packet level signatures for
play

Packet-Level Signatures for Smart Home Devices Rahmadi Trimananda, - PowerPoint PPT Presentation

Packet-Level Signatures for Smart Home Devices Rahmadi Trimananda, Janus Varmarken, Athina Markopoulou, and Brian Demsky Smart Home 2 Smart Home Smart Plugs 2 Smart Home Smart Plugs Light Bulbs 2 Smart Home Smart Plugs Light Bulbs


  1. Universal Signatures ● Applies to many devices ○ Our corpus: 18 devices 18

  2. Universal Signatures ● Applies to many devices ○ Our corpus: 18 devices 19

  3. Universal Signatures ● Applies to many devices ○ Our corpus: 18 devices ○ Public dataset Mon(IoT)r ■ Extraction for 21 new devices 19

  4. Universal Signatures ● Applies to many devices ○ Our corpus: 18 devices ○ Public dataset Mon(IoT)r ■ Extraction for 21 new devices 19

  5. Universal Signatures ● Applies to many devices ○ Our corpus: 18 devices ○ Public dataset Mon(IoT)r ■ Extraction for 21 new devices ■ Comparison for 5 common devices 19

  6. Universal Signatures ● Three communications ● Two adversaries ○ WAN and Wi-Fi sniffers ● Different triggers ○ Local -Phone 19

  7. Universal Signatures ● Three communications ● Two adversaries ○ WAN and Wi-Fi sniffers ● Different triggers ○ Local -Phone ○ Remote -Phone, and ○ Home Automation 19

  8. Universal Signatures Universal Signatures ● Three communications ● Two adversaries ○ WAN and Wi-Fi sniffers ● Different triggers ○ Local -Phone ○ Remote -Phone, and ○ Home Automation 19

  9. Universal Signatures ● Three communications ● Two adversaries ○ WAN and Wi-Fi sniffers ● Different triggers ○ Local -Phone ○ Remote -Phone, and ○ Home Automation ● Matching with recall > 97% 19

  10. Unique Signatures ● Distinguish ○ Device type ○ Event type: binary and non-binary ○ Same-vendor devices 20

  11. Unique Signatures ● Distinguish ○ Device type ○ Event type: binary and non-binary ○ Same-vendor devices 20

  12. Unique Signatures ● Distinguish ○ Device type ○ Event type: binary and non-binary ○ Same-vendor devices ● Negative control experiment ○ Three public datasets: >440 million packets ■ YourThings, UNSW, UNB ○ FPR: one FP per 40 million packets 20

  13. Packet-Level Signatures ● Can distinguish event types 21

  14. Packet-Level Signatures ● Can distinguish event types ● Minimal set of traffic features 21

  15. Packet-Level Signatures ● Can distinguish event types ● Minimal set of traffic features ● Two adversaries 21

  16. Packet-Level Signatures ● Can distinguish event types ● Minimal set of traffic features ● Two adversaries ● Applicable to many devices 21

  17. Packet-Level Signatures ● Can distinguish event types ● Minimal set of traffic features ● Two adversaries ● Applicable to many devices ● Resilient to traffic shaping & VPN encryption ● Defended against by packet padding 21

  18. Packet-Level Signatures ● Can distinguish event types ● Minimal set of traffic features ● Two adversaries ● Applicable to many devices ● Resilient to traffic shaping & VPN encryption ● Defended against by packet padding ● Profiling and network monitoring 21

  19. Limitations ● Need device to train ● Signatures may vary over time ● Apply to 95% of devices ○ UDP-based ○ Repetitive pairs for an event 22

  20. Outline I. Background and Problem Statement II. Key Observation: Packet-Level Signatures III.The PingPong System IV.Conclusion 23

  21. Conclusions ● Packet-level signatures ○ Request-reply pattern ○ Packet lengths and directions ● Automation: PingPong ○ Extraction and detection ● Signatures are universal and unique 24

  22. Thank You! ● Paper https://www.ndss-symposium.org/ndss- paper/packet-level-signatures-for-smart-home- devices/ ● Software and datasets http://plrg.ics.uci.edu/pingpong/ 25

  23. Additional Slides

  24. Signature Variations ● Signatures with no variation C-556 S-1293 ● Signatures with ranges C-339 S-329 C-[364-365] S-[1061-1070] C-[271-273] S-[499-505] ● Signatures that vary ○ Signature evolution ○ Signatures that vary in certain packets ■ App’s username and password C-556 S-1293 2018 C-592 S-1234 S-100 2019 C-605 S-1213 S-100

Recommend


More recommend