1. bookVolume 2021 (2021): Issue 4 (October 2021)
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

Blocking Without Breaking: Identification and Mitigation of Non-Essential IoT Traffic

Published Online: 23 Jul 2021
Page range: 369 - 388
Received: 28 Feb 2021
Accepted: 16 Jun 2021
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
Abstract

Despite the prevalence of Internet of Things (IoT) devices, there is little information about the purpose and risks of the Internet traffic these devices generate, and consumers have limited options for controlling those risks. A key open question is whether one can mitigate these risks by automatically blocking some of the Internet connections from IoT devices, without rendering the devices inoperable.

In this paper, we address this question by developing a rigorous methodology that relies on automated IoT-device experimentation to reveal which network connections (and the information they expose) are essential, and which are not. We further develop strategies to automatically classify network traffic destinations as either required (i.e., their traffic is essential for devices to work properly) or not, hence allowing firewall rules to block traffic sent to non-required destinations without breaking the functionality of the device. We find that indeed 16 among the 31 devices we tested have at least one blockable non-required destination, with the maximum number of blockable destinations for a device being 11. We further analyze the destination of network traffic and find that all third parties observed in our experiments are blockable, while first and support parties are neither uniformly required or non-required. Finally, we demonstrate the limitations of existing blocklists on IoT traffic, propose a set of guidelines for automatically limiting non-essential IoT traffic, and we develop a prototype system that implements these guidelines.

Keywords

[1] IoT Analytics, “IoT 2019 in review: The 10 most relevant IoT developments of the year,” https://iot-analytics.com/iot-2019-in-review/, [Online; accessed Nov. 2020]. Search in Google Scholar

[2] J. Ren, D. J. Dubois, D. Choffnes, A. M. Mandalari, R. Kolcun, and H. Haddadi, “Information exposure from consumer IoT devices: A multidimensional, network-informed measurement approach,” in Proceedings of the Internet Measurement Conference, 2019. Search in Google Scholar

[3] H. Mohajeri Moghaddam, G. Acar, B. Burgess, A. Mathur, D. Y. Huang, N. Feamster, E. W. Felten, P. Mittal, and A. Narayanan, “Watching you watch: The tracking ecosystem of over-the-top TV streaming devices,” in CCS’19, 2019. Search in Google Scholar

[4] J. Varmarken, H. Le, A. Shuba, A. Markopoulou, and Z. Shafiq, “The TV is smart and full of trackers: Measuring smart TV advertising and tracking,” PETS’20, vol. 2020, no. 2, pp. 129–154, 2020. Search in Google Scholar

[5] S. J. Saidi, A. M. Mandalari, R. Kolcun, H. Haddadi, D. J. Dubois, D. Choffnes, G. Smaragdakis, and A. Feldmann, “A haystack full of needles: Scalable detection of IoT devices in the wild,” in IMC’20, 2020, pp. 87–100. Search in Google Scholar

[6] Pi-Hole: A black hole for Internet advertisements, https://pi-hole.net/, [Online; accessed Nov. 2020]. Search in Google Scholar

[7] ico., “Principle (c): Data minimisation,” https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/data-minimisation/, [Online; accessed Nov. 2020]. Search in Google Scholar

[8] ——, “Principle (b): Purpose limitation,” https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/purpose-limitation/, [Online; accessed Mar. 2021]. Search in Google Scholar

[9] IFTTT, Inc., “IFTTT helps every thing work better together,” https://ifttt.com, [Online; accessed Mar. 2021]. Search in Google Scholar

[10] SmartThings, Inc., “SmartThings: One simple home system. A world of possibilities.” https://www.smartthings.com, [Online; accessed Mar. 2021]. Search in Google Scholar

[11] Roku Inc., “Roku Developer Documentation: Development Environment Overview,” https://sdkdocs.roku.com/display/sdkdoc/Development+Environment+Overview, [Online; accessed Feb. 2021]. Search in Google Scholar

[12] Amazon.com Inc., “Developer Tools Menu (Fire TV),” https://developer.amazon.com/docs/fire-tv/developer-tools.html, [Online; accessed Feb. 2021]. Search in Google Scholar

[13] R. Trimananda, J. Varmarken, A. Markopoulou, and B. Demsky, “Packet-level signatures for smart home device events,” in NDSS’20, 2020. Search in Google Scholar

[14] A. Acar, H. Fereidooni, T. Abera, A. K. Sikder, M. Miettinen, H. Aksu, M. Conti, A.-R. Sadeghi, and S. Uluagac, “Peek-a-Boo: I see your smart home activities, even encrypted!” in WiSec’20, 2020, p. 207–218. [Online]. Available: https://doi.org/10.1145/3395351.3399421 Search in Google Scholar

[15] Pi-Hole LLC Blocking Mode, https://docs.pi-hole.net/ftldns/blockingmode, [Online; accessed Nov. 2020]. Search in Google Scholar

[16] WaLLy3K, “The big blocklist collection,” https://firebog.net, [Online; accessed Nov. 2020]. Search in Google Scholar

[17] Mother of All AD-BLOCKING, “The big blocklist collection,” https://forum.xda-developers.com/showthread.php?t=1916098, [Online; accessed Nov. 2020]. Search in Google Scholar

[18] Kromtech Alliance Corp, “Stopad for TV,” https://stopad.io/, [Online; accessed Nov. 2020]. Search in Google Scholar

[19] Ashish Kumar Singh and V. Potdar, “Blocking online advertising - a state of the art,” in 2009 IEEE International Conference on Industrial Technology, Feb 2009, pp. 1–10. Search in Google Scholar

