Security and Privacy in the Lifecycle of IoT for Consumer Environments (SPLICE) (2020-date)
Related website:
[SPLICE-project.org]
Related keywords:
[authentication],
[education],
[iot],
[mhealth],
[patent],
[privacy],
[security],
[sensors],
[wearable],
[wifi]
Summary
This era of "Smart Things," in which everyday objects become imbued
with computational capabilities and the ability to communicate with
each other and with services across the Internet, creates novel
security and privacy risks. SPLICE research addresses these risks by
examining the human, social, and technological scope of the security
and privacy challenges emerging in Smart Homes across a wide range of
residential stakeholders, including owners, occupants, renters,
visitors, and domestic workers.
What follows is a summary of SPLICE research by David Kotz and his
students and postdocs. For more information about the SPLICE project,
and a broader description of its contributions and publications (not
just those including David Kotz and his students), see the SPLICE website.
Framework for evaluating Smart-Home technology
Home adoption of smart devices faces many challenges of scale and
device heterogeneity: a home may soon include dozens or hundreds of
devices, across many device types, and may include multiple residents
and other stakeholders. We published a framework for reasoning about
these challenges based on the deployment, operation, and
decommissioning life cycle stages of smart devices within a smart
home. We highlighted open research questions at each stage, and
evaluated solutions from Apple and Google using our framework
... finding notable shortcomings in these products. Finally, we
sketched some preliminary thoughts on a solution for the smart home of
the near future.
[mangar:framework]
Data sharing in Smart Homes
Smart home devices provide convenient ways for users to stay up to
date on what is happening in their homes. Users may either share all
data with others, or no data, which can easily lead to oversharing in
a multi-user environment. In a user study (n=1,992) we studied how
people perceive data sharing with others in smart homes and inform
future designs and research. Our results show that relationships
matter the most, and data types matter more than device types. We also
found that the types of access control that are desired by users can
vary from scenario to scenario. Our paper provides strong evidence
that a more dynamic access control system is needed and we can design
it in a more usable way.
[he:ci-survey]
Usability for onboarding new smart-home devices
The procedures for "onboarding" new smart-home devices - setting up a
newly acquired smart device into operational mode - are complex and
varied. We studied the complexity of device onboarding from users'
perspectives, and found that onboarding smart home devices can often
be tedious and confusing. Based on our observations, we give
recommendations about how to support a more user-friendly onboarding
process.
[wang:onboarding]
The 'Matter' protocol
The vision of a fully integrated smart home is becoming more
achievable through standards such as the Matter protocol. We explored
this new protocol by building a testbed and by comparing the major
commercial platforms in their compatibility with the protocol.
We built a testbed and introduce a network utility device,
designed to sniff network traffic and provide a wireless access point
within IoT networks. We used the testbed to explore experience of
students using the testbed in an academic scenario.
[mangar:testbed]
We conducted (from May to August 2024) a comparative analysis to
explore how Google Home Nest, Apple Homepod Mini, Samsung SmartThings
station, and Amazon Echo Dot platforms leverage the power of Matter to
provide seamless and integrated smart-home experiences.
[zegeye:icnet25]
SPLICEcube: a hub for discovering and managing
smart-home devices
We envision a solution called the SPLICEcube whose goal is to detect smart devices, locate them in three dimensions within the home, securely monitor their network traffic, and keep an inventory of devices and important device information throughout the device's lifecycle. The SPLICEcube system consists of the following components: 1) a main cube, which is a centralized hub that incorporates and expands on the functionality of the home router, 2) a database that holds network data, and 3) a set of support cubelets that can be used to extend the range of the network and assist in gathering network data.
[malik:thesis]
Detecting the presence of electronic devices
The first step in helping users gain control of their smart home
is to alert them to the presence of potentially unwanted electronics.
We developed a system that could help homeowners (or home dwellers)
find electronic devices in their living space. Specifically, we
demonstrate the use of harmonic radars (sometimes called
nonlinear junction detectors).
