Packet-Level Signatures for Smart Home Devices

Rahmadi Trimananda (University of California, Irvine), Janus Varmarken (University of California, Irvine), Athina Markopoulou (University of California, Irvine), Brian Demsky (University of California, Irvine)

Smart home devices are vulnerable to passive inference attacks based on network traffic, even in the presence of encryption. In this paper, we present PINGPONG , a tool that can automatically extract packet-level signatures (i.e., simple sequences of packet lengths and directions) from the network traffic of smart home devices, and use those signatures to detect occurrences of specific device events (e.g., light bulb turning ON/OFF). We evaluated PINGPONG on popular smart home
devices ranging from smart plugs and thermostats to cameras and Roomba (vacuum cleaner) robots. We were able to: (1) automatically extract, previously unknown, signatures from the devices; (2) use those signatures to detect the occurrences of specific device events with an average recall of more than 97%; (3) show that the signatures are unique among tens of millions of packets of real
world network traffic (average false positive rate is 1 in every 2.5 million packets); and (4) show that our signatures are resilient against state-of-the-art VPN-based defenses that perform traffic shaping.