wang, X. Wang, and K. Zhang. Side-channel leaks in web applications: A reality today, a challenge tomorrow. In Proceedings of the 31st IEEE Symposium on Security and Privacy (SP), pages 191–206, 2010.10.1109/SP.2010.20 Search in Google Scholar

[13] M. Conti, L. V. Mancini, R. Spolaor, and N. V. Verde. Can’t you hear me knocking: Identification of user actions on android apps via traffic analysis. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (CODASPY), pages 297–304, 2015.10.1145/2699026.2699119 Search in Google Scholar

[14] B. Copos, K. Levitt, M. Bishop, and J. Rowe. Is anybody home? inferring activity from smart home network traffic. In IEEE Security and Privacy Workshops (SPW), pages 245–251. IEEE, 2016.10.1109/SPW.2016.48 Search in Google Scholar

[15] S. Dai, A. Tongaonkar, X. Wang, A. Nucci, and D. Song. Networkprofiler: Towards automatic fingerprinting of android apps. In Proceedings of the 32nd IEEE INFOCOM, pages 809–817, 2013.10.1109/INFCOM.2013.6566868 Search in Google Scholar

[16] A. Das, N. Borisov, and E. Chou. Every move you make: Exploring practical issues in smartphone motion sensor fingerprinting and countermeasures. Proceedings on Privacy Enhancing Technologies, 2018(1):88–108, 2018. Search in Google Scholar

[17] L. C. C. Desmond, C. C. Yuan, T. C. Pheng, and R. S. Lee. Identifying unique devices through wireless fingerprinting. In Proceedings of the 1st ACM conference on Wireless Network Security, pages 46–55, 2008.10.1145/1352533.1352542 Search in Google Scholar

[18] K. P. Dyer, S. E. Coull, T. Ristenpart, and T. Shrimpton. Peek-a-boo, i still see you: Why efficient traffic analysis countermeasures fail. In Proceedings of the 33rd IEEE Symposium on Security and Privacy (SP), pages 332–346. IEEE, 2012.10.1109/SP.2012.28 Search in Google Scholar

[19] J. Franklin, D. McCoy, P. Tabriz, V. Neagoe, J. V. Randwyk, and D. Sicker. Passive data link layer 802.11 wireless device driver fingerprinting. In Proceedings of the 15th Conference on USENIX Security Symposium (USENIX Security), volume 3, pages 16–89, 2006. Search in Google Scholar

[20] I. Guyon and A. Elisseeff. An introduction to variable and feature selection. The Journal of Machine Learning Research, 3:1157–1182, Mar. 2003. Search in Google Scholar

[21] J. Hayes and G. Danezis. k-fingerprinting: A robust scalable website fingerprinting technique. In Proceedings of the 25th USENIX Security Symposium (USENIX Security), pages 1187–1203, 2016. Search in Google Scholar

[22] D. Herrmann, R. Wendolsky, and H. Federrath. Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier. In Proceedings of the 2009 ACM workshop on Cloud Computing Security, pages 31–42, 2009.10.1145/1655008.1655013 Search in Google Scholar

[23] Y. Jin, E. Sharafuddin, and Z.-L. Zhang. Unveiling core network-wide communication patterns through application traffic activity graph decomposition. In Proceedings of the 11th International Joint Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), pages 49–60, 2009.10.1145/2492101.1555356 Search in Google Scholar

[24] M. Juarez, S. Afroz, G. Acar, C. Diaz, and R. Greenstadt. A critical evaluation of website fingerprinting attacks. In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS), page 263–274, 2014.10.1145/2660267.2660368 Search in Google Scholar

[25] T. Karagiannis, K. Papagiannaki, and M. Faloutsos. Blinc: Multilevel traffic classification in the dark. In Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM), page 229–240, 2005.10.1145/1090191.1080119 Search in Google Scholar

[26] T. Kohno, A. Broido, and K. C. Claffy. Remote physical device fingerprinting. IEEE Transactions on Dependable and Secure Computing, 2(2):93–108, 2005.10.1109/TDSC.2005.26 Search in Google Scholar

[27] Z. Li, W. Xu, R. Miller, and W. Trappe. Securing wireless systems via lower layer enforcements. In Proceedings of the 5th ACM workshop on Wireless Security (WiSec), pages 33–42, 2006.10.1145/1161289.1161297 Search in Google Scholar

[28] M. Liberatore and B. N. Levine. Inferring the source of encrypted http connections. In Proceedings of the 13th ACM conference on Computer and Communications Security (CCS), pages 255–263, 2006.10.1145/1180405.1180437 Search in Google Scholar

[29] L. Lu, E.-C. Chang, and M. C. Chan. Website fingerprinting and identification using ordered feature sequences. In Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS), pages 199–214, 2010.10.1007/978-3-642-15497-3_13 Search in Google Scholar

