Investigating Privacy Protection in the Smart Home
Ladda ner
Publicerad
Författare
Typ
Examensarbete för masterexamen
Program
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
Consumer-oriented IoT devices, or smart home devices as they are also called, are
getting more common. Projections suggest there will be more than 75 billion of
these devices in people’s homes by 2025. Given the location of these devices and the
nature of the data they collect, this raises questions about how the user’s privacy
can be protected.
Given this background, this thesis investigates relevant security concepts and the
feasibility of some of their software implementations as privacy tools. Moreover,
smart home devices are also compared in regards to privacy based on brand recognition,
which market they are aimed for and which device category they belong to.
This is done in order to be able to draw conclusions about these properties’ impact
on privacy.
The comparison is made using a testbed where traffic from the smart home devices
is analysed in relation to the properties above as well as to a threat model developed
based on privacy threats found in the literature. The software Princeton IoT
Inspector and Snort in combination with the ELK stack are used and compared in
regards to both how well each manage to identify and highlight privacy threats but
also their applicability to different user groups. Furthermore, we also design a proof
of concept for the viability of a cloud solution. For this we simulate a third party
developing rules, based on user-generated Snort logs, which a user can subscribe to.
The results show that the properties mentioned above have a significant impact on
how the devices behave. That is, they affect which endpoints the devices connect to,
which cloud provider they rely on and also the shape of their traffic to a large extent.
Furthermore, the results also show that a cloud solution is possible, although the
size of the logs quickly becomes an issue. Thus further study on how to optimize
the logs is needed while avoiding proprietary solutions.
None of the investigated software solutions succeeds in striking a perfect balance
between usefulness and user-friendliness. Future work needs to be done on multiple
levels, ranging from how to increase user awareness, involve community and third
party initiatives as well as to investigate what role legislation might play. This will
not be an easy undertaking, although a necessary one in order to protect the privacy
in our own homes.
Beskrivning
Ämne/nyckelord
Smart Home, IoT, Privacy, Data collection, Packet sniffing, IPS/IDS, Cloud developed rules, Community, Third party, Legislation