LOIS: Low-cost Packet Header Protection for IoT Devices
Pages 354 - 366
Abstract
The widely deployed IoT devices in various applications, such as smart homes and smart factories, pose new privacy concerns. IoT devices typically capture users’ activities or collect information from their surroundings and then send the information to remote cloud servers, exposing private information to passive adversaries by looking at the packet headers. Thus, in an enhanced IoT security protocol, protecting privacy also requires hiding packet headers and other traffic metadata. This work presents the LOIS framework, a packet-level packet header protector based on efficient one-time keystreams. LOIS allows IoT devices to efficiently hide the IP and port information in packet headers while allowing the cloud to recover the original packet headers. Besides, LOIS can easily integrate with existing IoT traffic padding algorithms to hide traffic patterns. We implement LOIS on commodity servers running in a public cloud. Our experimental results show that LOIS only introduces moderate overhead. For example, results show that LOIS only incurs about 250–365 ns end-to-end latency on average for the upload traffic, which is 80%–90% less than that of IPsec.
References
[1]
[n. d.]. CloudLab. https://www.cloudlab.us/.
[2]
[n. d.]. Google admits its new smart speaker was eavesdropping on users. https://money.cnn.com/2017/10/11/technology/google-home-mini-security-flaw/index.html.
[3]
[n. d.]. Intel DPDK: Data Plane Development Kit. https://www.dpdk.org.
[4]
[n. d.]. IPsec. https://doc.dpdk.org/guides-16.04/sample_app_ug/ipsec_secgw.html.
[5]
[n. d.]. Pktgen-DPDK. https://github.com/Pktgen/Pktgen-DPDK/.
[6]
Abbas Acar, Hossein Fereidooni, Tigist Abera, Amit Kumar Sikder, Markus Miettinen, Hidayet Aksu, Mauro Conti, Ahmad-Reza Sadeghi, and Selcuk Uluagac. 2020. Peek-a-Boo: I see your smart home activities, even encrypted!. In Proc. of ACM WiSec. 207–218.
[7]
Noah Apthorpe, Danny Yuxing Huang, Dillon Reisman, Arvind Narayanan, and Nick Feamster. 2019. Keeping the smart home private with smart (er) iot traffic shaping. Proc. of PoPETs 2019, 3 (2019), 128–148.
[8]
Noah Apthorpe, Dillon Reisman, and Nick Feamster. 2017. Closing the blinds: Four strategies for protecting smart home privacy from network observers. arXiv preprint arXiv:1705.06809 (2017).
[9]
Noah Apthorpe, Dillon Reisman, and Nick Feamster. 2017. A smart home is no castle: Privacy vulnerabilities of encrypted iot traffic. arXiv preprint arXiv:1705.06805 (2017).
[10]
Hamidreza Arasteh, Vahid Hosseinnezhad, Vincenzo Loia, Aurelio Tommasetti, Orlando Troisi, Miadreza Shafie-khah, and Pierluigi Siano. 2016. Iot-based smart cities: a survey. In Proc. of IEEE EEEIC. 1–6.
[11]
Hanhua Chen, Liangyi Liao, Hai Jin, and Jie Wu. 2017. The dynamic cuckoo filter. In Proc. of IEEE ICNP. 1–10.
[12]
Bogdan Copos, Karl Levitt, Matt Bishop, and Jeff Rowe. 2016. Is anybody home? Inferring activity from smart home network traffic. In Proc. of IEEE SPW. IEEE, 245–251.
[13]
Daniel E. Eisenbud, Cheng Yi, Carlo Contavalli, Cody Smith, Roman Kononov, Eric Mann-Hielscher, Ardas Cilingiroglu, Bin Cheyney, Wentao Shang, and Jinnah Dylan Hosein. 2016. Maglev: A Fast and Reliable Software Network Load Balancer. In Proc. of USENIX NSDI.
[14]
Bin Fan, Dave G Andersen, Michael Kaminsky, and Michael D Mitzenmacher. 2014. Cuckoo filter: Practically better than bloom. In Proc. of ACM CoNEXT. 75–88.
[15]
Xinwen Fu, Bryan Graham, Riccardo Bettati, Wei Zhao, and Dong Xuan. 2003. Analytical and empirical analysis of countermeasures to traffic analysis attacks. In Proc. of IEEE ICPP. 483–492.
[16]
Rohan Gandhi, Hongqiang Harry Liu, Y. Charlie Hu, Guohan Lu, Jitendra Padhye, Lihua Yuan, and Ming Zhang. 2014. Duet: Cloud scale load balancing with hardware and software. Proc. of ACM SIGCOMM.
[17]
M Shamim Hossain and Ghulam Muhammad. 2016. Cloud-assisted industrial internet of things (iiot)–enabled framework for health monitoring. Computer Networks 101 (2016), 192–202.
[18]
Minhaj Ahmad Khan and Khaled Salah. 2018. IoT security: Review, blockchain solutions, and open challenges. Future Generation Computer Systems 82 (2018), 395–411.
[19]
M Hammad Mazhar and Zubair Shafiq. 2020. Characterizing Smart Home IoT Traffic in the Wild. arXiv preprint arXiv:2001.08288 (2020).
[20]
Yair Meidan, Michael Bohadana, Asaf Shabtai, Juan David Guarnizo, Martín Ochoa, Nils Ole Tippenhauer, and Yuval Elovici. 2017. ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis. In Proc. of ACM SAC. 506–509.
[21]
Rui Miao, Hongyi Zeng, Changhoon Kim, Jeongkeun Lee, and Minlan Yu. 2017. Silkroad: Making stateful layer-4 load balancing fast and cheap using switching asics. In Proc. of ACM SIGCOMM. 15–28.
[22]
Markus Miettinen, Samuel Marchal, Ibbad Hafeez, N Asokan, Ahmad-Reza Sadeghi, and Sasu Tarkoma. 2017. Iot sentinel: Automated device-type identification for security enforcement in iot. In Proc. of IEEE ICDCS. 2177–2184.
[23]
Jorge Ortiz, Catherine Crawford, and Franck Le. 2019. DeviceMien: network device behavior modeling for identifying unknown IoT devices. In Proc. of ACM/IEEE IoTDI. 106–117.
[24]
Jingjing Ren, Daniel J Dubois, David Choffnes, Anna Maria Mandalari, Roman Kolcun, and Hamed Haddadi. 2019. Information exposure from consumer iot devices: A multidimensional, network-informed measurement approach. In Proc. of ACM IMC. 267–279.
[25]
Mustafizur R Shahid, Gregory Blanc, Zonghua Zhang, and Hervé Debar. 2018. Iot devices recognition through network traffic analysis. In Proc. of IEEE BigData. IEEE, 5187–5192.
[26]
Arunan Sivanathan, Hassan Habibi Gharakheili, Franco Loi, Adam Radford, Chamith Wijenayake, Arun Vishwanath, and Vijay Sivaraman. 2018. Classifying IoT devices in smart environments using network traffic characteristics. Proc. of IEEE TMC 18, 8 (2018), 1745–1759.
[27]
Rahmadi Trimananda, Janus Varmarken, Athina Markopoulou, and Brian Demsky. [n. d.]. Packet-Level Signatures for Smart Home Devices. Signature 10, 13 ([n. d.]), 54.
[28]
Rahmadi Trimananda, Janus Varmarken, Athina Markopoulou, and Brian Demsky. 2019. PingPong: Packet-Level Signatures for Smart Home Device Events. arXiv preprint arXiv:1907.11797 (2019).
[29]
Jelle Van Den Hooff, David Lazar, Matei Zaharia, and Nickolai Zeldovich. 2015. Vuvuzela: Scalable private messaging resistant to traffic analysis. In Proc. of ACM SOSP. 137–152.
[30]
Minmei Wang, Mingxun Zhou, Shouqian Shi, and Chen Qian. 2019. Vacuum filters: more space-efficient and faster replacement for bloom and cuckoo filters. Proc. of the VLDB Endowment 13, 2 (2019), 197–210.
[31]
Serena Zheng, Noah Apthorpe, Marshini Chetty, and Nick Feamster. 2018. User perceptions of smart home IoT privacy. Proc. of ACM HCI 2, CSCW (2018), 1–20.
Recommendations
Privacy protection for low-cost RFID tags in IoT systems
CFI '12: Proceedings of the 7th International Conference on Future Internet TechnologiesRFID technologies in IoT systems enable to recognize animate or inanimate objects via radio frequency signals. However, RFID has several privacy problems such as object tracking by reading and tracking the ID transmitted from the RFID-tag. To solve such ...
Low-latency modular packet header parser for FPGA
ANCS '12: Proceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systemsPacket parsing is the basic operation performed at all points of the network infrastructure. Modern networks impose challenging requirements on the performance and configurability of packet parsing modules, however the high-speed parsers often use very ...
Format-compliant jpeg2000 encryption with combined packet header and packet body protection
MM&Sec '07: Proceedings of the 9th workshop on Multimedia & securityAll proposals for format-compliant encryption schemes for JPEG2000 that have been made to date only encrypt packet body data, but leave packet header data in plaintext. In this paper we show that for providing strict confidentiality, leaving the packet ...
Comments
Information & Contributors
Information
Published In
May 2023
514 pages
ISBN:9798400700378
DOI:10.1145/3576842
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 May 2023
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
IoTDI '23
Sponsor:
IoTDI '23: International Conference on Internet-of-Things Design and Implementation
May 9 - 12, 2023
TX, San Antonio, USA
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 107Total Downloads
- Downloads (Last 12 months)82
- Downloads (Last 6 weeks)1
Reflects downloads up to
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format