In
[perez:presence]
and
[mazzaro:preliminary]
we show that harmonic radar can detect the presence of
electronics (at range up to 1 meter), and in
[perez:identification]
we further show that harmonic radar can identify
various types of electronics, that is, to distinguish among
known categories of electronic devices.
In subsequent work we explore the range of harmonic radar's
ability to detect the presence of electronics
[perez:range]
and even the ability to detect the presence of batteries
[arguello:battery].
We have applied for patent protection on most of this work, e.g.,
[perez:scanner-patent].
Of course, there are more-direct means of discovering networked
devices using network-discovery protocols and tools. In
[khanafer:discovery]
we map out the kinds of capabilities needed for an effective "device
discovery system" and summarize the capabilities of existing protocols
and tools.
For at least the next decade, or so, we anticipate consumers will
need assistance with installing, finding, and relocating smart-home
devices. We envision a new professional, a "building inspector for
IoT" with specialized tools and knowledge to help securely facilitate
transfer of the home.
[pierson:inspector].
Detecting whether Wi-Fi device is inside or outside
A key challenge in securing a smart home is to detect whether a
device belongs to one's own ecosystem, or to a neighbor -- or
represents an unexpected adversary. An important part of determining
whether a device is friend or adversary is to detect whether a
device's location is within the physical boundaries of one's space
(e.g. office, classroom, home). We proposed a system that, in a
preliminary evaluation, was able to decide with 82% accuracy whether
the location of an IoT device is inside or outside of a defined space
based on a small number of transmitted Wi-Fi frames.
Paul Gralla's undergraduate thesis explored this idea
[gralla:inside-outside];
later, Chixiang Wang refined the ideas, conducted thorough
experiments, and wrote up a full paper:
[wang:insideout].
Obfuscating consumer Internet-of-Things traffic (TorSH)
We present The Onion Router for Smart Homes (TorSH), a network
of smart-home routers working collaboratively to defend smart-device
traffic from analysis by ISP-like adversaries. We demonstrate that
TorSH succeeds in deterring such profiling while preserving
smart-device experiences and without encumbering latency-sensitive,
non-smart-device experiences like web browsing.
See Adam Vandenbussche's undergraduate thesis for details
[vandenbussche:thesis].
Detecting anomalous behavior: VIA
VIA presents a method for detecting anomalous behavior in
Bluetooth traffic, as observed by the central host -- with the goal of
detecting malicious behavior by peripheral devices, or perhaps
imposter peripherals that are spoofing legitimate peripherals; see
the WiSec'21 paper
[peters:via].
Outreach to the community
We developed an outreach program aimed at the general public and
hosted by a local science museum. Our workshop curriculum centered on
the smart-home device lifecycle: obtaining, installing, using, and
removing devices in a home. For each phase of the lifecycle, we
presented possible vulnerabilities along with preventative measures
relevant to a general audience. We integrated a hands-on activity for
participants to put best-practices into action throughout the
presentation.
For more information see the SIGCSE'23 paper
[jois:sigcse].
People
The following people were involved in SPLICE research at Dartmouth, or
were co-authors on one or more of the papers cited here:
Nurzaman Ahmed,
Abdulrahman AlRabah,
César Arguello Martinez,
Liam Cassidy,
Jared Chandler,
Nikoleta Chantzi,
Ben Civjan,
Paul Gralla,
Carl Gunter,
Weijia He,
Tushar Jois,
Berkay Kaplan,
Mounib Khanafer,
Kevin Kornegay,
Logan Kostick,
David Kotz,
Namya Malik,
Ravi Mangar,
Greg Mazzaro,
Vinton Morris,
Carolyn Tomi Oluwaseun-Apo,
Tina Pavlovich,
Beatrice Perez,
Travis Peters,
Timothy Pierson,
Jingyu Qian,
Sougata Sen,
Shalni Sundram,
Adam Vandenbussche,
Matthew Wallace,
Chixiang Wang,
Kaiyao Weng,
Sam Yuan,
Wondimu Zegeye.
