David Kotz papers for project 'splice'

Position Paper: Towards Ubiquitous and Automated User Privacy Configuration

Sun, 01 Feb 2026 00:00:00

Song Liao, Jingwen Yan, Yichen Liu, David Kotz, Luyi Xing, and Long Cheng. Position Paper: Towards Ubiquitous and Automated User Privacy Configuration. Proceedings of the Workshop on Security and Privacy in Standardized IoT (SDIoTSec'26). Internet Society, February 2026. doi:10.14722/sdiotsec.2026.23043.

Abstract:

Mobile apps may collect, share, and analyze data from users. Although users can choose to decline apps' data collection behaviors through mobile permission systems or in-app settings, it is challenging and time-consuming for users to manually discover and correctly configure all the privacy settings for apps on their mobile phones. This issue also occurs in IoT apps, where users need to configure each device separately. Although they can manage some settings with platform apps (like Apple Home), many IoT devices expose device-specific settings within a device-specific app. In this position paper, we propose the PrivacyProfile, a framework that allows users to easily set their global privacy preferences and apply them to apps automatically. Users can indicate whether each of their privacy-related information can be collected, shared, and analyzed in their profile. Compatible apps then read the privacy profile and automatically configure their settings for users, e.g., enabling data collection behaviors or disabling data sharing. This design enables users to easily configure their privacy preferences once, rather than having to manually open each app and locate the corresponding privacy settings.

Enabling Research Extensions in Matter via Custom Clusters

Sun, 01 Feb 2026 00:00:00

Ravindra Mangar, Jared Chandler, Timothy J. Pierson, and David Kotz. Enabling Research Extensions in Matter via Custom Clusters. Proceedings of the Workshop on Security and Privacy in Standardized IoT (SDIoTSec'26). Internet Society, February 2026. doi:10.14722/sdiotsec.2026.23064. Distinguished Paper Award.

Abstract:

Matter is a recent interoperability standard that aims to address fragmentation in smart homes by providing a common system for integrating disparate smart-home devices. As Matter adoption grows, it also creates a shared platform on which new smart-home mechanisms can be implemented and evaluated end-to-end across realistic deployments.

However, turning a research idea into a runnable prototype in a Matter-based deployment is tedious. We address this shortcoming by presenting a practical template for implementing custom clusters in the open-source Matter SDK and invoking it from a widely used smart-home controller. Using a running example, we add a simple cluster that erases sensitive data stored on a smart device. We view this template as an enabling step for the community. While Matter's open reference implementation provides common ground, the concrete steps required to add and exercise experimental functionality remain scattered. Our template and walkthrough consolidate the necessary steps needed for a reproducible workflow that researchers can adapt for exploring new security and privacy mechanisms.

Confidential, Attestable, and Efficient Inter-CVM Communication with Arm CCA

Mon, 01 Dec 2025 00:00:00

Sina Abdollahi, Amir Al Sadi, Marios Kogias, David Kotz, and Hamed Haddadi. Confidential, Attestable, and Efficient Inter-CVM Communication with Arm CCA. Technical Report number 2512.01594, arXiv, December 2025. doi:10.48550/arXiv.2512.01594.

Abstract:

Confidential Virtual Machines (CVMs) are increasingly adopted to protect sensitive workloads from privileged adversaries such as the hypervisor. While they provide strong isolation guarantees, existing CVM architectures lack first-class mechanisms for inter-CVM data sharing due to their disjoint memory model, making inter-CVM data exchange a performance bottleneck in compartmentalized or collaborative multi-CVM systems. Under this model, a CVM's accessible memory is either shared with the hypervisor or protected from both the hypervisor and all other CVMs. This design simplifies reasoning about memory ownership; however, it fundamentally precludes plaintext data sharing between CVMs because all inter-CVM communication must pass through hypervisor-accessible memory, requiring costly encryption and decryption to preserve confidentiality and integrity. In this paper, we introduce CAEC, a system that enables protected memory sharing between CVMs. CAEC builds on Arm Confidential Compute Architecture (CCA) and extends its firmware to support Confidential Shared Memory (CSM), a memory region securely shared between multiple CVMs while remaining inaccessible to the hypervisor and all non-participating CVMs. CAEC's design is fully compatible with CCA hardware and introduces only a modest increase (4%) in CCA firmware code size. CAEC delivers substantial performance benefits across a range of workloads. For instance, inter-CVM communication over CAEC achieves up to 209x reduction in CPU cycles compared to encryption-based mechanisms over hypervisor-accessible shared memory. By combining high performance, strong isolation guarantees, and attestable sharing semantics, CAEC provides a practical and scalable foundation for the next generation of trusted multi-CVM services across both edge and cloud environments.

