270 likes | 702 Views
Protecting your Daily In-home Activity Information from a Wireless Snooping Attack Vijay Srinivasan, John Stankovic, Kamin Whitehouse University of Virginia Attacking Residential Wireless Ubiquitous systems
E N D
Protecting your Daily In-home Activity Information from a Wireless Snooping Attack Vijay Srinivasan, John Stankovic, Kamin Whitehouse University of Virginia
Attacking Residential Wireless Ubiquitous systems • Residential wireless ubiquitous systems that track Activities of Daily Living are growing in number • Elderly monitoring: University of Virginia’s ALARMNET, Harvard’s CodeBlue • Home security / automation: 5 million X10 systems in the US • We present a new wireless snooping attack that infers surprisingly detailed daily activities of residents such as Showering and Cooking in spite of encryption • On existing and future systems around the world including possibly your home • We present privacy preserving guidelines to protect your activity details from this attack
FATS Attack - Fingerprint And Timing-based Snoop attack • Input: Series of (Timestamp,Fingerprint) pairs • Wireless Fingerprinting • Uses Physical Characteristics of transmissions to differentiate radio sources • Demonstrated on WiFi radios, Bluetooth radios and the mica mote’s CC1000 radios Adversary Fingerprint and Timestamp Snooping Device Bedroom #2 Kitchen Locations and Sensor Types Timestamps Fingerprints Bathroom T1 T2 T3 … … ? ? ? … Living Room Bedroom #1 Front Door
FATS Attack - Fingerprint And Timing-based Snoop attack • Output: Activities of Daily Living (ADLs) inferred by FATS Inference Algorithm: • Sleeping, Home Occupancy • Bathroom and Kitchen Visits • Bathroom Activities: Showering, Toileting, Washing • Kitchen Activities: Cooking hot and cold food • High level medical information inference possible • HIPAA requires healthcare providers to protect this information Adversary Fingerprint and Timestamp Snooping Device Locations and Sensor Types Timestamps Fingerprints T1 T2 T3 … … ? ? ? …
Rest of talk • FATS Inference Algorithm – Design and Evaluation • Privacy Preservation guidelines • Related Work • Conclusion
Deployment Details for FATS Demonstration • Eight homes deployed with wireless X10 sensors for at least 7 days with an X10 receiver to record messages • Four diverse single person homes, four diverse multi-person homes
FATS Inference Algorithm • We will now see how to get from the primitive timestamps and fingerprints to the detailed resident activities! • Four Tiers in the Inference Algorithm • Each Tier adds more information for the adversary
Tier 0 – Simple Event Detection using Timestamps alone Use long silence periods during the day and night to identify away and sleeping events Home, Away and Sleep Events Activity Intervals Tier 0 Activity Detection Timestamps of all sensor firings Time of day from 0 hours (12 AM)
Tier I – Sensor Clustering Sensor Cluster #3 Use K-means Clustering Algorithm Sensor Cluster = Sensors from a specific room Sensor Cluster #2 Tier I Sensor Clustering Wireless Fingerprints Home, Away and Sleep Events Activity Intervals Sensor Cluster #1 Tier 0 Activity Detection Timestamps of all sensor firings Time of day from 0 hours (12 AM)
Tier II Room Classification Use bi partite matching classifier to label sensor clusters by comparing sensor firing patterns in these rooms to trained models for rooms Sensor Cluster #3 Bathroom Bathroom and Kitchen Visits Room Labels on Clusters Tier II Room Classification Kitchen Sensor Cluster #2 Sensor Clusters Tier I Sensor Clustering Wireless Fingerprints Home, Away and Sleep Events Activity Intervals Living room/ Bedroom Sensor Cluster #1 Tier 0 Activity Detection Timestamps of all sensor firings Time of day from 0 hours (12 AM)
Tier III – Sensor Classification Use LDA (Linear Discriminant Analysis) Classifierby comparing sensor firing patterns to trained models for sensors Flush Sensor Detailed Activities: Showering, Cooking etc Sink Sensor Sensor Labels Bathroom Shower Sensor Tier III Sensor Classification Motion Sensor Refrigerator Sensor Bathroom and Kitchen Visits Room Labels on Clusters Microwave Sensor Tier II Room Classification Pantry Sensor Kitchen Stove Sensor Sensor Clusters Sink Sensor Motion Sensor Tier I Sensor Clustering Wireless Fingerprints Front Door Home, Away and Sleep Events Activity Intervals Main Room -> Bathroom Door Living room/ Bedroom Motion Sensor Tier 0 Activity Detection Timestamps of all sensor firings Time of day from 0 hours (12 AM)
Tier III Output - Activity Classifier Showering Washing Toileting Flush Sensor Detailed Activities: Showering, Cooking … Sink Sensor Bathroom Shower Sensor Activity Classifier Motion Sensor Refrigerator Sensor Tier III Sensor Labels Microwave Sensor Pantry Sensor Compute counts of various known sensors firing in each temporal activity cluster using sensor labels from Tier III Kitchen Cooking hot food Stove Sensor Sink Sensor Motion Sensor Assign activity labels using LDA Classifierby comparing firing counts to trained models for activities Front Door Living room/ Bedroom Main Room -> Bathroom Door Motion Sensor Temporal Activity Clusters Temporal Activity Cluster = Chunk of Human Activity in room Time of day from 0 hours (12 AM)