Funding and acknowledgements
SPLICE is funded by the
US National Science Foundation (Secure and Trustworthy Computing, SaTC)
under award 1955805.
Some paper authors were supported by other sources, as noted in
the acknowledgement section of individual papers.
The views and conclusions contained on this site and in its documents
are those of the authors and should not be interpreted as necessarily
representing the official position or policies, either expressed or
implied, of the sponsor(s). Any mention of specific companies or
products does not imply any endorsement by the authors or by the
sponsor(s).
Papers (tagged 'splice')
This list includes only those including David Kotz as co-author or
thesis advisor. For a complete list of SPLICE papers, see the
SPLICE website.
[The list below is also available in BibTeX]
Papers are listed in reverse-chronological order;
click an entry to pop up the abstract.
For full information and pdf, please click Details link.
Follow updates with RSS.
- 2025:
-
Ravindra Mangar, Jared Chandler, Jingyu Qian, Carl A. Gunter, Timothy J. Pierson, and David Kotz.
A Trigger for the Autonomous Decommissioning of Smart Devices.
Proceedings of the International Conference on the Internet of Things.
November 2025.
Accepted for publication.
[Details]
Smart devices are ubiquitous in modern environments, yet their decommissioning phase remains poorly studied and often overlooked in system design. We define secure decommissioning as the process by which a smart device securely disconnects from its environment and makes sensitive data inaccessible. If not decommissioned, devices may retain sensitive information — such as security credentials or user-behavior data that could be recovered by an adversary. Unfortunately, some users may forget to decommission a device when they dispose or sell it, and cannot decommission a device that is lost or stolen. This paper investigates a trigger mechanism for individual wireless smart devices to automatically identify conditions requiring decommissioning. Our approach does not require any hardware changes to wireless devices. We evaluated it through extensive simulations and validated it on real IoT-class hardware. With appropriate parameter values, our mechanism always correctly identified when to decommission and never falsely decommissioned. These parameters can be tuned to user needs.
Wondimu K. Zegeye, Ravindra Mangar, Jingyu Qian, Vinton Morris, Mounib Khanafer, Kevin Kornegay, Timothy J. Pierson, and David Kotz.
Comparing smart-home devices that use the Matter protocol.
Proceedings of the International Workshop on Intelligent Communication Network Technologies (ICNET'25).
January 2025.
[Details]
This paper analyzes Google Home, Apple HomeKit, Samsung SmartThings, and Amazon Alexa platforms, focusing on their integration with the Matter protocol. Matter is a connectivity standard developed by the Connectivity Standards Alliance (CSA) for the smart-home industry. By examining key features and qualitative metrics, this study aims to provide valuable insights for consumers and industry professionals in making informed decisions about smart-home devices. We conducted (from May to August 2024) a comparative analysis to explore how Google Home Nest, Apple HomePod Mini, Samsung SmartThings station, and Amazon Echo Dot platforms leverage the power of Matter to provide seamless and integrated smart-home experiences.
- 2024:
-
Timothy J. Pierson, Cesar Arguello, Beatrice Perez, Wondimu Zegeye, Kevin Kornegay, Carl Gunter, and David Kotz.
We need a “building inspector for IoT” when smart homes are sold.
IEEE Security & Privacy.
Nov-Dec. 2024.
[Details]
Internet of Things (IoT) devices left behind when a home is sold create security and privacy concerns for both prior and new residents. We envision a specialized “building inspector for IoT” to help securely facilitate transfer of the home.
Beatrice Perez, Timothy Pierson, Gregory Mazzaro, and David Kotz.
Harmonic Radar Scanner for Electronics.
Patent Application 18/749,826, published as US2024/0426974, December 26, 2024.
Priority date 6/21/23; filed 6/21/24; published 12/26/24.
[Details]
A harmonic radar system for detecting an electronic device includes a signal generator for generating one or more transmit radio frequency (RF) signals, a transmitting antenna for sending the transmit RF signals into an environment, a receiving antenna for receiving signals reflected or re-radiated by the electronic device in the environment in response to the transmit RF signals, and a spectrum analyzer for identifying a harmonic frequency of the transmit RF signals in the filtered signals.
Chixiang Wang, Weijia He, Timothy Pierson, and David Kotz.
Moat: Adaptive Inside/Outside Detection System for Smart Homes.
Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT).
September 2024.
[Details]
Smart-home technology is now pervasive, demanding increased attention to the security of the devices and the privacy of the home's residents. To assist residents in making security and privacy decisions - e.g., whether to allow a new device to connect to the network, or whether to be alarmed when an unknown device is discovered - it helps to know whether the device is inside the home, or outside.
In this paper we present MOAT, a system that leverages Wi-Fi sniffers to analyze the physical properties of a device's wireless transmissions to infer whether that device is located inside or outside of a home. MOAT can adaptively self-update to accommodate changes in the home indoor environment to ensure robust long-term performance. Notably, MOAT does not require prior knowledge of the home's layout or cooperation from target devices, and is easy to install and configure.
We evaluated MOAT in four different homes with 21 diverse commercial smart devices and achieved an overall balanced accuracy rate of up to 95.6%. Our novel periodic adaptation technique allowed our approach to maintain high accuracy even after rearranging furniture in the home. MOAT is a practical and efficient first step for monitoring and managing devices in a smart home.
Weijia He, Nathan Reitinger, Atheer Almogbil, Yi-Shyuan Chiang, Timothy J. Pierson, and David Kotz.
Contextualizing Interpersonal Data Sharing in Smart Homes.
Proceedings of the Privacy Enhancing Technologies Symposium (PETS).
July 2024.
[Details]
A key feature of smart home devices is monitoring the environment and recording data. These devices provide security via motion-detection video alerts, cost-savings via thermostat usage history, and peace of mind via functions like auto-locking doors or water leak detectors. At the same time, the sharing of this information in interpersonal relationships---though necessary---is currently accomplished on an all-or-nothing basis. This can easily lead to oversharing in a multi-user environment. Although prior work has studied people's perceptions of information sharing with vendors or ISPs, the sharing of household data among users who interact personally is less well understood. Interpersonal situations make data sharing much more context-based and, thus, more complicated. In this paper, we use themes from the theory of contextual integrity in an online survey (n=1,992) to study how people perceive data sharing with others in smart homes and inform future designs and research. Our results show that data recipients in a smart home can be reduced to three major groups, and data types matter more than device types. We also found that the types of access control desired by users can vary from scenario to scenario. Depending on whom they are sharing data with and about what data, participants expressed varying levels of comfort when presented with different types of access control (e.g., explicit approval versus time-limited access). Taken together, this provides strong evidence that a more dynamic access control system is needed, and we can design it in a more usable way.
Ravindra Mangar, Timothy J. Pierson, and David Kotz.
A framework for evaluating the security and privacy of smart-home devices, and its application to common platforms.
IEEE Pervasive Computing.
July 2024.
[Details]
In this article, we outline the challenges associated with the widespread adoption of smart devices in homes. These challenges are primarily driven by scale and device heterogeneity: a home may soon include dozens or hundreds of devices, across many device types, and may include multiple residents and other stakeholders. We develop a framework for reasoning about these challenges based on the deployment, operation, and decommissioning life cycle stages of smart devices within a smart home. We evaluate the challenges in each stage using the well-known CIA triad—Confidentiality, Integrity, and Availability. In addition, we highlight open research questions at each stage. Further, we evaluate solutions from Apple and Google using our framework and find notable shortcomings in these products. Finally, we sketch some preliminary thoughts on a solution for the smart home of the near future.
Cesar Arguello, Beatrice Perez, Timothy J. Pierson, and David Kotz.
