research-article

IoTAthena: Unveiling IoT Device Activities From Network Traffic

Authors:

Guoliang XueAuthors Info & Claims

IEEE Transactions on Wireless Communications, Volume 21, Issue 1

Pages 651 - 664

https://doi.org/10.1109/TWC.2021.3098608

Published: 01 January 2022 Publication History

Abstract

The recent spate of cyber attacks towards Internet of Things (IoT) devices in smart homes calls for effective techniques to understand, characterize, and unveil IoT device activities. In this paper, we present a new system, named IoTAthena, to unveil IoT device activities from raw network traffic consisting of timestamped IP packets. IoTAthena characterizes each IoT device activity using an activity signature consisting of an ordered sequence of IP packets with inter-packet time intervals. IoTAthena has two novel polynomial time algorithms, <monospace>sigMatch</monospace> and <monospace>actExtract</monospace>. For any given signature, <monospace>sigMatch</monospace> can capture all matches of the signature in the raw network traffic. Using <monospace>sigMatch</monospace> as a subfunction, <monospace>actExtract</monospace> can accurately unveil the sequence of various IoT device activities from the raw network traffic. Using the network traffic of heterogeneous IoT devices collected at the router of a real-world smart home testbed and a public IoT dataset, we demonstrate that IoTAthena is able to characterize and generate activity signatures of IoT device activities and accurately unveil the sequence of IoT device activities from raw network traffic.

References

[1]

A. Acaret al., “Peek-a-boo: I see your smart home activities, even encrypted!” in Proc. ACM WiSec, 2020, pp. 207–218.

[2]

O. Alrawi, C. Lever, M. Antonakakis, and F. Monrose, “SoK: Security evaluation of home-based IoT deployments,” in Proc. IEEE S&P, May 2019, pp. 1362–1380.

[3]

M. Antonakakiset al., “Understanding the Mirai botnet,” in Proc. USENIX Secur., 2017, pp. 1093–1110.

[4]

A. Bergroth, H. Hakonen, and T. Raita, “A survey of longest common subsequence algorithms,” in Proc. IEEE SPIRE, Sep. 2000, pp. 39–48.

[5]

B. Bezawada, M. Bachani, J. Peterson, H. Shirazi, I. Ray, and I. Ray, “Behavioral fingerprinting of IoT devices,” in Proc. ACM ASHES, 2018, pp. 41–50.

[6]

T.-H. Cormen, C.-E. Leiserson, R.-L. Rivest, and C. Stein, Introduction to Algorithms. Cambridge, MA, USA: MIT Press, 2009.

Digital Library

[7]

S. Demetriouet al., “HanGuard: SDN-driven protection of smart home WiFi devices from malicious mobile apps,” in Proc. ACM WiSec, 2017, pp. 122–133.

[8]

A. Dhamdhereet al., “Inferring persistent interdomain congestion,” in Proc. ACM SIGCOMM, 2018, pp. 1–15.

[9]

E. Fernandes, J. Jung, and A. Prakash, “Security analysis of emerging smart home applications,” in Proc. IEEE S&P, May 2016, pp. 636–654.

[10]

E. Fernandes, A. Rahmati, K. Eykholt, and A. Prakash, “Internet of Things security research: A rehash of old ideas or new intellectual challenges?” IEEE Secur. Privacy, vol. 15, no. 4, pp. 79–84, Aug. 2017.

Digital Library

[11]

K. Gao, C. Corbett, and R. Beyah, “A passive approach to wireless device fingerprinting,” in Proc. IEEE/IFIP DSN, Jun. 2010, pp. 383–392.

[12]

T. Gu, Z. Fang, A. Abhishek, H. Fu, P. Hu, and P. Mohapatra, “IoTGaze: IoT security enforcement via wireless context analysis,” in Proc. IEEE INFOCOM, Jul. 2020, pp. 884–893.