Best Case Evaluation of Tier 0, Tier II and Tier III Activity Detection • Tier 0 Simple Home Occupancy and Sleep Events Detected with at least 90% • duration Accuracy across all homes Single Person Homes True Positive Rate Event Detection Rate Duration Accuracy Tier III Detailed Activities Tier II Room Visits
Rest of talk • FATS Inference Algorithm – Design and Evaluation • Privacy Preservation guidelines • Related Work • Conclusion
Privacy Preservation guidelines Overview • Privacy preservation techniques to incorporate in future wireless ubiquitous systems • Signal Attenuators • Random delays • Periodic transmissions • Fingerprint masking • We show that a hybrid solution with several of the above techniques is most effective
Privacy Preservation Guideline #1Signal Attenuators • Hide nodes/packets from the snooping adversary • Reduce Transmission Power • Multi-hop routing • Wired connections • Deployment cost • Faraday cages • High deployment cost • Deploy in specific rooms such as bathroom or kitchen where many activities occur Flush Sensor Sink Sensor Bathroom Shower Sensor Motion Sensor Refrigerator Sensor Microwave Sensor Pantry Sensor Kitchen Stove Sensor Sink Sensor Motion Sensor Front Door Living room/ Bedroom Main Room -> Bathroom Door Motion Sensor
Privacy Preservation Guideline #2Random Delays U(0,D) • Add a random delay U(0,D) to sensor transmissions bounded by a maximum tolerable delay D • Challenges • Not Applicable to real-time sensors, fall detection • Effective at hiding short duration Tier II/III activities in bathroom and kitchen • Not as good at hiding long duration Tier 0 sleep and home occupancy events Flush Sensor d Sink Sensor Bathroom Shower Sensor Motion Sensor Refrigerator Sensor Microwave Sensor Pantry Sensor Kitchen Stove Sensor Sink Sensor Motion Sensor Front Door Living room/ Bedroom Main Room -> Bathroom Door Motion Sensor
Privacy Preservation Guideline #3Fingerprint Masking Common Radio Source • Hide the true fingerprints • Using potentiometers in radio circuitry • Wiring together multiple radio sources • Challenges • Changes to existing radio hardware • Arms Race Scenario Flush Sensor Sink Sensor Bathroom Shower Sensor Motion Sensor Refrigerator Sensor Microwave Sensor Pantry Sensor Kitchen Stove Sensor Sink Sensor Motion Sensor Front Door Living room/ Bedroom Main Room -> Bathroom Door Motion Sensor
Privacy Preservation Guideline #4Periodic Transmissions • Constant Input guarantees 100% privacy • Challenges • Not Applicable to Real-Time sensors • More suited to low bandwidth data sensors • Surprisingly low power cost for low bandwidth data sensors • Only 9% Reduction in node lifetime for the Telos mote with ON/OFF sensor with a period of 10 seconds
Performance of Individual Solutions at Select Points • Periodic Transmissions on Living room and Bedroom sensors degrades Tier 0 duration accuracy to about 47% Percentage Accuracy(%) 20 minute Random Delays 40% Fingerprint Masking 40% Signal Attenuation
Hybrid Solutions - Performance • Periodic Transmissions enforced on living and bedroom sensors • Random delays, signal attenuators etc implemented on bathroom and kitchen sensors • Much better than individual solutions Percentage Accuracy(%) Periodic Transmissions + 20 minute Random Delays Periodic Transmissions + 40% Signal Attenuation Periodic Transmissions + 40% Fingerprint Masking Periodic Transmissions + 20% Fingerprint Masking + 20% Signal Attenuation
Rest of talk • FATS Inference Algorithm – Design and Evaluation • Privacy Preservation guidelines • Related Work • Conclusion
Related Work • Side Channel Privacy Attacks: • Infer private information by observing how the system operates, eg)Tempest Attack • Traffic Analysis: • Unlike FATS, most related work, Kamat et al (2005), deal with multi-hop attacks and countermeasures at the routing layer • Unlike FATS, existing single hop attacks, Yang et al (WiSec 2008), consider timing based single hop attacks but ignore the wireless fingerprints input • FATS is the first attack to combine transmission timestamps with wireless fingerprints to demonstrate a serious privacy leak in single hop activity monitoring wireless systems
Conclusion • We demonstrated a powerful new privacy attack on wireless home sensor systems that infers detailed resident activities in spite of encryption using just low level wireless fingerprints and timestamps • With consistently high accuracy across diverse single and multi-person homes with diverse residents • We propose a set of privacy solutions and propose a hybrid approach to make the attack ineffective • FATS attack may become increasingly important as wireless ubiquitous systems become more ubiquitous • Offices or manufacturing plants for industrial espionage • Urban scale wireless systems for people tracking
Thank you Questions?
Tier II and Tier III Activity Detection using Timestamps and Fingerprints Multi Person Homes True Positive Rate Event Detection Rate Duration Accuracy Tier II Room Visits Tier III Activities