Title: Protecting your Daily In-home Activity Information from a Wireless Snooping Attack
1Protecting your Daily In-home Activity
Information from a Wireless Snooping Attack
- Vijay Srinivasan, John Stankovic, Kamin
Whitehouse - University of Virginia
2Attacking Residential Wireless Ubiquitous systems
- Residential wireless ubiquitous systems that
track Activities of Daily Living are growing in
number - Elderly monitoring University of Virginias
ALARMNET, Harvards CodeBlue - Home security / automation 5 million X10 systems
in the US - We present a new wireless snooping attack that
infers surprisingly detailed daily activities of
residents such as Showering and Cooking in spite
of encryption - On existing and future systems around the world
including possibly your home - We present privacy preserving guidelines to
protect your activity details from this attack
3FATS Attack - Fingerprint And Timing-based Snoop
attack
- Input Series of (Timestamp,Fingerprint) pairs
- Wireless Fingerprinting
- Uses Physical Characteristics of transmissions to
differentiate radio sources - Demonstrated on WiFi radios, Bluetooth radios and
the mica motes CC1000 radios
Adversary
Fingerprint and Timestamp Snooping Device
Kitchen
Bedroom 2
Locations and Sensor Types
Timestamps
Fingerprints
Bathroom
T1 T2 T3
? ? ?
Living Room
Bedroom 1
Front Door
4FATS Attack - Fingerprint And Timing-based Snoop
attack
- Output Activities of Daily Living (ADLs)
inferred by FATS Inference Algorithm - Sleeping, Home Occupancy
- Bathroom and Kitchen Visits
- Bathroom Activities Showering, Toileting,
Washing - Kitchen Activities Cooking hot and cold food
- High level medical information inference possible
- HIPAA requires healthcare providers to protect
this information
Adversary
Fingerprint and Timestamp Snooping Device
Locations and Sensor Types
Timestamps
Fingerprints
T1 T2 T3
? ? ?
5Rest of talk
- FATS Inference Algorithm Design and Evaluation
- Privacy Preservation guidelines
- Related Work
- Conclusion
6Deployment Details for FATS Demonstration
- Eight homes deployed with wireless X10 sensors
for at least 7 days with an X10 receiver to
record messages - Four diverse single person homes, four diverse
multi-person homes
7FATS Inference Algorithm
- We will now see how to get from the primitive
timestamps and fingerprints to the detailed
resident activities! - Four Tiers in the Inference Algorithm
- Each Tier adds more information for the adversary
8Tier 0 Simple Event Detection using Timestamps
alone
Use long silence periods during the day and night
to identify away and sleeping events
Home, Away and Sleep Events
Activity Intervals
Tier 0 Activity Detection
Timestamps of all sensor firings
Time of day from 0 hours (12 AM)
9Tier I Sensor Clustering
Sensor Cluster 3
Use K-means Clustering Algorithm
Sensor Cluster Sensors from a specific room
Sensor Cluster 2
Tier I Sensor Clustering
Wireless Fingerprints
Home, Away and Sleep Events
Activity Intervals
Sensor Cluster 1
Tier 0 Activity Detection
Timestamps of all sensor firings
Time of day from 0 hours (12 AM)
10Tier II Room Classification
Use bi partite matching classifier to label
sensor clusters by comparing sensor firing
patterns in these rooms to trained models for
rooms
Sensor Cluster 3
Bathroom
Bathroom and Kitchen Visits
Room Labels on Clusters
Tier II Room Classification
Kitchen
Sensor Cluster 2
Sensor Clusters
Tier I Sensor Clustering
Wireless Fingerprints
Home, Away and Sleep Events
Activity Intervals
Living room/ Bedroom
Sensor Cluster 1
Tier 0 Activity Detection
Timestamps of all sensor firings
Time of day from 0 hours (12 AM)
11Tier III Sensor Classification
Use LDA (Linear Discriminant Analysis) Classifier
by comparing sensor firing patterns to trained
models for sensors
Flush Sensor
Detailed Activities Showering, Cooking etc
Sink Sensor
Sensor Labels
Bathroom
Shower Sensor
Tier III Sensor Classification
Motion Sensor
Refrigerator Sensor
Bathroom and Kitchen Visits
Room Labels on Clusters
Microwave Sensor
Tier II Room Classification
Pantry Sensor
Kitchen
Stove Sensor
Sensor Clusters
Sink Sensor
Motion Sensor
Tier I Sensor Clustering
Wireless Fingerprints
Front Door
Home, Away and Sleep Events
Activity Intervals
Main Room -gt Bathroom Door
Living room/ Bedroom
Motion Sensor
Tier 0 Activity Detection
Timestamps of all sensor firings
Time of day from 0 hours (12 AM)
12Tier III Output - Activity Classifier
Showering
Washing
Toileting
Flush Sensor
Detailed Activities Showering, Cooking
Sink Sensor
Bathroom
Shower Sensor
Activity Classifier
Motion Sensor
Tier III Sensor Labels
Refrigerator Sensor
Microwave Sensor
Pantry Sensor
Compute counts of various known sensors firing
in each temporal activity cluster using sensor
labels from Tier III
Kitchen
Cooking hot food
Stove Sensor
Sink Sensor
Motion Sensor
Assign activity labels using LDA Classifier by
comparing firing counts to trained models for
activities
Front Door
Living room/ Bedroom
Main Room -gt Bathroom Door
Motion Sensor
Temporal Activity Clusters
Temporal Activity Cluster Chunk of Human
Activity in room
Time of day from 0 hours (12 AM)
13Best Case Evaluation of Tier 0, Tier II and Tier
III Activity Detection
- Tier 0 Simple Home Occupancy and Sleep Events
Detected with at least 90 - duration Accuracy across all homes
Single Person Homes
True Positive Rate
Event Detection Rate
Duration Accuracy
Tier III Detailed Activities
Tier II Room Visits
14Rest of talk
- FATS Inference Algorithm Design and Evaluation
- Privacy Preservation guidelines
- Related Work
- Conclusion
15Privacy Preservation guidelines Overview
- Privacy preservation techniques to incorporate in
future wireless ubiquitous systems - Signal Attenuators
- Random delays
- Periodic transmissions
- Fingerprint masking
- We show that a hybrid solution with several of
the above techniques is most effective
16Privacy Preservation Guideline 1Signal
Attenuators
- Hide nodes/packets from the snooping adversary
- Reduce Transmission Power
- Multi-hop routing
- Wired connections
- Deployment cost
- Faraday cages
- High deployment cost
- Deploy in specific rooms such as bathroom or
kitchen where many activities occur
Flush Sensor
Sink Sensor
Bathroom
Shower Sensor
Motion Sensor
Refrigerator Sensor
Microwave Sensor
Pantry Sensor
Kitchen
Stove Sensor
Sink Sensor
Motion Sensor
Front Door
Living room/ Bedroom
Main Room -gt Bathroom Door
Motion Sensor
17Privacy Preservation Guideline 2Random Delays
U(0,D)
- Add a random delay U(0,D) to sensor transmissions
bounded by a maximum tolerable delay D - Challenges
- Not Applicable to real-time sensors, fall
detection - Effective at hiding short duration Tier II/III
activities in bathroom and kitchen - Not as good at hiding long duration Tier 0 sleep
and home occupancy events
Flush Sensor
d
Sink Sensor
Bathroom
Shower Sensor
Motion Sensor
Refrigerator Sensor
Microwave Sensor
Pantry Sensor
Kitchen
Stove Sensor
Sink Sensor
Motion Sensor
Front Door
Living room/ Bedroom
Main Room -gt Bathroom Door
Motion Sensor
18Privacy Preservation Guideline 3Fingerprint
Masking
Common Radio Source
- Hide the true fingerprints
- Using potentiometers in radio circuitry
- Wiring together multiple radio sources
- Challenges
- Changes to existing radio hardware
- Arms Race Scenario
Flush Sensor
Sink Sensor
Bathroom
Shower Sensor
Motion Sensor
Refrigerator Sensor
Microwave Sensor
Pantry Sensor
Kitchen
Stove Sensor
Sink Sensor
Motion Sensor
Front Door
Living room/ Bedroom
Main Room -gt Bathroom Door
Motion Sensor
19Privacy Preservation Guideline 4Periodic
Transmissions
- Constant Input guarantees 100 privacy
- Challenges
- Not Applicable to Real-Time sensors
- More suited to low bandwidth data sensors
- Surprisingly low power cost for low bandwidth
data sensors - Only 9 Reduction in node lifetime for the Telos
mote with ON/OFF sensor with a period of 10
seconds
20Performance of Individual Solutions at Select
Points
- Periodic Transmissions on Living room and Bedroom
sensors degrades Tier 0 duration accuracy to
about 47
Percentage Accuracy()
20 minute Random Delays
40 Signal Attenuation
40 Fingerprint Masking
21Hybrid Solutions - Performance
- Periodic Transmissions enforced on living and
bedroom sensors - Random delays, signal attenuators etc implemented
on bathroom and kitchen sensors - Much better than individual solutions
Percentage Accuracy()
Periodic Transmissions 20 minute Random Delays
Periodic Transmissions 40 Signal Attenuation
Periodic Transmissions 40 Fingerprint Masking
Periodic Transmissions 20 Fingerprint Masking
20 Signal Attenuation
22Rest of talk
- FATS Inference Algorithm Design and Evaluation
- Privacy Preservation guidelines
- Related Work
- Conclusion
23Related Work
- Side Channel Privacy Attacks
- Infer private information by observing how the
system operates, eg)Tempest Attack - Traffic Analysis
- Unlike FATS, most related work, Kamat et al
(2005), deal with multi-hop attacks and
countermeasures at the routing layer - Unlike FATS, existing single hop attacks, Yang et
al (WiSec 2008), consider timing based single hop
attacks but ignore the wireless fingerprints
input - FATS is the first attack to combine transmission
timestamps with wireless fingerprints to
demonstrate a serious privacy leak in single hop
activity monitoring wireless systems
24Conclusion
- We demonstrated a powerful new privacy attack on
wireless home sensor systems that infers detailed
resident activities in spite of encryption using
just low level wireless fingerprints and
timestamps - With consistently high accuracy across diverse
single and multi-person homes with diverse
residents - We propose a set of privacy solutions and propose
a hybrid approach to make the attack ineffective - FATS attack may become increasingly important as
wireless ubiquitous systems become more
ubiquitous - Offices or manufacturing plants for industrial
espionage - Urban scale wireless systems for people tracking
25 26Tier II and Tier III Activity Detection using
Timestamps and Fingerprints
Multi Person Homes
True Positive Rate
Event Detection Rate
Duration Accuracy
Tier II Room Visits
Tier III Activities