[13]

T. Gu and P. Mohapatra, “BF-IoT: Securing the IoT networks via fingerprinting-based device authentication,” in Proc. IEEE MASS, Oct. 2018, pp. 254–262.

[14]

S. Herwig, H. Harvey, G. Hughey, R. Roberts, and D. Levin, “Measurement and analysis of Hajime, a peer-to-peer IoT botnet,” in Proc. NDSS, 2019, pp. 1–15.

[15]

T. Høiland-Jørgensen, B. Ahlgren, P. Hurtig, and A. Brunstrom, “Measuring latency variation in the internet,” in Proc. ACM CoNEX, 2016, pp. 473–480.

[16]

Y. Huang, W. Wang, H. Wang, T. Jiang, and Q. Zhang, “Authenticating on-body IoT devices: An adversarial learning approach,” IEEE Trans. Wireless Commun., vol. 19, no. 8, pp. 5234–5245, Aug. 2020.

[17]

H. Jafari, O. Omotere, D. Adesina, H.-H. Wu, and L. Qian, “IoT devices fingerprinting using deep learning,” in Proc. IEEE MILCOM, Oct. 2018, pp. 1–9.

[18]

Y. Jia, Y. Xiao, J. Yu, X. Cheng, Z. Liang, and Z. Wan, “A novel graph-based mechanism for identifying traffic vulnerabilities in smart home IoT,” in Proc. IEEE INFOCOM, Apr. 2018, pp. 1493–1501.

[19]

G. Kambourakis, C. Kolias, and A. Stavrou, “The Mirai botnet and the IoT zombie armies,” in Proc. IEEE MILCOM, Oct. 2017, pp. 267–272.

[20]

D. Kumaret al., “All things considered: An analysis of IoT devices on home networks,” in Proc. USENIX Secur., 2019, pp. 1169–1185.

[21]

X. Ma, J. Qu, J. Li, J. Lui, Z. Li, and X. Guan, “Pinpointing hidden IoT devices via spatial-temporal traffic fingerprinting,” in Proc. IEEE INFOCOM, Jul. 2020, pp. 894–903.

[22]

D. Maier, “The complexity of some problems on subsequences and supersequences,” J. ACM, vol. 25, no. 2, pp. 322–336, Apr. 1978.

Digital Library

[23]

M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A.-R. Sadeghi, and S. Tarkoma, “IoT Sentinel: Automated device-type identification for security enforcement in IoT,” in Proc. IEEE ICDCS, Jun. 2017, pp. 2177–2184.

[24]

P. Morgner, C. Mai, N. Koschate-Fischer, F. Freiling, and Z. Benenson, “Security update labels: Establishing economic incentives for security patching of IoT consumer products,” in Proc. IEEE S&P, May 2020, pp. 429–446.

[25]

P. Morgner, S. Mattejat, Z. Benenson, C. Muller, and F. Armknecht, “Insecure to the touch: Attacking ZigBee 3.0 via touchlink commissioning,” in Proc. ACM WiSec, 2017, pp. 230–240.

[26]

A. Mosenia and N. K. Jha, “A comprehensive study of security of Internet-of-Things,” IEEE Trans. Emerg. Topics Comput., vol. 5, no. 4, pp. 586–602, Dec. 2017.

[27]

T. J. OConnor, R. Mohamed, M. Miettinen, W. Enck, B. Reaves, and A.-R. Sadeghi, “HomeSnitch: Behavior transparency and control for smart home IoT devices,” in Proc. ACM WiSec, 2019, pp. 128–138.

[28]

V. Paxson and M. Allman, Computing TCP’s Retransmission Timer, document RFC 2988, Internet Engineering Task Force (IETF) Request for Comments, Nov.2000.

Digital Library

[29]

J. Ren, D.-J. Dubois, D. Choffnes, A.-M. Mandalari, R. Kolcun, and H. Haddadi, “Information exposure from consumer IoT devices: A multidimensional, network-informed measurement approach,” in Proc. ACM IMC, 2019, pp. 267–279.

