Closing the Blinds: Four Strategies for Protecting Smart Home Privacy from Network Observers
This addresses privacy threats for smart home consumers from ISPs or eavesdroppers, but it is incremental as it builds on existing side-channel protection concepts.
The paper tackles the problem of network observers inferring private behaviors from smart home IoT traffic rates, proposing four strategies—blocking, concealing DNS, tunneling, and shaping/injecting traffic—to protect privacy, with the goal of providing a foundation for future privacy-sensitive smart homes.
The growing market for smart home IoT devices promises new conveniences for consumers while presenting novel challenges for preserving privacy within the home. Specifically, Internet service providers or neighborhood WiFi eavesdroppers can measure Internet traffic rates from smart home devices and infer consumers' private in-home behaviors. Here we propose four strategies that device manufacturers and third parties can take to protect consumers from side-channel traffic rate privacy threats: 1) blocking traffic, 2) concealing DNS, 3) tunneling traffic, and 4) shaping and injecting traffic. We hope that these strategies, and the implementation nuances we discuss, will provide a foundation for the future development of privacy-sensitive smart homes.