29
Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Embed Size (px)

Citation preview

Page 1: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Snooping based privacy attacks based on transmission timing and

wireless fingerprinting

Master’s project presentation

Vijay Srinivasan

University of Virginia

Page 2: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Indoor Wireless Sensor Systems

• Indoor wireless sensor systems are becoming prevalent and will be more so in the future

• Assisted living facilities– UVa, Harvard, Johns Hopkins

• Home Security/Automation– 5 million X10 deployments

• Industrial automation/monitoring– 20 million Zigbee devices by

2007

• People often assume Encryption = Privacy

Page 3: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

FATS Attack• FATS – Finger-print And Timing-based Snoop attack

• Observed Information – “T”– Radio message Timing– “F” – Radio fingerprint

• Inferred Information– # bathroom visits– # kitchen visits– Sleep time– Out time

Page 4: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Related Work• Conventional data privacy ensured through encryption – Culler 2001,

Gligor 2002– Adversary infers desired private data in spite of data encryption (side-channel

attack)

• Lots of work tries to infer activities based on sensors in the home – Tapia 2004

– We are assuming the adversary does not know anything: type, distribution, etc of the sensors

• Multi-hop traffic analysis attacks to infer sender-recipient matching or source location – Chaum 1981, Shi 2006, Deng 2005

– Our traffic analysis uses a snoop device one-hop away from the radio sources and is used to infer resident activity, not sender-recipient matching or source location

• Wireless Fingerprinting demonstrated for 802.11 wi-fi devices and mica motes– Detection Accuracies as high as 93% - Hall 2004, Hall 2006, Capkun 2006– Primarily used to enhance privacy by providing hardware-based authentication– Wireless fingerprinting is used to break privacy, not enhance it

Page 5: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Presentation Outline

• Inference Procedure• Counter attacks• Conclusions & Future Work

Page 6: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Inference Algorithm EvaluationExperimental Setup to obtain algorithm input

• Wireless X-10 deployments in 4 homes with around 15 sensors and one base station receiver per home– Seven day deployments in each home

Page 7: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Inference Procedure

Page 8: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Tier – I

• Assumption 1: – Sensors in the same

room fire at similar times

• Assumption 2:– Sensors in different

rooms fire at different times

– This implies a single person in the building

Page 9: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Sensor Clustering

For each sensor i and j:- = Vector of minimum time distances

between i and j, for all firings of i- = min(median( ),median( ))- = Shortest-Path( )F = Multi-Dimensional-Scaling( )C = cluster(F)

ijT

ijD ijTjiT'ijD ijD

'D

Page 10: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Tier – I: Sensor and Temporal Clustering

Sensor Clustering – Performance

Page 11: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Temporal Clustering

• Separate sensor streams by room

• Use db-scan to identify temporal clusters for each room stream– automatically removes outliers unlike k-means

Page 12: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Tier – II

• Assumption 1: – Different houses have

similar rooms

• Assumption 2: – Similar rooms have

similar usage patterns

Page 13: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Tier – II Cluster to Room Mapping

• Constraints used:– Identify entrance room as the cluster whose sensors fire after

long silence periods during the day– Identify bedroom cluster as the one that fires after long silence

periods during the night or has maximal time length in the night– Identify living room cluster as the one that fires maximally during

the day– Both bathroom and kitchen clusters fire when the resident wakes

up with the bathroom clusters being usually smaller in width

• Classification results: All clusters assigned the correct room labels across the four homes in the best case

Page 14: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Tier – III

• Assumption 1: – Long silence periods

imply sleep or that the person is not home

• Assumption 2:– Tier-II returns correct

temporal clusters for the bathroom and kitchen

Page 15: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Tier-III Inferring Private Variables

• Four private variables Inferred

• Number and timing of bathroom and kitchen visits– Inferred from Tier-II clusters

• Number and timing of sleep and away from home hours– Inferred from long silence periods during the day or

night

Page 16: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Tier III Output – Evaluation Metrics

• Ground truth variables obtained by manual inspection

• We first compute a min cost bipartite matching between ground truth clusters and computed clusters based on – cluster timing and – interval width

• Based on this mapping, we define 3 metrics– Number of false positives – Number of false negatives– Total Interval Error

Page 17: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Inference Algorithm – Performance across 4 homes

Page 18: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Presentation Outline

• Inference Procedure• Counter attacks• Conclusions & Future Work

Page 19: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Counter Attacks 1. Increasing Packet loss ratio

• Obvious solution – prevent adversary from listening to packets by– Reducing transmission power– Introducing Faraday cages

• We evaluate how high the packet loss ratio must be to affect evaluation metrics for private variables shown previously

Page 20: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Counter Attacks 1. Increasing Packet loss ratio

Page 21: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Counter Attacks2. Periodic transmissions

• Assumes tolerable latency bound L• Does not work with real-time or high bandwidth

requirements

Complete privacy

Page 22: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Counter Attacks2. Periodic transmissions

• Energy cost of periodic transmission is negligble for binary sensors with periods of a few seconds

• Telos mote– Wakes up and

transmits every L seconds

– 2*L bits of data over latency period L

• For L=8 seconds, 8.75% reduction in lifetime

Page 23: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Counter Attacks3. Random delay

• Add a random delay to each transmission bounded by tolerable bound

• Leverage tolerable latency bound at lower energy cost

• Same real-time drawback as periodic transmissions

Page 24: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Counter Attacks3. Random delay

Page 25: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Counter Attacks4. Fingerprint masking

• Mask fingerprints in hardware by varying features for each transmission

• Drawbacks– Arms race scenario, unable to predict features

used by an adversary– Not supportable by current hardware– Does not affect inference of sleep and home

occupancy variables

Page 26: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Counter Attacks4. Fingerprint masking

Page 27: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Counter Attacks5. Introducing fake data

• Introduce fake events to hide high level information– Eg) Introduce fake bathroom events if we

need to hide number of bathroom visits

• Arms race problem – Can the adversary filter fake events?

Page 28: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Presentation Outline

• Inference Procedure• Counter attacks• Conclusions & Future Work

Page 29: Snooping based privacy attacks based on transmission timing and wireless fingerprinting Master’s project presentation Vijay Srinivasan University of Virginia

Conclusions and Future work• Demonstrated a novel side-channel privacy

attack based on transmission timing and wireless fingerprinting

• Designed a tiered inference algorithm• Proposed a suite of privacy solutions with

different tradeoffs to address the FATS attack• Current and Future work

– Infer more detailed activity information– Implications of FATS attacks for large scale

mobile systems composed of mobile phone users