CRII: SaTC: Analyzing Information Leak in Smart Homes

CRII：SaTC：分析智能家居中的信息泄漏

• 批准号: 1849997
• 负责人: Anupam Das
• 金额: $ 17.5万
• 依托单位: North Carolina State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-06-01 至 2022-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1849997&HistoricalAwards=false
• 关键词: CRII; SaTC; Analyzing; Information; Leak

With the rapid adoption of the Internet of Things (IoT), we face a new world, where we are never alone. At all times, a plethora of connected devices, from smartphones to home assistants to motion detectors continuously sense and monitor our activities. While these devices provide us convenience, they are often backed by powerful analytics to sift through large volume of personal data, at times collected without our awareness or consent. Such personal data can reveal a lot about ourselves like our habits and lifestyles, which not only has great commercial value to advertisers to serve targeted ads, but can also be misused by insurance companies, repressive governments and cybercriminals. The goal of this project is to build a foundation for understanding the different ways in which every day Internet of Things devices can leak sensitive information about our lifestyles. The proposed work will benefit the society as a whole as people will become more aware of the security and privacy risks associated with household Internet of Things devices. The proposal can also help identify vulnerable communication protocols and consequentially lead to the design of new privacy-enhancing protocols. Furthermore, this project will expose both undergraduate and graduate students to cutting-edge analytic tools and help develop a globally competitive science, technology, engineering and mathematics workforce.This project proposes to build a testbed to analyze the extent to which household Internet of Things devices can leak sensitive information about ourselves. The proposed testbed will facilitate research along the following directions: i) help determine the feasibility of performing side-channel attacks to infer not only what devices reside inside a household, but also what higher order activities users may be performing, for example, inferring whether a user is making a call using Amazon Alexa or taking a nap, or working out on a treadmill; ii) help determine what data is collected and with whom it is shared; iii) help build an information dashboard to notify users about the potential privacy risks. Building a scalable testbed that can interact with a wide variety of devices will require addressing a host of systems related challenges. The data analysis will utilize a variety of advanced statistical, signal processing and machine learning techniques. This project will provide a much-needed insight into the security and privacy threats imposed by emerging Internet of Things devices. The proposed work can lead to not only identifying devices that leak sensitive information, but at the same time foster the design of new privacy-enhancing technologies.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

随着物联网（IoT）的迅速普及，我们面临着一个新的世界，在这个世界里，我们永远不会孤单。无论何时，从智能手机到家庭助理再到运动探测器，大量的联网设备都在不断地感知和监控我们的活动。虽然这些设备为我们提供了便利，但它们通常有强大的分析支持，可以筛选大量的个人数据，有时这些数据是在我们不知情或未经同意的情况下收集的。这些个人数据可以揭示很多关于我们自己的信息，比如我们的习惯和生活方式，这不仅对广告商提供有针对性的广告具有巨大的商业价值，而且还可能被保险公司、专制政府和网络犯罪分子滥用。该项目的目标是为理解每天物联网设备可能泄露有关我们生活方式的敏感信息的不同方式奠定基础。拟议的工作将使整个社会受益，因为人们将更加意识到与家庭物联网设备相关的安全和隐私风险。该建议还可以帮助识别易受攻击的通信协议，从而导致新的隐私增强协议的设计。此外，该项目还将为本科生和研究生提供尖端分析工具，帮助培养具有全球竞争力的科学、技术、工程和数学人才。该项目建议建立一个测试平台，以分析家庭物联网设备泄漏我们敏感信息的程度。所提出的测试床将促进沿着以下方向的研究沿着：i）帮助确定执行侧信道攻击的可行性，以推断不仅什么设备驻留在家庭内，而且用户可能正在执行什么高阶活动，例如，推断用户是否正在使用Amazon Alexa打电话或小睡，或在跑步机上锻炼; ii）帮助确定收集哪些数据以及与谁共享数据; iii）帮助构建信息仪表板，以通知用户潜在的隐私风险。建立一个可扩展的测试平台，可以与各种各样的设备进行交互，将需要解决一系列与系统相关的挑战。数据分析将利用各种先进的统计、信号处理和机器学习技术。该项目将为新兴物联网设备带来的安全和隐私威胁提供急需的洞察力。这项工作不仅可以识别泄露敏感信息的设备，同时还可以促进新的隐私增强技术的设计。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

HandLock: Enabling 2-FA for Smart Home Voice Assistants using Inaudible Acoustic Signal

• DOI: 10.1145/3471621.3471866
• 发表时间: 2021-10
• 期刊: Proceedings of the 24th International Symposium on Research in Attacks, Intrusions and Defenses
• 作者: Shaohu Zhang;Anupam Das

Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem

• DOI: 10.14722/ndss.2021.23111
• 发表时间: 2021
• 期刊: Proceedings 2021 Network and Distributed System Security Symposium
• 作者: Christopher Lentzsch;Sheel Shah;Benjamin Andow;Martin Degeling;Anupam Das;W. Enck

Hey Alexa, Who Am I Talking to?: Analyzing Users’ Perception and Awareness Regarding Third-party Alexa Skills

• DOI: 10.1145/3491102.3517510
• 发表时间: 2022-04
• 期刊: Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems
• 作者: Aafaq Sabir;Evan Lafontaine;Anupam Das

Understanding People’s Attitude and Concerns towards Adopting IoT Devices

了解人们对采用物联网设备的态度和担忧

• DOI: 10.1145/3411763.3451633
• 发表时间: 2021
• 期刊: CHI Conference on Human Factors in Computing Systems CHI Conference on Human Factors in Computing Systems Extended Abstracts
• 作者: Lafontaine, Evan;Sabir, Aafaq;Das, Anupam
• 通讯作者: Das, Anupam

Understanding the Privacy Implications of Adblock Plus’s Acceptable Ads

了解 Adblock Plus 可接受广告的隐私影响

• DOI: 10.1145/3433210.3437536
• 发表时间: 2021
• 期刊: ACM ASIA Conference on Computer and Communications Security (ASIACCS
• 作者: Zafar, Ahsan;Sabir, Aafaq;Ahmed, Dilawer;Das, Anupam
• 通讯作者: Das, Anupam