A Trigger for the Autonomous Decommissioning of Smart Devices

Sat, 01 Nov 2025 00:00:00

Ravindra Mangar, Jared Chandler, Jingyu Qian, Carl A. Gunter, Timothy J. Pierson, and David Kotz. A Trigger for the Autonomous Decommissioning of Smart Devices. Proceedings of the International Conference on the Internet of Things, pages 174–182. ACM, November 2025. doi:10.1145/3770501.3770522.

Abstract:

Smart devices are ubiquitous in modern environments, yet their decommissioning phase remains poorly studied and often overlooked in system design. We define secure decommissioning as the process by which a smart device securely disconnects from its environment and makes sensitive data inaccessible. If not decommissioned, devices may retain sensitive information — such as security credentials or user-behavior data that could be recovered by an adversary. Unfortunately, some users may forget to decommission a device when they dispose or sell it, and cannot decommission a device that is lost or stolen. This paper investigates a trigger mechanism for individual wireless smart devices to automatically identify conditions requiring decommissioning. Our approach does not require any hardware changes to wireless devices. We evaluated it through extensive simulations and validated it on real IoT-class hardware. With appropriate parameter values, our mechanism always correctly identified when to decommission and never falsely decommissioned. These parameters can be tuned to user needs.

Comparing smart-home devices that use the Matter protocol

Wed, 01 Jan 2025 00:00:00

Wondimu Zegeye, Ravindra Mangar, Jingyu Qian, Vinton Morris, Mounib Khanafer, Kevin Kornegay, Timothy J. Pierson, and David Kotz. Comparing smart-home devices that use the Matter protocol. Proceedings of the IEEE Consumer Communications & Networking Conference (CCNC), 6 pages. IEEE, January 2025. doi:10.1109/CCNC54725.2025.10976049.

Abstract:

This paper analyzes Google Home, Apple HomeKit, Samsung SmartThings, and Amazon Alexa platforms, focusing on their integration with the Matter protocol. Matter is a connectivity standard developed by the Connectivity Standards Alliance (CSA) for the smart-home industry. By examining key features and qualitative metrics, this study aims to provide valuable insights for consumers and industry professionals in making informed decisions about smart-home devices. We conducted (from May to August 2024) a comparative analysis to explore how Google Home Nest, Apple HomePod Mini, Samsung SmartThings station, and Amazon Echo Dot platforms leverage the power of Matter to provide seamless and integrated smart-home experiences.

We need a “building inspector for IoT” when smart homes are sold

Mon, 01 Jan 2024 00:00:00

Timothy J. Pierson, Cesar Arguello, Beatrice Perez, Wondimu Zegeye, Kevin Kornegay, Carl Gunter, and David Kotz. We need a “building inspector for IoT” when smart homes are sold. IEEE Security & Privacy, volume 22, number 6, pages 75–84. IEEE, Nov-Dec. 2024. doi:10.1109/MSEC.2024.3386467.

Abstract:

Internet of Things (IoT) devices left behind when a home is sold create security and privacy concerns for both prior and new residents. We envision a specialized “building inspector for IoT” to help securely facilitate transfer of the home.

Moat: Adaptive Inside/Outside Detection System for Smart Homes

Sun, 01 Sep 2024 00:00:00

Chixiang Wang, Weijia He, Timothy Pierson, and David Kotz. Moat: Adaptive Inside/Outside Detection System for Smart Homes. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT), volume 8, number 4, article 157, 31 pages. ACM, September 2024. doi:10.1145/3699751.

Abstract:

Smart-home technology is now pervasive, demanding increased attention to the security of the devices and the privacy of the home's residents. To assist residents in making security and privacy decisions - e.g., whether to allow a new device to connect to the network, or whether to be alarmed when an unknown device is discovered - it helps to know whether the device is inside the home, or outside.

In this paper we present MOAT, a system that leverages Wi-Fi sniffers to analyze the physical properties of a device's wireless transmissions to infer whether that device is located inside or outside of a home. MOAT can adaptively self-update to accommodate changes in the home indoor environment to ensure robust long-term performance. Notably, MOAT does not require prior knowledge of the home's layout or cooperation from target devices, and is easy to install and configure.

We evaluated MOAT in four different homes with 21 diverse commercial smart devices and achieved an overall balanced accuracy rate of up to 95.6%. Our novel periodic adaptation technique allowed our approach to maintain high accuracy even after rearranging furniture in the home. MOAT is a practical and efficient first step for monitoring and managing devices in a smart home.

Contextualizing Interpersonal Data Sharing in Smart Homes

Mon, 01 Jul 2024 00:00:00

Weijia He, Nathan Reitinger, Atheer Almogbil, Yi-Shyuan Chiang, Timothy J. Pierson, and David Kotz. Contextualizing Interpersonal Data Sharing in Smart Homes. Proceedings on Privacy Enhancing Technologies (PETS), volume 2024, number 2, pages 295–312. De Gruyter Open, July 2024. doi:10.56553/popets-2024-0051.

Abstract:

A key feature of smart home devices is monitoring the environment and recording data. These devices provide security via motion-detection video alerts, cost-savings via thermostat usage history, and peace of mind via functions like auto-locking doors or water leak detectors. At the same time, the sharing of this information in interpersonal relationships---though necessary---is currently accomplished on an all-or-nothing basis. This can easily lead to oversharing in a multi-user environment. Although prior work has studied people's perceptions of information sharing with vendors or ISPs, the sharing of household data among users who interact personally is less well understood. Interpersonal situations make data sharing much more context-based and, thus, more complicated. In this paper, we use themes from the theory of contextual integrity in an online survey (n=1,992) to study how people perceive data sharing with others in smart homes and inform future designs and research. Our results show that data recipients in a smart home can be reduced to three major groups, and data types matter more than device types. We also found that the types of access control desired by users can vary from scenario to scenario. Depending on whom they are sharing data with and about what data, participants expressed varying levels of comfort when presented with different types of access control (e.g., explicit approval versus time-limited access). Taken together, this provides strong evidence that a more dynamic access control system is needed, and we can design it in a more usable way.

A framework for evaluating the security and privacy of smart-home devices, and its application to common platforms

Mon, 01 Jul 2024 00:00:00

Ravindra Mangar, Timothy J. Pierson, and David Kotz. A framework for evaluating the security and privacy of smart-home devices, and its application to common platforms. IEEE Pervasive Computing, volume 23, number 3, pages 7–19. IEEE, July 2024. doi:10.1109/MPRV.2024.3421668.

Abstract:

In this article, we outline the challenges associated with the widespread adoption of smart devices in homes. These challenges are primarily driven by scale and device heterogeneity: a home may soon include dozens or hundreds of devices, across many device types, and may include multiple residents and other stakeholders. We develop a framework for reasoning about these challenges based on the deployment, operation, and decommissioning life cycle stages of smart devices within a smart home. We evaluate the challenges in each stage using the well-known CIA triad—Confidentiality, Integrity, and Availability. In addition, we highlight open research questions at each stage. Further, we evaluate solutions from Apple and Google using our framework and find notable shortcomings in these products. Finally, we sketch some preliminary thoughts on a solution for the smart home of the near future.

Detecting Battery Cells with Harmonic Radar

Wed, 01 May 2024 00:00:00

Cesar Arguello, Beatrice Perez, Timothy J. Pierson, and David Kotz. Detecting Battery Cells with Harmonic Radar. Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), pages 231–236. ACM, May 2024. doi:10.1145/3643833.3656137.

Abstract:

Harmonic radar systems have been shown to be an effective method for detecting the presence of electronic devices, even if the devices are powered off. Prior work has focused on detecting specific non-linear electrical components (such as transistors and diodes) that are present in any electronic device. In this paper we show that harmonic radar is also capable of detecting the presence of batteries. We tested a proof-of-concept system on Alkaline, NiMH, Li-ion, and Li-metal batteries. With the exception of Li-metal coin cells, the prototype harmonic radar detected the presence of batteries in our experiments with 100% accuracy.

Device Discovery in the Smart Home Environment

Wed, 01 May 2024 00:00:00

Mounib Khanafer, Logan Kostick, Chixiang Wang, Wondimu Zegeye, Weijia He, Berkay Kaplan, Nurzaman Ahmed, Kevin Kornegay, David Kotz, and Timothy Pierson. Device Discovery in the Smart Home Environment. Proceedings of the IEEE/ACM Workshop on the Internet of Safe Things (SafeThings), pages 298–304. IEEE, May 2024. doi:10.1109/SPW63631.2024.10705647.

Abstract:

With the availability of Internet of Things (IoT) devices offering varied services, smart home environments have seen widespread adoption in the last two decades. Protecting privacy in these environments becomes an important problem because IoT devices may collect information about the home’s occupants without their knowledge or consent. Furthermore, a large number of devices in the home, each collecting small amounts of data, may, in aggregate, reveal non-obvious attributes about the home occupants. A first step towards addressing privacy is discovering what devices are present in the home. In this paper, we formally define device discovery in smart homes and identify the features that constitute discovery in that environment. Then, we propose an evaluative rubric that rates smart home technology initiatives on their device discovery capabilities and use it to evaluate four commonly deployed technologies. We find none cover all device discovery aspects. We conclude by proposing a combined technology solution that provides comprehensive device discovery tailored to smart homes.

Smart Use of Smart Devices in Your Home: A Smart Home Security and Privacy Workshop for the General Public

Fri, 01 Mar 2024 00:00:00

Tushar Jois, Tina Pavlovich, Brigid McCarron, David Kotz, and Timothy Pierson. Smart Use of Smart Devices in Your Home: A Smart Home Security and Privacy Workshop for the General Public. Proceedings of the ACM Technical Symposium on Computer Science Education (SIGCSE), pages 611–617. ACM, March 2024. doi:10.1145/3626252.3630925.

Abstract:

With 'smart' technology becoming more prevalent in homes, computing is increasingly embedded into everyday life. The benefits are well-advertised, but the risks associated with these technologies are not as clearly articulated. We aim to address this gap by educating community members on some of these risks, and providing actionable advice to mitigate risks. To this end, we describe our efforts to design and implement a hands-on workshop for the public on smart-home security and privacy.

Our workshop curriculum centers on the smart-home device lifecycle: obtaining, installing, using, and removing devices in a home. For each phase of the lifecycle, we present possible vulnerabilities along with preventative measures relevant to a general audience. We integrate a hands-on activity for participants to put best-practices into action throughout the presentation.

We ran our designed workshop at a science museum in June 2023, and used participant surveys to evaluate the effectiveness of our curriculum. Prior to the workshop, 38.8% of survey responses did not meet learning objectives, 22.4% partially met them, and 38.8% fully met them. After the workshop, only 9.2% of responses did not meet learning objectives, while 29.6% partially met them and 61.2% fully met them. Our experience shows that consumer-focused workshops can aid in bridging information gaps and are a promising form of outreach.

Designing and Evaluating a Testbed for the Matter Protocol: Insights into User Experience

Thu, 01 Feb 2024 00:00:00

Ravindra Mangar, Jingyu Qian, Wondimu Zegeye, Abdulrahman AlRabah, Ben Civjan, Shalni Sundram, Sam Yuan, Carl Gunter, Mounib Khanafer, Kevin Kornegay, Timothy J. Pierson, and David Kotz. Designing and Evaluating a Testbed for the Matter Protocol: Insights into User Experience. Proceedings of the NDSS Workshop on Security and Privacy in Standardized IoT (SDIoTSec). NDSS, February 2024. doi:10.14722/sdiotsec.2024.23012. Distinguished Paper Award.

Abstract:

As the integration of smart devices into our daily environment accelerates, the vision of a fully integrated smart home is becoming more achievable through standards such as the Matter protocol. In response, this research paper explores the use of Matter in addressing the heterogeneity and interoperability problems of smart homes. We built a testbed and introduce a network utility device, designed to sniff network traffic and provide a wireless access point within IoT networks. This paper also presents experience of students using the testbed in an academic scenario.

Challenges and opportunities in onboarding smart-home devices

Thu, 01 Feb 2024 00:00:00

Chixiang Wang, Liam Cassidy, Weijia He, Timothy J. Pierson, and David Kotz. Challenges and opportunities in onboarding smart-home devices. Proceedings of the International Workshop on Mobile Computing Systems and Applications (HotMobile), pages 60–65. ACM, February 2024. doi:10.1145/3638550.3641137.

Abstract:

Smart-home devices have become integral to daily routines, but their onboarding procedures - setting up a newly acquired smart device into operational mode - remain understudied. The heterogeneity of smart-home devices and their onboarding procedure can easily overwhelm users when they scale up their smart-home system. While Matter, the new IoT standard, aims to unify the smart-home ecosystem, it is still evolving, resulting in mixed compliance among devices. In this paper, we study the complexity of device onboarding from users' perspectives. We thus performed cognitive walkthroughs on 12 commercially available smart-home devices, documenting the commonality and distinctions of the onboarding process across these devices. We found that onboarding smart home devices can often be tedious and confusing. Users must devote significant time to creating an account, searching for the target device, and providing Wi-Fi credentials for each device they install. Matter-compatible devices are supposedly easier to manage, as they can be registered through one single hub independent of the vendor. Unfortunately, we found such a statement is not always true. Some devices still need their own companion apps and accounts to fully function. Based on our observations, we give recommendations about how to support a more user-friendly onboarding process.

Evaluating the practical range of harmonic radar to detect smart electronics

Sun, 01 Oct 2023 00:00:00

Beatrice Perez, Cesar Arguello, Timothy J. Pierson, Gregory Mazzaro, and David Kotz. Evaluating the practical range of harmonic radar to detect smart electronics. Proceedings of the IEEE Military Communications Conference (MILCOM), pages 528–535. IEEE, October 2023. doi:10.1109/MILCOM58377.2023.10356371.

Abstract:

Prior research has found that harmonic radar systems are able to detect the presence of electronic devices, even if the devices are powered off. These systems could be a powerful tool to help mitigate privacy invasions. For example, in a rental property devices such as cameras or microphones may be surreptitiously placed by a landlord to monitor renters without their knowledge or consent. A mobile harmonic radar system may be able to quickly scan the property and locate all electronic devices. The effective range of these systems for detecting consumer-grade electronics, however, has not been quantified. We address that shortcoming in this paper and evaluate a prototype harmonic radar system. We find the system, a variation of what has been proposed in the literature, is able to reliably detect some devices at a range of about two meters. We discuss the effect of hardware on the range of detection and propose an algorithm for automated detection.

Identification and Classification of Electronic Devices Using Harmonic Radar

Thu, 01 Jun 2023 00:00:00

Beatrice Perez, Timothy J. Pierson, Gregory Mazzaro, and David Kotz. Identification and Classification of Electronic Devices Using Harmonic Radar. Proceedings of the Distributed Computing in Smart Systems and the Internet of Things (DCOSS-IoT), pages 248–255. IEEE, June 2023. doi:10.1109/DCOSS-IoT58021.2023.00050.

Abstract:

Smart home electronic devices invisibly collect, process, and exchange information with each other and with remote services, often without a home occupants' knowledge or consent. These devices may be mobile or fixed and may have wireless or wired network connections. Detecting and identifying all devices present in a home is a necessary first step to control the flow of data, but there exists no universal mechanism to detect and identify all electronic devices in a space. In this paper we present ICED (Identification and Classification of Electronic Devices), a system that can (i) identify devices from a known set of devices, and (ii) detect the presence of previously unseen devices. ICED, based on harmonic radar technology, collects measurements at the first harmonic of the radar's transmit frequency. We find that the harmonic response contains enough information to infer the type of device. It works when the device has no wireless network interface, is powered off, or attempts to evade detection. We evaluate performance on a collection of 17 devices and find that by transmitting a range of frequencies we correctly identify known devices with 97.6% accuracy and identify previously unseen devices as ‘unknown’ with 69.0% balanced accuracy.

Privacy Concerns of Older Adults Using Voice Assistant Systems

Fri, 26 Aug 2022 00:00:00

Hillary B. Spangler, Tiffany M. Driesse, David H. Lynch, Xiaohui Liang, Robert M. Roth, David Kotz, Karen Fortuna, and John A. Batsis. Privacy Concerns of Older Adults Using Voice Assistant Systems. Journal of the American Geriatrics Society, volume 70, number 12, pages 3643–3647. Wiley, August 26, 2022. doi:10.1111/jgs.18009.

Abstract:

Voice assistant systems (VAS) are software platforms that complete various tasks using voice commands. It is necessary to understand the juxtaposition of younger and older adults' VAS privacy concerns as younger adults may have different concerns impacting VAS acceptance. Therefore, we examined the differences in VAS related privacy concerns across the lifespan.

TorSH: Obfuscating consumer Internet-of-Things traffic with a collaborative smart-home router network

Wed, 01 Jun 2022 00:00:00

Adam Vandenbussche. TorSH: Obfuscating consumer Internet-of-Things traffic with a collaborative smart-home router network. June 2022. Undergraduate Thesis.

Abstract:

When consumers install Internet-connected "smart devices" in their homes, metadata arising from the communications between these devices and their cloud-based service providers enables adversaries privy to this traffic to profile users, even when adequate encryption is used. Internet service providers (ISPs) are one potential adversary privy to users’ incoming and outgoing Internet traffic and either currently use this insight to assemble and sell consumer advertising profiles or may in the future do so. With existing defenses against such profiling falling short of meeting user preferences and abilities, there is a need for a novel solution that empowers consumers to defend themselves against profiling by ISP-like actors and that is more in tune with their wishes. In this thesis, we present The Onion Router for Smart Homes (TorSH), a network of smart-home routers working collaboratively to defend smart-device traffic from analysis by ISP-like adversaries. We demonstrate that TorSH succeeds in deterring such profiling while preserving smart-device experiences and without encumbering latency-sensitive, non-smart-device experiences like web browsing.

SPLICEcube Architecture: An Extensible Wi-Fi Monitoring Architecture for Smart-Home Networks

Sun, 01 May 2022 00:00:00

Namya Malik. SPLICEcube Architecture: An Extensible Wi-Fi Monitoring Architecture for Smart-Home Networks. Master's thesis, Dartmouth Computer Science, Hanover, NH, May 2022.

Abstract:

The vision of smart homes is rapidly becoming a reality, as the Internet of Things and other smart devices are deployed widely. Although smart devices offer convenience, they also create a significant management problem for home residents. With a large number and variety of devices in the home, residents may find it difficult to monitor, or even locate, devices. A central controller that brings all the home’s smart devices under secure management and a unified interface would help homeowners and residents track and manage their devices.