[30] L. v. d. Maaten and G. Hinton. Visualizing data using t-sne. Journal of machine learning research, 9(Nov):2579–2605, 2008. Search in Google Scholar

[31] S. Marchal, M. Miettinen, T. D. Nguyen, A. Sadeghi, and N. Asokan. Audi: Toward autonomous IoT device-type identification using periodic communication. IEEE Journal on Selected Areas in Communications, 37(6):1402–1412, 2019. Search in Google Scholar

[32] M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A. Sadeghi, and S. Tarkoma. IoT SENTINEL: Automated device-type identification for security enforcement in iot. In Proceedings of the 37th IEEE International Conference on Distributed Computing Systems (ICDCS), pages 2177–2184, 2017.10.1109/ICDCS.2017.283 Search in Google Scholar

[33] S. B. Moon, P. Skelly, and D. Towsley. Estimation and removal of clock skew from network delay measurements. In Proceedings of the 18th IEEE Conference on Computer Communications (INFOCOM), volume 1, pages 227–234, 1999. Search in Google Scholar

[34] N. T. Nguyen, G. Zheng, Z. Han, and R. Zheng. Device fingerprinting to enhance wireless security using nonparametric bayesian method. In Proceedings of the 30th IEEE INFOCOM, pages 1404–1412. IEEE, 2011.10.1109/INFCOM.2011.5934926 Search in Google Scholar

[35] T. T. T. Nguyen and G. Armitage. A survey of techniques for internet traffic classification using machine learning. IEEE Communications Surveys Tutorials, 10(4):56–76, 2008.10.1109/SURV.2008.080406 Search in Google Scholar

[36] T. OConnor, R. Mohamed, M. Miettinen, W. Enck, B. Reaves, and A.-R. Sadeghi. Homesnitch: behavior transparency and control for smart home IoT devices. In Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), pages 128–138, 2019.10.1145/3317549.3323409 Search in Google Scholar

[37] A. Panchenko, F. Lanze, J. Pennekamp, T. Engel, A. Zinnen, M. Henze, and K. Wehrle. Website fingerprinting at internet scale. In Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS), 2016.10.14722/ndss.2016.23477 Search in Google Scholar

[38] A. Panchenko, L. Niessen, A. Zinnen, and T. Engel. Website fingerprinting in onion routing based anonymization networks. In Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society (WPES), pages 103–114, 2011.10.1145/2046556.2046570 Search in Google Scholar

[39] J. Pang, B. Greenstein, R. Gummadi, S. Seshan, and D. Wetherall. 802.11 user fingerprinting. In Proceedings of the 13th Annual ACM International Conference on Mobile Computing and Networking (MobiCom), pages 99–110, 2007.10.1145/1287853.1287866 Search in Google Scholar

[40] F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay. Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12:2825–2830, 2011. Search in Google Scholar

[41] R. Perdisci, W. Lee, and N. Feamster. Behavioral clustering of http-based malware and signature generation using malicious network traces. In Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation (NSDI), page 26, 2010. Search in Google Scholar

[42] R. Perdisci, T. Papastergiou, O. Alrawi, and M. Antonakakis. Iotfinder: Efficient large-scale identification of iot devices via passive dns traffic analysis. In Proceedings of the 5th IEEE European Symposium on Security and Privacy (EuroS&P), 2020.10.1109/EuroSP48549.2020.00037 Search in Google Scholar

[43] A. Reed and M. Kranch. Identifying https-protected netflix videos in real-time. In Proceedings of the 7th ACM on Conference on Data and Application Security and Privacy, pages 361–368, 2017.10.1145/3029806.3029821 Search in Google Scholar

[44] J. Ren, D. J. Dubois, D. Choffnes, A. M. Mandalari, R. Kolcun, and H. Haddadi. Information exposure from consumer IoT devices: A multidimensional, network-informed measurement approach. In Proceedings of the 19th Internet Measurement Conference (IMC), pages 267–279, 2019.10.1145/3355369.3355577 Search in Google Scholar

[45] S. J. Saidi, A. M. Mandalari, R. Kolcun, D. J. D. Hamed Haddadi, D. Choffnes, G. Smaragdakis, and A. Feldmann. A haystack full of needles: Scalable detection of IoT devices in the wild. In Proceedings of the 20th Internet Measurement Conference (IMC), 2020.10.1145/3419394.3423650 Search in Google Scholar

[46] B. Saltaformaggio, H. Choi, K. Johnson, Y. Kwon, Q. Zhang, X. Zhang, D. Xu, and J. Qian. Eavesdropping on fine-grained user activities within smartphone apps over encrypted network traffic. In Proceedings of the 10th USENIX Conference on Offensive Technologies (WOOT), pages 69–78, 2016. Search in Google Scholar

[47] T. S. Saponas, J. Lester, C. Hartung, S. Agarwal, T. Kohno, et al. Devices that tell on you: Privacy trends in consumer ubiquitous computing. In Proceedings of the 16th USENIX Security Symposium (USENIX Security), pages 55–70, 2007. Search in Google Scholar

[48] A. Sivanathan, H. H. Gharakheili, F. Loi, A. Radford, C. Wijenayake, A. Vishwanath, and V. Sivaraman. Classifying IoT devices in smart environments using network traffic characteristics. IEEE Transactions on Mobile Computing, 18(8):1745–1759, 2018.10.1109/TMC.2018.2866249 Search in Google Scholar

[49] A. Sivanathan, D. Sherratt, H. H. Gharakheili, A. Radford, C. Wijenayake, A. Vishwanath, and V. Sivaraman. Characterizing and classifying IoT traffic in smart cities and campuses. In IEEE Conference on Computer Communications Workshops, pages 559–564, 2017.10.1109/INFCOMW.2017.8116438 Search in Google Scholar

[50] R. Sommer and V. Paxson. Outside the closed world: On using machine learning for network intrusion detection. In Proceedings of the 30th IEEE Symposium on Security and Privacy (SP), pages 305–316, 2010.10.1109/SP.2010.25 Search in Google Scholar

[51] D. Song. Timing analysis of keystrokes and ssh timing attacks. In Proceedings of the 10th USENIX Security Symposium (USENIX Security), 2001. Search in Google Scholar

[52] Q. Sun, D. R. Simon, Y.-M. Wang, W. Russell, V. N. Padmanabhan, and L. Qiu. Statistical identification of encrypted web browsing traffic. In Proceedings of the 23rd IEEE Symposium on Security and Privacy, pages 19–30, 2002. Search in Google Scholar

[53] V. F. Taylor, R. Spolaor, M. Conti, and I. Martinovic. Appscanner: Automatic fingerprinting of smartphone apps from encrypted network traffic. In Proceedings of the 1st IEEE European Symposium on Security and Privacy (EuroS&P), pages 439–454, 2016.10.1109/EuroSP.2016.40 Search in Google Scholar

[54] R. Trimananda, J. Varmarken, A. Markopoulou, and B. Demsky. Packet-level signatures for smart home devices. In Proceedings of the 27th Annual Network and Distributed System Security Symposium (NDSS), 2020.10.14722/ndss.2020.24097 Search in Google Scholar

[55] T. van Ede, R. Bortolameotti, A. Continella, J. Ren, D. J. Dubois, M. Lindorfer, D. Choffness, M. van Steen, and A. Peter. FlowPrint: Semi-Supervised Mobile-App Finger-printing on Encrypted Network Traffic. In Proceedings of the 27th Annual Network and Distributed System Security Symposium (NDSS), 2020.10.14722/ndss.2020.24412 Search in Google Scholar

[56] T. Wang, X, Cai, R. Nithyanand, R. Johnson, and I. Goldberg. Effective attacks and provable defenses for website fingerprinting. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security), pages 143–157, 2014. Search in Google Scholar

[57] C. V. Wright, L. Ballard, S. E. Coull, F. Monrose, and G. M. Masson. Uncovering spoken phrases in encrypted voice over ip conversations. ACM Transactions on Information and System Security (TISSEC), 13(4):1–30, 201010.1145/1880022.1880029 Search in Google Scholar

[58] C. V. Wright, L. Ballard, F. Monrose, and G. M. Masson. Language identification of encrypted VOIP traffic: Alejandra y roberto or alice and bob? In Proceedings of the 16th USENIX Security Symposium (USENIX Security), volume 3, pages 43–54, 2007. Search in Google Scholar

[59] C. V. Wright, S. E. Coull, and F. Monrose. Traffic morphing: An efficient defense against statistical traffic analysis. In Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS), 2009. Search in Google Scholar

[60] J. Yan and J. Kaur. Feature selection for website fingerprinting. Proceedings on Privacy Enhancing Technologies (PETS), 2018(4):200–219, 2018.10.1515/popets-2018-0039 Search in Google Scholar

[61] Y. Yang and J. O. Pederson. A comparative study on feature selection in text categorization. In Proceedings of the 14th International Conference on Machine Learning (ICML), pages 412–420, 1997. Search in Google Scholar

[62] W. Zhang, Y. Meng. Y. Liu, X. Zhang, and H. Zhu. Homonit: Monitoring smart home apps from encrypted traffic. In Proceedings of the 25th ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 1074–1088, 2018.10.1145/3243734.3243820 Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo