Internet-of-Things Privacy in WiFi Networks: Side-Channel Leakage and Mitigations

Author

Mnassar Alyami, University of Central FloridaFollow

Keywords

IoT Privacy, Device Fingerprinting, Eavesdropping, Traffic Analysis Countermeasure; Traffic shaping

Abstract

WiFi networks are susceptible to statistical traffic analysis attacks. Despite encryption, the metadata of encrypted traffic, such as packet inter-arrival time and size, remains visible. This visibility allows potential eavesdroppers to infer private information in the Internet of Things (IoT) environment. For example, it allows for the identification of sleep monitors and the inference of whether a user is awake or asleep.

WiFi eavesdropping theoretically enables the identification of IoT devices without the need to join the victim's network. This attack scenario is more realistic and much harder to defend against, thus posing a real threat to user privacy. However, researchers have not thoroughly investigated this type of attack due to the noisy nature of wireless channels and the relatively low accuracy of WiFi sniffers.

Furthermore, many countermeasures proposed in the literature are inefficient in addressing side-channel leakage in WiFi networks. They often burden internet traffic with high data overhead and disrupt the user experience by introducing deliberate delays in packet transmission.

This dissertation investigates privacy leakage resulting from WiFi eavesdropping and proposes efficient defensive techniques. We begin by assessing the practical feasibility of IoT device identification in WiFi networks. We demonstrate how an eavesdropper can fingerprint IoT devices by passively monitoring the wireless channel without joining the network. After exploring this privacy attack, we introduce a traffic spoofing-based defense within the WiFi channel to protect against such threats. Additionally, we propose a more data-efficient obfuscation technique to counter traffic analytics based on packet size without adding unnecessary noise to the traffic.

Completion Date

2024

Semester

Spring

Committee Chair

Solihin, Yan

Degree

Doctor of Philosophy (Ph.D.)

College

College of Engineering and Computer Science

Department

Computer Science

Degree Program

Computer Science

Format

application/pdf

Identifier

DP0028270

URL

https://purls.library.ucf.edu/go/DP0028270

Language

English

Rights

In copyright

Release Date

May 2024

Length of Campus-only Access

None

Access Status

Doctoral Dissertation (Open Access)

Campus Location

Orlando (Main) Campus

STARS Citation

Alyami, Mnassar, "Internet-of-Things Privacy in WiFi Networks: Side-Channel Leakage and Mitigations" (2024). Graduate Thesis and Dissertation 2023-2024. 101.
https://stars.library.ucf.edu/etd2023/101

Accessibility Status

Meets minimum standards for ETDs/HUTs