We envision a solution called the SPLICEcube whose goal is to detect smart devices, locate them in three dimensions within the home, securely monitor their network traffic, and keep an inventory of devices and important device information throughout the device’s lifecycle. The SPLICEcube system consists of the following components: 1) a main cube, which is a centralized hub that incorporates and expands on the functionality of the home router, 2) a database that holds network data, and 3) a set of support cubelets that can be used to extend the range of the network and assist in gathering network data.

To deliver this vision of identifying, securing, and managing smart devices, we introduce an architecture that facilitates intelligent research applications (such as network anomaly detection, intrusion detection, device localization, and device firmware updates) to be integrated into the SPLICEcube. In this thesis, we design a general-purpose Wi-Fi architecture that underpins the SPLICEcube. The architecture specifically showcases the functionality of the cubelets (Wi-Fi frame detection, Wi-Fi frame parsing, and transmission to cube), the functionality of the cube (routing, reception from cubelets, information storage, data disposal, and research application integration), and the functionality of the database (network data storage). We build and evaluate a prototype implementation to demonstrate our approach is scalable to accommodate new devices and extensible to support different applications. Specifically, we demonstrate a successful proof-of-concept use of the SPLICEcube architecture by integrating a security research application: an "Inside-Outside detection" system that classifies an observed Wi-Fi device as being inside or outside the home.

Harmonic response vs. target orientation: a preliminary study of the effect of polarization on nonlinear junction detection

Fri, 27 May 2022 00:00:00

Gregory Mazzaro, Kyle Gallagher, Kelly Sherbondy, Alex Bouvy, Beatrice Perez, Timothy Pierson, and David Kotz. Harmonic response vs. target orientation: a preliminary study of the effect of polarization on nonlinear junction detection. Proceedings of the SPIE Radar Sensor Technology XXVI, volume 12108, article 1210803, 21 pages. Society of Photo-Optical Instrumentation Engineers, May 27, 2022. doi:10.1117/12.2617881.

Abstract:

When an electromagnetically-nonlinear radar target is illuminated by a high-power stepped-frequency probe, a sequence of harmonics is unintentionally emitted by that target. Detection of the target is accomplished by receiving stimulated emissions somewhere in the sequence, while ranging is accomplished by processing amplitude and phase recorded at multiple harmonics across the sequence. The strength of the harmonics reflected from an electronic target depends greatly upon the orientation of that target (or equivalently, the orientation of the radar antennas). Data collected on handheld wireless devices reveals the harmonic angular-dependence of commercially-available electronics. Data collected on nonlinearly-terminated printed circuit boards implies the origin of this dependency. The results of this work suggest that electronic targets may be classified and ultimately identified by their unique harmonic-response-vs.-angle patterns.

Detecting the Presence of Electronic Devices in Smart Homes Using Harmonic Radar

Sat, 01 Jan 2022 00:00:00

Beatrice Perez, Gregory Mazzaro, Timothy J. Pierson, and David Kotz. Detecting the Presence of Electronic Devices in Smart Homes Using Harmonic Radar. Remote Sensing, volume 14, number 2, article 327, 18 pages. MDPI, January 2022. doi:10.3390/rs14020327. Special issue on Nonlinear Junction Detection and Harmonic Radar.

Abstract:

Data about users is collected constantly by phones, cameras, Internet websites, and others. The advent of so-called ‘Smart Things' now enable ever-more sensitive data to be collected inside that most private of spaces: the home. The first step in helping users regain control of their information (inside their home) is to alert them to the presence of potentially unwanted electronics. In this paper, we present a system that could help homeowners (or home dwellers) find electronic devices in their living space. Specifically, we demonstrate the use of harmonic radars (sometimes called nonlinear junction detectors), which have also been used in applications ranging from explosives detection to insect tracking. We adapt this radar technology to detect consumer electronics in a home setting and show that we can indeed accurately detect the presence of even ‘simple’ electronic devices like a smart lightbulb. We evaluate the performance of our radar in both wired and over-the-air transmission scenarios.

Recurring Verification of Interaction Authenticity Within Bluetooth Networks

Tue, 01 Jun 2021 00:00:00

Travis Peters, Timothy J. Pierson, Sougata Sen, José Camacho, and David Kotz. Recurring Verification of Interaction Authenticity Within Bluetooth Networks. Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2021), pages 192–203. ACM, June 2021. doi:10.1145/3448300.3468287.

Abstract:

Although user authentication has been well explored, device-to-device authentication – specifically in Bluetooth networks – has not seen the same attention. We propose Verification of Interaction Authenticity (VIA) – a recurring authentication scheme based on evaluating characteristics of the communications (interactions) between devices. We adapt techniques from wireless traffic analysis and intrusion detection systems to develop behavioral models that capture typical, authentic device interactions (behavior); these models enable recurring verification of device behavior. To evaluate our approach we produced a new dataset consisting of more than 300 Bluetooth network traces collected from 20 Bluetooth-enabled smart-health and smart-home devices. In our evaluation, we found that devices can be correctly verified at a variety of granularities, achieving an F1-score of 0.86 or better in most cases.

An inside vs. outside classification system for Wi-Fi IoT devices

Tue, 01 Jun 2021 00:00:00

Paul Gralla. An inside vs. outside classification system for Wi-Fi IoT devices. June 2021. Undergraduate Thesis.

Abstract:

We are entering an era in which Smart Devices are increasingly integrated into our daily lives. Everyday objects are gaining computational power to interact with their environments and communicate with each other and the world via the Internet. While the integration of such devices offers many potential benefits to their users, it also gives rise to a unique set of challenges. One of those challenges is to detect whether a device belongs to one’s own ecosystem, or to a neighbor – or represents an unexpected adversary. An important part of determining whether a device is friend or adversary is to detect whether a device’s location is within the physical boundaries of one’s space (e.g. office, classroom, home). In this thesis we propose a system that is able to decide with 82% accuracy whether the location of an IoT device is inside or outside of a defined space based on a small number of transmitted Wi- Fi frames. The classification is achieved by leveraging a machine-learning classifier trained and tested on RSSI data of Wi-Fi transmissions recorded by three or more observers. In an initialization phase the classifier is trained by the user on Wi-Fi transmissions of a variety of locations, inside (and outside). The system can be built with off-the-shelf Wi-Fi observing devices that do not require any special hardware modifications. With the exception of the training period, the system can accurately classify the indoor/outdoor state of target devices without any cooperation from the user or from the target devices.

Safety and Security in the Internet of Things

Sun, 01 Oct 2017 00:00:00

David Kotz. Safety and Security in the Internet of Things. Proceedings of the ACM Workshop on Wireless of the Students, by the Students, and for the Students (S3), 1 page, page 1. ACM, October 2017. doi:10.1145/3131348.3134465. Invited keynote lecture.

Abstract:

The homes, offices, and vehicles of tomorrow will be embedded with numerous "Smart Things," networked with each other and with the Internet. Many of these Things are embedded in the physical infrastructure, and like the infrastructure they are designed to last for decades -- far longer than is normal with today's electronic devices. What happens then, when an occupant moves out or transfers ownership of her Smart Environment? This paper outlines the critical challenges required for the safe long-term operation of Smart Environments. How does an occupant identify and decommission all the Things in an environment before she moves out? How does a new occupant discover, identify, validate, and configure all the Things in the environment he adopts? When a person moves from smart home to smart office to smart hotel, how is a new environment vetted for safety and security, how are personal settings migrated, and how are they securely deleted on departure? When the original vendor of a Thing (or the service behind it) disappears, how can that Thing (and its data, and its configuration) be transferred to a new service provider? What interface can enable lay people to manage these complex challenges, and be assured of their privacy, security, and safety? We present a list of key research questions to address these important challenges.