Detecting Battery Cells with Harmonic Radar.
Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).
May 2024.
[Details]
Harmonic radar systems have been shown to be an effective method for detecting the presence of electronic devices, even if the devices are powered off. Prior work has focused on detecting specific non-linear electrical components (such as transistors and diodes) that are present in any electronic device. In this paper we show that harmonic radar is also capable of detecting the presence of batteries. We tested a proof-of-concept system on Alkaline, NiMH, Li-ion, and Li-metal batteries. With the exception of Li-metal coin cells, the prototype harmonic radar detected the presence of batteries in our experiments with 100% accuracy.
Mounib Khanafer, Logan Kostick, Chixiang Wang, Wondimu Zegeye, Weijia He, Berkay Kaplan, Nurzaman Ahmed, Kevin Kornegay, David Kotz, and Timothy Pierson.
Device Discovery in the Smart Home Environment.
Proceedings of the IEEE/ACM Workshop on the Internet of Safe Things (SafeThings).
May 2024.
[Details]
With the availability of Internet of Things (IoT) devices offering varied services, smart home environments have seen widespread adoption in the last two decades. Protecting privacy in these environments becomes an important problem because IoT devices may collect information about the home’s occupants without their knowledge or consent. Furthermore, a large number of devices in the home, each collecting small amounts of data, may, in aggregate, reveal non-obvious attributes about the home occupants. A first step towards addressing privacy is discovering what devices are present in the home. In this paper, we formally define device discovery in smart homes and identify the features that constitute discovery in that environment. Then, we propose an evaluative rubric that rates smart home technology initiatives on their device discovery capabilities and use it to evaluate four commonly deployed technologies. We find none cover all device discovery aspects. We conclude by proposing a combined technology solution that provides comprehensive device discovery tailored to smart homes.
Tushar Jois, Tina Pavlovich, Brigid McCarron, David Kotz, and Timothy Pierson.
Smart Use of Smart Devices in Your Home: A Smart Home Security and Privacy Workshop for the General Public.
Proceedings of the ACM Technical Symposium on Computer Science Education (SIGCSE).
March 2024.
[Details]
With 'smart' technology becoming more prevalent in homes, computing is increasingly embedded into everyday life. The benefits are well-advertised, but the risks associated with these technologies are not as clearly articulated. We aim to address this gap by educating community members on some of these risks, and providing actionable advice to mitigate risks. To this end, we describe our efforts to design and implement a hands-on workshop for the public on smart-home security and privacy.
Our workshop curriculum centers on the smart-home device lifecycle: obtaining, installing, using, and removing devices in a home. For each phase of the lifecycle, we present possible vulnerabilities along with preventative measures relevant to a general audience. We integrate a hands-on activity for participants to put best-practices into action throughout the presentation.
We ran our designed workshop at a science museum in June 2023, and used participant surveys to evaluate the effectiveness of our curriculum. Prior to the workshop, 38.8% of survey responses did not meet learning objectives, 22.4% partially met them, and 38.8% fully met them. After the workshop, only 9.2% of responses did not meet learning objectives, while 29.6% partially met them and 61.2% fully met them. Our experience shows that consumer-focused workshops can aid in bridging information gaps and are a promising form of outreach.
Ravindra Mangar, Jingyu Qian, Wondimu Zegeye, Mounib Khanafer, Abdulrahman AlRabah, Ben Civjan, Shalni Sundram, Sam Yuan, Carl Gunter, Kevin Kornegay, Timothy J. Pierson, and David Kotz.
Designing and Evaluating a Testbed for the Matter Protocol: Insights into User Experience.
Proceedings of the NDSS Workshop on Security and Privacy in Standardized IoT (SDIoTSec).
February 2024.
Distinguished Paper Award.