[30]

E. Ronen, C. O’Flynn, A. Shamir, and A.-O. Weingarten, “IoT Goes nuclear: Creating a ZigBee chain reaction,” in Proc. IEEE S&P, May 2017, pp. 195–212.

[31]

E. Ronen and A. Shamir, “Extended functionality attacks on IoT devices: The case of smart lights,” in Proc. IEEE EuroS&P, Mar. 2016, pp. 3–12.

[32]

M. Ryan. (2013). Bluetooth Smart: The Good, the Bad, the Ugly, and the Fix. [Online]. Available: https://lacklustre.net/bluetooth/bluetooth_smart_good_bad_ugly_fix-mikeryan-blackhat_2013.pdf

[33]

SmartHomeDB. Smart Home DB—The Smart Home Database. [Online]. Available: https://www.smarthomedb.com/

[34]

S. Siby, R. Maiti, and N. Tippenhauer, “IoTScanner: Detecting privacy threats in IoT neighborhoods,” in Proc. ACM IoTPTS, 2017, pp. 23–30.

[35]

A. Sivanathanet al., “Classifying IoT devices in smart environments using network traffic characteristics,” IEEE Trans. Mobile Comput., vol. 18, no. 8, pp. 1745–1759, Aug. 2018.

[36]

V. Sivaraman, D. Chan, D. Earl, and R. Boreli, “Smart-phones attacking smart-homes,” in Proc. ACM WiSec, 2016, pp. 195–200.

[37]

R. Trimananda, J. Varmarken, A. Markopoulou, and B. Demsky, “PingPong: Packet-level signatures for smart home device events,” in Proc. NDSS, 2019, pp. 1–24.

[38]

M. Vlachos, G. Kollios, and D. Gunopulos, “Discovering similar multidimensional trajectories,” in Proc. IEEE ICDE, Feb. 2002, pp. 673–684.

[39]

Y. Wan, K. Xu, F. Wang, and G. Xue, “Characterizing and mining traffic patterns of IoT devices in edge networks,” IEEE Trans. Netw. Sci. Eng., vol. 8, no. 1, pp. 89–101, Jan. 2021.

[40]

Y. Wan, K. Xu, G. Xue, and F. Wang, “IoTArgos: A multi-layer security monitoring system for Internet-of-Things in smart homes,” in Proc. IEEE INFOCOM, Jul. 2020, pp. 874–883.

[41]

K. Xu, Y. Wan, G. Xue, and F. Wang, “Multidimensional behavioral profiling of Internet-of-Things in edge networks,” in Proc. IEEE/ACM IWQoS, Jun. 2019, pp. 1–10.

[42]

L. Yu, B. Luo, J. Ma, Z. Zhou, and Q. Liu, “You are what you broadcast: Identification of mobile and IoT devices from (public) WiFi,” in Proc. USENIX Secur., 2020, pp. 55–72.

[43]

S. Zhang, W. Wang, S. Tang, S. Jin, and T. Jiang, “Robot-assisted backscatter localization for IoT applications,” IEEE Trans. Wireless Commun., vol. 19, no. 9, pp. 5807–5818, Sep. 2020.

[44]

W. Zhang, Y. Meng, Y. Liu, X. Zhang, Y. Zhang, and H. Zhu, “HoMonit: Monitoring smart home apps from encrypted traffic,” in Proc. ACM CCS, 2018, pp. 1074–1088.

[45]

H. Zhu, Y. Li, R. Li, J. Li, Z. You, and H. Song, “SEDMDroid: An enhanced stacking ensemble framework for Android malware detection,” IEEE Trans. Netw. Sci. Eng., vol. 8, no. 2, pp. 984–994, Apr. 2021. [Online]. Available: https://ieeexplore.ieee.org/document/9099045/

[46]

T. Zillner and S. Strobl, “ZigBee exploited: The good, the bad and the ugly,” in Proc. DeepSec Conf. Depth Secur., 2015, pp. 1–6.

[47]

H. Zou, M. Jin, H. Jiang, L. Xie, and C. J. Spanos, “WinIPS: WiFi-based non-intrusive indoor positioning system with online radio map construction and adaptation,” IEEE Trans. Wireless Commun., vol. 16, no. 12, pp. 8118–8130, Dec. 2017.

Digital Library

Cited By

De Vaere PStöger FPerrig ATsudik GQuek TGao DZhou JCardenas A(2024)The SA4P Framework: Sensing and Actuation as a PrivilegeProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3657006(873-885)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3657006
Ge JRui JMa HLi BHe Y(2024)Root Cause Analysis of Anomaly in Smart Homes Through Device Interaction GraphAdvanced Intelligent Computing Technology and Applications10.1007/978-981-97-5606-3_31(363-374)Online publication date: 5-Aug-2024
https://dl.acm.org/doi/10.1007/978-981-97-5606-3_31
Wan YXu KWang FXue G(2022)IoTMosaic: Inferring User Activities from IoT Network Traffic in Smart HomesIEEE INFOCOM 2022 - IEEE Conference on Computer Communications10.1109/INFOCOM48880.2022.9796908(370-379)Online publication date: 2-May-2022
https://dl.acm.org/doi/10.1109/INFOCOM48880.2022.9796908

Index Terms

IoTAthena: Unveiling IoT Device Activities From Network Traffic
1. Networks
  1. Network services
    1. Network monitoring
2. Security and privacy
  1. Network security

Index terms have been assigned to the content through auto-classification.

Recommendations

Network Traffic Analysis based IoT Device Identification
BDIOT '20: Proceedings of the 2020 4th International Conference on Big Data and Internet of Things

Device identification is the process of identifying a device on Internet without using its assigned network or other credentials. The sharp rise of usage in Internet of Things (IoT) devices has imposed new challenges in device identification due to a ...
IoTMosaic: Inferring User Activities from IoT Network Traffic in Smart Homes
IEEE INFOCOM 2022 - IEEE Conference on Computer Communications
Recent advances in cyber-physical systems, artificial intelligence, and cloud computing have driven the wide deployment of Internet-of-things (IoT) in smart homes. As IoT devices often directly interact with the users and environments, this paper studies ...
Home Network Device Authentication

As home devices have various functions and have improved computing power and networking ability, home device authentication has become increasingly important for improving the security of home network users. Moreover, device authentication supplies user ...

Comments

Information & Contributors

Information

Published In

cover image IEEE Transactions on Wireless Communications

IEEE Transactions on Wireless Communications Volume 21, Issue 1

Jan. 2022

708 pages

ISSN:1536-1276

Issue’s Table of Contents

1536-1276 © 2021 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.

Publisher

IEEE Press

Publication History

Published: 01 January 2022

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

De Vaere PStöger FPerrig ATsudik GQuek TGao DZhou JCardenas A(2024)The SA4P Framework: Sensing and Actuation as a PrivilegeProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3657006(873-885)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3657006
Ge JRui JMa HLi BHe Y(2024)Root Cause Analysis of Anomaly in Smart Homes Through Device Interaction GraphAdvanced Intelligent Computing Technology and Applications10.1007/978-981-97-5606-3_31(363-374)Online publication date: 5-Aug-2024
https://dl.acm.org/doi/10.1007/978-981-97-5606-3_31
Wan YXu KWang FXue G(2022)IoTMosaic: Inferring User Activities from IoT Network Traffic in Smart HomesIEEE INFOCOM 2022 - IEEE Conference on Computer Communications10.1109/INFOCOM48880.2022.9796908(370-379)Online publication date: 2-May-2022
https://dl.acm.org/doi/10.1109/INFOCOM48880.2022.9796908

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents