Protecting your Daily In-home Activity Information from a Wireless Snooping Attack

1
Protecting your Daily In-home Activity
Information from a Wireless Snooping Attack

• Vijay Srinivasan, John Stankovic, Kamin
  Whitehouse
• University of Virginia

2
Attacking Residential Wireless Ubiquitous systems

• Residential wireless ubiquitous systems that
  track Activities of Daily Living are growing in
  number
• Elderly monitoring University of Virginias
  ALARMNET, Harvards CodeBlue
• Home security / automation 5 million X10 systems
  in the US
• We present a new wireless snooping attack that
  infers surprisingly detailed daily activities of
  residents such as Showering and Cooking in spite
  of encryption
• On existing and future systems around the world
  including possibly your home
• We present privacy preserving guidelines to
  protect your activity details from this attack

3
FATS Attack - Fingerprint And Timing-based Snoop
attack

• Input Series of (Timestamp,Fingerprint) pairs
• Wireless Fingerprinting
• Uses Physical Characteristics of transmissions to
  differentiate radio sources
• Demonstrated on WiFi radios, Bluetooth radios and
  the mica motes CC1000 radios

Adversary
Fingerprint and Timestamp Snooping Device
Kitchen
Bedroom 2
Locations and Sensor Types
Timestamps
Fingerprints
Bathroom
T1 T2 T3

? ? ?
Living Room
Bedroom 1
Front Door
4
FATS Attack - Fingerprint And Timing-based Snoop
attack

• Output Activities of Daily Living (ADLs)
  inferred by FATS Inference Algorithm
• Sleeping, Home Occupancy
• Bathroom and Kitchen Visits
• Bathroom Activities Showering, Toileting,
  Washing
• Kitchen Activities Cooking hot and cold food
• High level medical information inference possible
• HIPAA requires healthcare providers to protect
  this information

Adversary
Fingerprint and Timestamp Snooping Device
Locations and Sensor Types
Timestamps
Fingerprints
T1 T2 T3

? ? ?
5
Rest of talk

• FATS Inference Algorithm Design and Evaluation
• Privacy Preservation guidelines
• Related Work
• Conclusion

6
Deployment Details for FATS Demonstration

• Eight homes deployed with wireless X10 sensors
  for at least 7 days with an X10 receiver to
  record messages
• Four diverse single person homes, four diverse
  multi-person homes

7
FATS Inference Algorithm

• We will now see how to get from the primitive
  timestamps and fingerprints to the detailed
  resident activities!
• Four Tiers in the Inference Algorithm
• Each Tier adds more information for the adversary

8
Tier 0 Simple Event Detection using Timestamps
alone
Use long silence periods during the day and night
to identify away and sleeping events
Home, Away and Sleep Events
Activity Intervals
Tier 0 Activity Detection
Timestamps of all sensor firings
Time of day from 0 hours (12 AM)
9
Tier I Sensor Clustering
Sensor Cluster 3
Use K-means Clustering Algorithm
Sensor Cluster Sensors from a specific room
Sensor Cluster 2
Tier I Sensor Clustering
Wireless Fingerprints
Home, Away and Sleep Events
Activity Intervals
Sensor Cluster 1
Tier 0 Activity Detection
Timestamps of all sensor firings
Time of day from 0 hours (12 AM)
10
Tier II Room Classification
Use bi partite matching classifier to label
sensor clusters by comparing sensor firing
patterns in these rooms to trained models for
rooms
Sensor Cluster 3
Bathroom
Bathroom and Kitchen Visits
Room Labels on Clusters
Tier II Room Classification
Kitchen
Sensor Cluster 2
Sensor Clusters
Tier I Sensor Clustering
Wireless Fingerprints
Home, Away and Sleep Events
Activity Intervals
Living room/ Bedroom
Sensor Cluster 1
Tier 0 Activity Detection
Timestamps of all sensor firings
Time of day from 0 hours (12 AM)
11
Tier III Sensor Classification
Use LDA (Linear Discriminant Analysis) Classifier
by comparing sensor firing patterns to trained
models for sensors
Flush Sensor
Detailed Activities Showering, Cooking etc
Sink Sensor
Sensor Labels
Bathroom
Shower Sensor
Tier III Sensor Classification
Motion Sensor
Refrigerator Sensor
Bathroom and Kitchen Visits
Room Labels on Clusters
Microwave Sensor
Tier II Room Classification
Pantry Sensor
Kitchen
Stove Sensor
Sensor Clusters
Sink Sensor
Motion Sensor
Tier I Sensor Clustering
Wireless Fingerprints
Front Door
Home, Away and Sleep Events
Activity Intervals
Main Room -gt Bathroom Door
Living room/ Bedroom
Motion Sensor
Tier 0 Activity Detection
Timestamps of all sensor firings
Time of day from 0 hours (12 AM)
12
Tier III Output - Activity Classifier
Showering
Washing
Toileting
Flush Sensor
Detailed Activities Showering, Cooking
Sink Sensor
Bathroom
Shower Sensor
Activity Classifier
Motion Sensor
Tier III Sensor Labels
Refrigerator Sensor
Microwave Sensor
Pantry Sensor
Compute counts of various known sensors firing
in each temporal activity cluster using sensor
labels from Tier III
Kitchen
Cooking hot food
Stove Sensor
Sink Sensor
Motion Sensor
Assign activity labels using LDA Classifier by
comparing firing counts to trained models for
activities
Front Door
Living room/ Bedroom
Main Room -gt Bathroom Door
Motion Sensor
Temporal Activity Clusters
Temporal Activity Cluster Chunk of Human
Activity in room
Time of day from 0 hours (12 AM)
13
Best Case Evaluation of Tier 0, Tier II and Tier
III Activity Detection

• Tier 0 Simple Home Occupancy and Sleep Events
  Detected with at least 90
• duration Accuracy across all homes

Single Person Homes
True Positive Rate
Event Detection Rate
Duration Accuracy
Tier III Detailed Activities
Tier II Room Visits
14
Rest of talk

• FATS Inference Algorithm Design and Evaluation
• Privacy Preservation guidelines
• Related Work
• Conclusion

15
Privacy Preservation guidelines Overview

• Privacy preservation techniques to incorporate in
  future wireless ubiquitous systems
• Signal Attenuators
• Random delays
• Periodic transmissions
• Fingerprint masking
• We show that a hybrid solution with several of
  the above techniques is most effective

16
Privacy Preservation Guideline 1Signal
Attenuators

• Hide nodes/packets from the snooping adversary
• Reduce Transmission Power
• Multi-hop routing
• Wired connections
• Deployment cost
• Faraday cages
• High deployment cost
• Deploy in specific rooms such as bathroom or
  kitchen where many activities occur

Flush Sensor
Sink Sensor
Bathroom
Shower Sensor
Motion Sensor
Refrigerator Sensor
Microwave Sensor
Pantry Sensor
Kitchen
Stove Sensor
Sink Sensor
Motion Sensor
Front Door
Living room/ Bedroom
Main Room -gt Bathroom Door
Motion Sensor
17
Privacy Preservation Guideline 2Random Delays
U(0,D)

• Add a random delay U(0,D) to sensor transmissions
  bounded by a maximum tolerable delay D
• Challenges
• Not Applicable to real-time sensors, fall
  detection
• Effective at hiding short duration Tier II/III
  activities in bathroom and kitchen
• Not as good at hiding long duration Tier 0 sleep
  and home occupancy events

Flush Sensor
d
Sink Sensor
Bathroom
Shower Sensor
Motion Sensor
Refrigerator Sensor
Microwave Sensor
Pantry Sensor
Kitchen
Stove Sensor
Sink Sensor
Motion Sensor
Front Door
Living room/ Bedroom
Main Room -gt Bathroom Door
Motion Sensor
18
Privacy Preservation Guideline 3Fingerprint
Masking
Common Radio Source

• Hide the true fingerprints
• Using potentiometers in radio circuitry
• Wiring together multiple radio sources
• Challenges
• Changes to existing radio hardware
• Arms Race Scenario

Flush Sensor
Sink Sensor
Bathroom
Shower Sensor
Motion Sensor
Refrigerator Sensor
Microwave Sensor
Pantry Sensor
Kitchen
Stove Sensor
Sink Sensor
Motion Sensor
Front Door
Living room/ Bedroom
Main Room -gt Bathroom Door
Motion Sensor
19
Privacy Preservation Guideline 4Periodic
Transmissions

• Constant Input guarantees 100 privacy
• Challenges
• Not Applicable to Real-Time sensors
• More suited to low bandwidth data sensors
• Surprisingly low power cost for low bandwidth
  data sensors
• Only 9 Reduction in node lifetime for the Telos
  mote with ON/OFF sensor with a period of 10
  seconds

20
Performance of Individual Solutions at Select
Points

• Periodic Transmissions on Living room and Bedroom
  sensors degrades Tier 0 duration accuracy to
  about 47

Percentage Accuracy()
20 minute Random Delays
40 Signal Attenuation
40 Fingerprint Masking
21
Hybrid Solutions - Performance

• Periodic Transmissions enforced on living and
  bedroom sensors
• Random delays, signal attenuators etc implemented
  on bathroom and kitchen sensors
• Much better than individual solutions

Percentage Accuracy()
Periodic Transmissions 20 minute Random Delays
Periodic Transmissions 40 Signal Attenuation
Periodic Transmissions 40 Fingerprint Masking
Periodic Transmissions 20 Fingerprint Masking
20 Signal Attenuation
22
Rest of talk

• FATS Inference Algorithm Design and Evaluation
• Privacy Preservation guidelines
• Related Work
• Conclusion

23
Related Work

• Side Channel Privacy Attacks
• Infer private information by observing how the
  system operates, eg)Tempest Attack
• Traffic Analysis
• Unlike FATS, most related work, Kamat et al
  (2005), deal with multi-hop attacks and
  countermeasures at the routing layer
• Unlike FATS, existing single hop attacks, Yang et
  al (WiSec 2008), consider timing based single hop
  attacks but ignore the wireless fingerprints
  input
• FATS is the first attack to combine transmission
  timestamps with wireless fingerprints to
  demonstrate a serious privacy leak in single hop
  activity monitoring wireless systems

24
Conclusion

• We demonstrated a powerful new privacy attack on
  wireless home sensor systems that infers detailed
  resident activities in spite of encryption using
  just low level wireless fingerprints and
  timestamps
• With consistently high accuracy across diverse
  single and multi-person homes with diverse
  residents
• We propose a set of privacy solutions and propose
  a hybrid approach to make the attack ineffective
• FATS attack may become increasingly important as
  wireless ubiquitous systems become more
  ubiquitous
• Offices or manufacturing plants for industrial
  espionage
• Urban scale wireless systems for people tracking

25

• Thank you
• Questions?

26
Tier II and Tier III Activity Detection using
Timestamps and Fingerprints
Multi Person Homes
True Positive Rate
Event Detection Rate
Duration Accuracy
Tier II Room Visits
Tier III Activities