[Details]
As the integration of smart devices into our daily environment accelerates, the vision of a fully integrated smart home is becoming more achievable through standards such as the Matter protocol. In response, this research paper explores the use of Matter in addressing the heterogeneity and interoperability problems of smart homes. We built a testbed and introduce a network utility device, designed to sniff network traffic and provide a wireless access point within IoT networks. This paper also presents experience of students using the testbed in an academic scenario.
Chixiang Wang, Liam Cassidy, Weijia He, Timothy J. Pierson, and David Kotz.
Challenges and opportunities in onboarding smart-home devices.
Proceedings of the International Workshop on Mobile Computing Systems and Applications (HotMobile).
February 2024.
[Details]
Smart-home devices have become integral to daily routines, but their onboarding procedures - setting up a newly acquired smart device into operational mode - remain understudied. The heterogeneity of smart-home devices and their onboarding procedure can easily overwhelm users when they scale up their smart-home system. While Matter, the new IoT standard, aims to unify the smart-home ecosystem, it is still evolving, resulting in mixed compliance among devices. In this paper, we study the complexity of device onboarding from users' perspectives. We thus performed cognitive walkthroughs on 12 commercially available smart-home devices, documenting the commonality and distinctions of the onboarding process across these devices. We found that onboarding smart home devices can often be tedious and confusing. Users must devote significant time to creating an account, searching for the target device, and providing Wi-Fi credentials for each device they install. Matter-compatible devices are supposedly easier to manage, as they can be registered through one single hub independent of the vendor. Unfortunately, we found such a statement is not always true. Some devices still need their own companion apps and accounts to fully function. Based on our observations, we give recommendations about how to support a more user-friendly onboarding process.
- 2023:
-
Beatrice Perez, Cesar Arguello, Timothy J. Pierson, Gregory Mazzaro, and David Kotz.
Evaluating the practical range of harmonic radar to detect smart electronics.
Proceedings of the IEEE Military Communications Conference (MILCOM).
October 2023.
[Details]
Prior research has found that harmonic radar systems are able to detect the presence of electronic devices, even if the devices are powered off. These systems could be a powerful tool to help mitigate privacy invasions. For example, in a rental property devices such as cameras or microphones may be surreptitiously placed by a landlord to monitor renters without their knowledge or consent. A mobile harmonic radar system may be able to quickly scan the property and locate all electronic devices. The effective range of these systems for detecting consumer-grade electronics, however, has not been quantified. We address that shortcoming in this paper and evaluate a prototype harmonic radar system. We find the system, a variation of what has been proposed in the literature, is able to reliably detect some devices at a range of about two meters. We discuss the effect of hardware on the range of detection and propose an algorithm for automated detection.
Beatrice Perez, Timothy J. Pierson, Gregory Mazzaro, and David Kotz.
Identification and Classification of Electronic Devices Using Harmonic Radar.
Proceedings of the Distributed Computing in Smart Systems and the Internet of Things (DCOSS-IoT).
June 2023.
[Details]
Smart home electronic devices invisibly collect, process, and exchange information with each other and with remote services, often without a home occupants' knowledge or consent. These devices may be mobile or fixed and may have wireless or wired network connections. Detecting and identifying all devices present in a home is a necessary first step to control the flow of data, but there exists no universal mechanism to detect and identify all electronic devices in a space. In this paper we present ICED (Identification and Classification of Electronic Devices), a system that can (i) identify devices from a known set of devices, and (ii) detect the presence of previously unseen devices. ICED, based on harmonic radar technology, collects measurements at the first harmonic of the radar's transmit frequency. We find that the harmonic response contains enough information to infer the type of device. It works when the device has no wireless network interface, is powered off, or attempts to evade detection. We evaluate performance on a collection of 17 devices and find that by transmitting a range of frequencies we correctly identify known devices with 97.6% accuracy and identify previously unseen devices as ‘unknown’ with 69.0% balanced accuracy.
- 2022:
-
Spangler, Hillary B., Driesse, Tiffany M., Lynch, David H., Liang, Xiaohui, Roth, Robert M., Kotz, David, Fortuna, Karen, and Batsis, John A.
Privacy Concerns of Older Adults Using Voice Assistant Systems.
Journal of the American Geriatrics Society.
August 26, 2022.
[Details]
Voice assistant systems (VAS) are software platforms that complete various tasks using voice commands. It is necessary to understand the juxtaposition of younger and older adults' VAS privacy concerns as younger adults may have different concerns impacting VAS acceptance. Therefore, we examined the differences in VAS related privacy concerns across the lifespan.
Adam Vandenbussche.
TorSH: Obfuscating consumer Internet-of-Things traffic with a collaborative smart-home router network.
June 2022.
Undergraduate Thesis.
[Details]
When consumers install Internet-connected "smart devices" in their homes, metadata arising from the communications between these devices and their cloud-based service providers enables adversaries privy to this traffic to profile users, even when adequate encryption is used. Internet service providers (ISPs) are one potential adversary privy to users’ incoming and outgoing Internet traffic and either currently use this insight to assemble and sell consumer advertising profiles or may in the future do so. With existing defenses against such profiling falling short of meeting user preferences and abilities, there is a need for a novel solution that empowers consumers to defend themselves against profiling by ISP-like actors and that is more in tune with their wishes. In this thesis, we present The Onion Router for Smart Homes (TorSH), a network of smart-home routers working collaboratively to defend smart-device traffic from analysis by ISP-like adversaries. We demonstrate that TorSH succeeds in deterring such profiling while preserving smart-device experiences and without encumbering latency-sensitive, non-smart-device experiences like web browsing.
Namya Malik.
SPLICEcube Architecture: An Extensible Wi-Fi Monitoring Architecture for Smart-Home Networks.
Master's thesis, May 2022.
[Details]
The vision of smart homes is rapidly becoming a reality, as the Internet of Things and other smart devices are deployed widely. Although smart devices offer convenience, they also create a significant management problem for home residents. With a large number and variety of devices in the home, residents may find it difficult to monitor, or even locate, devices. A central controller that brings all the home’s smart devices under secure management and a unified interface would help homeowners and residents track and manage their devices.
We envision a solution called the SPLICEcube whose goal is to detect smart devices, locate them in three dimensions within the home, securely monitor their network traffic, and keep an inventory of devices and important device information throughout the device’s lifecycle. The SPLICEcube system consists of the following components: 1) a main cube, which is a centralized hub that incorporates and expands on the functionality of the home router, 2) a database that holds network data, and 3) a set of support cubelets that can be used to extend the range of the network and assist in gathering network data.
To deliver this vision of identifying, securing, and managing smart devices, we introduce an architecture that facilitates intelligent research applications (such as network anomaly detection, intrusion detection, device localization, and device firmware updates) to be integrated into the SPLICEcube. In this thesis, we design a general-purpose Wi-Fi architecture that underpins the SPLICEcube. The architecture specifically showcases the functionality of the cubelets (Wi-Fi frame detection, Wi-Fi frame parsing, and transmission to cube), the functionality of the cube (routing, reception from cubelets, information storage, data disposal, and research application integration), and the functionality of the database (network data storage). We build and evaluate a prototype implementation to demonstrate our approach is scalable to accommodate new devices and extensible to support different applications. Specifically, we demonstrate a successful proof-of-concept use of the SPLICEcube architecture by integrating a security research application: an "Inside-Outside detection" system that classifies an observed Wi-Fi device as being inside or outside the home.
Gregory Mazzaro, Kyle Gallagher, Kelly Sherbondy, Alex Bouvy, Beatrice Perez, Timothy Pierson, and David Kotz.
Harmonic response vs. target orientation: a preliminary study of the effect of polarization on nonlinear junction detection.
Proceedings of the SPIE Radar Sensor Technology XXVI.
May 27, 2022.
[Details]
When an electromagnetically-nonlinear radar target is illuminated by a high-power stepped-frequency probe, a sequence of harmonics is unintentionally emitted by that target. Detection of the target is accomplished by receiving stimulated emissions somewhere in the sequence, while ranging is accomplished by processing amplitude and phase recorded at multiple harmonics across the sequence. The strength of the harmonics reflected from an electronic target depends greatly upon the orientation of that target (or equivalently, the orientation of the radar antennas). Data collected on handheld wireless devices reveals the harmonic angular-dependence of commercially-available electronics. Data collected on nonlinearly-terminated printed circuit boards implies the origin of this dependency. The results of this work suggest that electronic targets may be classified and ultimately identified by their unique harmonic-response-vs.-angle patterns.
Beatrice Perez, Gregory Mazzaro, Timothy J. Pierson, and David Kotz.
Detecting the Presence of Electronic Devices in Smart Homes Using Harmonic Radar.
Remote Sensing.
January 2022.
Special issue on Nonlinear Junction Detection and Harmonic Radar.
[Details]
Data about users is collected constantly by phones, cameras, Internet websites, and others. The advent of so-called ‘Smart Things' now enable ever-more sensitive data to be collected inside that most private of spaces: the home. The first step in helping users regain control of their information (inside their home) is to alert them to the presence of potentially unwanted electronics. In this paper, we present a system that could help homeowners (or home dwellers) find electronic devices in their living space. Specifically, we demonstrate the use of harmonic radars (sometimes called nonlinear junction detectors), which have also been used in applications ranging from explosives detection to insect tracking. We adapt this radar technology to detect consumer electronics in a home setting and show that we can indeed accurately detect the presence of even ‘simple’ electronic devices like a smart lightbulb. We evaluate the performance of our radar in both wired and over-the-air transmission scenarios.
- 2021:
-
Travis Peters, Timothy J. Pierson, Sougata Sen, José Camacho, and David Kotz.
Recurring Verification of Interaction Authenticity Within Bluetooth Networks.
Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2021).
June 2021.
[Details]
Although user authentication has been well explored, device-to-device authentication – specifically in Bluetooth networks – has not seen the same attention. We propose Verification of Interaction Authenticity (VIA) – a recurring authentication scheme based on evaluating characteristics of the communications (interactions) between devices. We adapt techniques from wireless traffic analysis and intrusion detection systems to develop behavioral models that capture typical, authentic device interactions (behavior); these models enable recurring verification of device behavior. To evaluate our approach we produced a new dataset consisting of more than 300 Bluetooth network traces collected from 20 Bluetooth-enabled smart-health and smart-home devices. In our evaluation, we found that devices can be correctly verified at a variety of granularities, achieving an F1-score of 0.86 or better in most cases.
Paul Gralla.
An inside vs. outside classification system for Wi-Fi IoT devices.
June 2021.
Undergraduate Thesis.
[Details]
We are entering an era in which Smart Devices are increasingly integrated into our daily lives. Everyday objects are gaining computational power to interact with their environments and communicate with each other and the world via the Internet. While the integration of such devices offers many potential benefits to their users, it also gives rise to a unique set of challenges. One of those challenges is to detect whether a device belongs to one’s own ecosystem, or to a neighbor – or represents an unexpected adversary. An important part of determining whether a device is friend or adversary is to detect whether a device’s location is within the physical boundaries of one’s space (e.g. office, classroom, home). In this thesis we propose a system that is able to decide with 82% accuracy whether the location of an IoT device is inside or outside of a defined space based on a small number of transmitted Wi- Fi frames. The classification is achieved by leveraging a machine-learning classifier trained and tested on RSSI data of Wi-Fi transmissions recorded by three or more observers. In an initialization phase the classifier is trained by the user on Wi-Fi transmissions of a variety of locations, inside (and outside). The system can be built with off-the-shelf Wi-Fi observing devices that do not require any special hardware modifications. With the exception of the training period, the system can accurately classify the indoor/outdoor state of target devices without any cooperation from the user or from the target devices.
[Kotz research]