[20] Consumer Reports, “Home security cameras from top brands lack basic digital security measures,” https://www.consumerreports.org/wireless-security-cameras/home-security-cameras-from-top-brands-lack-basic-digital-security-measures/, [Online; accessed Nov. 2020]. Search in Google Scholar

[21] A. Subahi and G. Theodorakopoulos, “Ensuring compliance of IoT devices with their privacy policy agreement,” in FiCloud’18. IEEE, 2018, pp. 100–107. Search in Google Scholar

[22] C. Welch, “I guess I have to watch ads everywhere on my $1,500 LG TV now,” https://www.theverge.com/tldr/2021/3/10/22323790/lg-oled-tv-commercials-content-store, [Online; accessed Mar. 2021]. Search in Google Scholar

[23] R. Nithyanand, S. Khattak, M. Javed, N. Vallina-Rodriguez, M. Falahrastegar, J. E. Powles, E. De Cristofaro, H. Haddadi, and S. J. Murdoch, “Adblocking and counter blocking: A slice of the arms race,” in 6th USENIX Workshop on Free and Open Communications on the Internet (FOCI 16), 2016. Search in Google Scholar

[24] E. Lear, R. Droms, and D. Romascanu, “RFC 8520: Manufacturer usage description specification,” 2019. Search in Google Scholar

[25] A. Hamza, D. Ranathunga, H. H. Gharakheili, M. Roughan, and V. Sivaraman, “Clear as MUD: Generating, validating and applying IoT behavioral profiles,” in SIGCOMM ’18 Workshop on IoT S&P, 2018. Search in Google Scholar

[26] C. Haar and E. Buchmann, “FANE: A firewall appliance for the smart home,” in FedCSIS ’19, 2019, pp. 449–458. Search in Google Scholar

[27] A. K. Simpson, F. Roesner, and T. Kohno, “Securing vulnerable home IoT devices with an in-hub security manager,” in PerCom ’17 Workshops, 2017, pp. 551–556. Search in Google Scholar

[28] N. Gupta, V. Naik, and S. Sengupta, “A firewall for internet of things,” in 2017 9th International Conference on Communication Systems and Networks (COMSNETS), 2017, pp. 411–412. Search in Google Scholar

[29] J. Habibi, D. Midi, A. Mudgerikar, and E. Bertino, “Heimdall: Mitigating the internet of insecure things,” IEEE Internet of Things Journal, vol. 4, no. 4, pp. 968–978, 2017. Search in Google Scholar

[30] E. Lastdrager, C. Hesselman, J. Jansen, and M. Davids, “Protecting home networks from insecure IoT devices,” in NOMS 2020, 2020, pp. 1–6. Search in Google Scholar

[31] ShieldIOT, https://shieldiot.io/, [Online; accessed Nov. 2020]. Search in Google Scholar

[32] Fingbox, https://www.fing.com/, [Online; accessed Nov. 2020]. Search in Google Scholar

[33] Bitdefender, https://www.bitdefender.com/iot/, [Online; accessed Nov. 2020]. Search in Google Scholar

[34] D. Y. Huang, N. Apthorpe, F. Li, G. Acar, and N. Feamster, “IoT inspector: Crowdsourcing labeled network traffic from smart home devices at scale,” Proc. ACM Interact. Mob. Wearable Ubiquitous Technol., vol. 4, no. 2, Jun. 2020. Search in Google Scholar

[35] N. Apthorpe, D. Reisman, and N. Feamster, “A smart home is no castle: Privacy vulnerabilities of encrypted IoT traffic,” DAT’16, 2016. [Online]. Available: http://arxiv.org/abs/1705.06805 Search in Google Scholar

[36] H. Tahaei, F. Afifi, A. Asemi, F. Zaki, and N. B. Anuar, “The rise of traffic classification in IoT networks: A survey,” Journal of Network and Computer Applications, vol. 154, p. 102538, 2020. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S1084804520300126 Search in Google Scholar

[37] Y. Meidan, M. Bohadana, A. Shabtai, J. D. Guarnizo, M. Ochoa, N. O. Tippenhauer, and Y. Elovici, “ProfilIoT: A machine learning approach for IoT device identification based on network traffic analysis,” in SAC ’17, 2017, pp. 506–509. [Online]. Available: https://doi.org/10.1145/3019612.3019878 Search in Google Scholar

[38] M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A. Sadeghi, and S. Tarkoma, “IoT SENTINEL: Automated device-type identification for security enforcement in IoT,” in ICDCS’17, 2017, pp. 2177–2184. Search in Google Scholar

[39] I. Hafeez, M. Antikainen, A. Y. Ding, and S. Tarkoma, “IoT-KEEPER: Detecting malicious IoT network activity using online traffic analysis at the edge,” IEEE Transactions on Network and Service Management, vol. 17, no. 1, pp. 45–59, 2020. Search in Google Scholar

[40] N. Apthorpe, D. Y. Huang, D. Reisman, A. Narayanan, and N. Feamster, “Keeping the smart home private with smart(er) IoT traffic shaping,” PETS, vol. 2019, no. 3, pp. 128 – 148, 2019. [Online]. Available: https://content.sciendo.com/view/journals/popets/2019/3/article-p128.xml Search in Google Scholar

[41] A. Alshehri, J. Granley, and C. Yue, “Attacking and protecting tunneled traffic of smart home devices,” in CODASPY ’20, 2020, p. 259–270. Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo