Presentation is loading. Please wait.

Presentation is loading. Please wait.

Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia.

Published bySandra Hodge Modified over 9 years ago

Similar presentations

Presentation on theme: "Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia."— Presentation transcript:

1 Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

2 Indoor Wireless Sensor Systems Indoor wireless sensor systems are becoming prevalent and will be more so in the future Assisted living facilities –UVa, Harvard, Johns Hopkins Home Security/Automation –5 million X10 deployments Industrial automation/monitoring –20 million Zigbee devices by 2007 People often assume Encryption = Privacy

3 FATS Attack FATS – Finger-print And Timing-based Snoop attack Observed Information –“T”– Radio message Timing –“F” – Radio fingerprint Inferred Information –# bathroom visits –# kitchen visits –Sleep time –Out time

4 Related Work Conventional data privacy ensured through encryption – Culler 2001, Gligor 2002 –Adversary infers desired private data in spite of data encryption (side-channel attack) Lots of work tries to infer activities based on sensors in the home – Tapia 2004 –We are assuming the adversary does not know anything: type, distribution, etc of the sensors Multi-hop traffic analysis attacks to infer sender-recipient matching or source location – Chaum 1981, Shi 2006, Deng 2005 –Our traffic analysis uses a snoop device one-hop away from the radio sources and is used to infer resident activity, not sender-recipient matching or source location Wireless Fingerprinting demonstrated for 802.11 wi-fi devices and mica motes –Detection Accuracies as high as 93% - Hall 2004, Hall 2006, Capkun 2006 –Primarily used to enhance privacy by providing hardware-based authentication –Wireless fingerprinting is used to break privacy, not enhance it

5 Presentation Outline Inference Procedure Counter attacks Conclusions & Future Work

6 Inference Algorithm Evaluation Experimental Setup to obtain algorithm input Wireless X-10 deployments in 4 homes with around 15 sensors and one base station receiver per home –Seven day deployments in each home

7 Inference Procedure

8 Tier – I Assumption 1: –Sensors in the same room fire at similar times Assumption 2: –Sensors in different rooms fire at different times –This implies a single person in the building

9 Sensor Clustering For each sensor i and j: - = Vector of minimum time distances between i and j, for all firings of i - = min(median( ),median( )) - = Shortest-Path( ) F = Multi-Dimensional-Scaling( ) C = cluster(F)

10 Tier – I: Sensor and Temporal Clustering Sensor Clustering – Performance

11 Temporal Clustering Separate sensor streams by room Use db-scan to identify temporal clusters for each room stream –automatically removes outliers unlike k-means

12 Tier – II Assumption 1: –Different houses have similar rooms Assumption 2: –Similar rooms have similar usage patterns

13 Tier – II Cluster to Room Mapping Constraints used: –Identify entrance room as the cluster whose sensors fire after long silence periods during the day –Identify bedroom cluster as the one that fires after long silence periods during the night or has maximal time length in the night –Identify living room cluster as the one that fires maximally during the day –Both bathroom and kitchen clusters fire when the resident wakes up with the bathroom clusters being usually smaller in width Classification results: All clusters assigned the correct room labels across the four homes in the best case

14 Tier – III Assumption 1: –Long silence periods imply sleep or that the person is not home Assumption 2: –Tier-II returns correct temporal clusters for the bathroom and kitchen

15 Tier-III Inferring Private Variables Four private variables Inferred Number and timing of bathroom and kitchen visits –Inferred from Tier-II clusters Number and timing of sleep and away from home hours –Inferred from long silence periods during the day or night

16 Tier III Output – Evaluation Metrics Ground truth variables obtained by manual inspection We first compute a min cost bipartite matching between ground truth clusters and computed clusters based on –cluster timing and –interval width Based on this mapping, we define 3 metrics –Number of false positives –Number of false negatives –Total Interval Error

17 Inference Algorithm – Performance across 4 homes

18 Presentation Outline Inference Procedure Counter attacks Conclusions & Future Work

19 Counter Attacks 1. Increasing Packet loss ratio Obvious solution – prevent adversary from listening to packets by –Reducing transmission power –Introducing Faraday cages We evaluate how high the packet loss ratio must be to affect evaluation metrics for private variables shown previously

20 Counter Attacks 1. Increasing Packet loss ratio

21 Counter Attacks 2. Periodic transmissions Assumes tolerable latency bound L Does not work with real-time or high bandwidth requirements Complete privacy

22 Counter Attacks 2. Periodic transmissions Energy cost of periodic transmission is negligble for binary sensors with periods of a few seconds Telos mote –Wakes up and transmits every L seconds –2*L bits of data over latency period L For L=8 seconds, 8.75% reduction in lifetime

23 Counter Attacks 3. Random delay Add a random delay to each transmission bounded by tolerable bound Leverage tolerable latency bound at lower energy cost Same real-time drawback as periodic transmissions

24 Counter Attacks 3. Random delay

25 Counter Attacks 4. Fingerprint masking Mask fingerprints in hardware by varying features for each transmission Drawbacks –Arms race scenario, unable to predict features used by an adversary –Not supportable by current hardware –Does not affect inference of sleep and home occupancy variables

26 Counter Attacks 4. Fingerprint masking

27 Counter Attacks 5. Introducing fake data Introduce fake events to hide high level information –Eg) Introduce fake bathroom events if we need to hide number of bathroom visits Arms race problem – Can the adversary filter fake events?

28 Presentation Outline Inference Procedure Counter attacks Conclusions & Future Work

29 Conclusions and Future work Demonstrated a novel side-channel privacy attack based on transmission timing and wireless fingerprinting Designed a tiered inference algorithm Proposed a suite of privacy solutions with different tradeoffs to address the FATS attack Current and Future work –Infer more detailed activity information –Implications of FATS attacks for large scale mobile systems composed of mobile phone users

Download ppt "Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia."

Similar presentations

Applications of one-class classification

Applications of one-class classification
WATERSENSE: WATER FLOW DISAGGREGATION USING MOTION SENSORS Vijay Srinivasan, John Stankovic, Kamin Whitehouse Department of Computer Science University.

WATERSENSE: WATER FLOW DISAGGREGATION USING MOTION SENSORS Vijay Srinivasan, John Stankovic, Kamin Whitehouse Department of Computer Science University.
SoNIC: Classifying Interference in 802.15.4 Sensor Networks Frederik Hermans et al. Uppsala University, Sweden IPSN 2013 Presenter: Jeffrey.

SoNIC: Classifying Interference in Sensor Networks Frederik Hermans et al. Uppsala University, Sweden IPSN 2013 Presenter: Jeffrey.
The Self-Programming Thermostat: using occupancy to optimize setback schedules Kamin Whitehouse Joint work with: Gao GeBuildSys University of Virginia.

The Self-Programming Thermostat: using occupancy to optimize setback schedules Kamin Whitehouse Joint work with: Gao GeBuildSys University of Virginia.
SELF-ORGANIZING MEDIA ACCESS MECHANISM OF A WIRELESS SENSOR NETWORK AHM QUAMRUZZAMAN.

SELF-ORGANIZING MEDIA ACCESS MECHANISM OF A WIRELESS SENSOR NETWORK AHM QUAMRUZZAMAN.
Data Mining Methodology 1. Why have a Methodology  Don’t want to learn things that aren’t true May not represent any underlying reality ○ Spurious correlation.

Data Mining Methodology 1. Why have a Methodology  Don’t want to learn things that aren’t true May not represent any underlying reality ○ Spurious correlation.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
On the Implications of the Log-normal Path Loss Model: An Efficient Method to Deploy and Move Sensor Motes Yin Chen, Andreas Terzis November 2, 2011.

On the Implications of the Log-normal Path Loss Model: An Efficient Method to Deploy and Move Sensor Motes Yin Chen, Andreas Terzis November 2, 2011.
FixtureFinder: Discovering the Existence of Electrical and Water Fixtures Vijay Srinivasan*, John Stankovic, Kamin Whitehouse University of Virginia *(Currently.

FixtureFinder: Discovering the Existence of Electrical and Water Fixtures Vijay Srinivasan*, John Stankovic, Kamin Whitehouse University of Virginia *(Currently.
KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys07 2007.

KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys
S-MAC Sensor Medium Access Control Protocol An Energy Efficient MAC protocol for Wireless Sensor Networks.

S-MAC Sensor Medium Access Control Protocol An Energy Efficient MAC protocol for Wireless Sensor Networks.
Doorjamb: Unobtrusive Room-level Tracking of People in Homes using Doorway Sensors Timothy W. Hnat, Erin Griffiths, Ray Dawson, Kamin Whitehouse U of Virginia.

Doorjamb: Unobtrusive Room-level Tracking of People in Homes using Doorway Sensors Timothy W. Hnat, Erin Griffiths, Ray Dawson, Kamin Whitehouse U of Virginia.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Cooperative Multiple Input Multiple Output Communication in Wireless Sensor Network: An Error Correcting Code approach using LDPC Code Goutham Kumar Kandukuri.

Cooperative Multiple Input Multiple Output Communication in Wireless Sensor Network: An Error Correcting Code approach using LDPC Code Goutham Kumar Kandukuri.
1 (Un)Trustworthy Wireless: What your wireless traffic says about you… Jeff Pang with Ben Greenstein, Ramki Gummadi, Tadayoshi Kohno, David Wetherall (UW/Intel.

1 (Un)Trustworthy Wireless: What your wireless traffic says about you… Jeff Pang with Ben Greenstein, Ramki Gummadi, Tadayoshi Kohno, David Wetherall (UW/Intel.
Toward a Framework for Preventing Side-Channel Attacks in Wireless Networks Jeff Pang.

Toward a Framework for Preventing Side-Channel Attacks in Wireless Networks Jeff Pang.
TRADING OFF PREDICTION ACCURACY AND POWER CONSUMPTION FOR CONTEXT- AWARE WEARABLE COMPUTING Presented By: Jeff Khoshgozaran.

TRADING OFF PREDICTION ACCURACY AND POWER CONSUMPTION FOR CONTEXT- AWARE WEARABLE COMPUTING Presented By: Jeff Khoshgozaran.
Self-Correlating Predictive Information Tracking for Large-Scale Production Systems Zhao, Tan, Gong, Gu, Wambolt Presented by: Andrew Hahn.

Self-Correlating Predictive Information Tracking for Large-Scale Production Systems Zhao, Tan, Gong, Gu, Wambolt Presented by: Andrew Hahn.
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.
Location Systems for Ubiquitous Computing Jeffrey Hightower and Gaetano Borriello.

Location Systems for Ubiquitous Computing Jeffrey Hightower and Gaetano Borriello.

Similar presentations

Ads by Google