Preserving Contextual Privacy for Smart Home IoT Devices With Dynamic Traffic Shaping

Internet of Things (IoT) enables physical devices embedded with sensors, software, and other technologies to interoperate and exchange data with other systems over the Internet. Privacy is a huge concern for IoT devices as personal information is constantly being shared through them. Though the best industrial standards like end-to-end encryption are being followed to ensure content-based privacy, contextual privacy concerns still exist. This study focuses on user activity inference attacks, where a passive network observer can infer the private in-home activity of a user by analyzing encrypted IoT traffic metadata. Most of the previous solutions addressing these attacks have either reduced the usability of the devices, increased data overhead, or failed against packet-level signature-based attack scenarios. This study introduces a new defense mechanism that combines dummy packet generation with dynamic link padding. This process makes it difficult for the adversary to avail contextual information about the state of the device (ON or OFF), along with the temporal information (time of state change) from encrypted IoT traffic metadata. We reverse the packet-level signature-based attacks to get device-specific signatures, which helps us generate dummy traffic for the duration of device-specific signatures. Consequently, this results in increased false positives for device state identifications and low traffic overhead. We simulate a state-of-the-art attack scenario to test and vindicate our solution over existing data sets.