You Can Glimpse but You Cannot Identify: Protect IoT Devices from Being Fingerprinted

Tan, S; Yu, S; Liu, W; He, D; Chan, S

You Can Glimpse but You Cannot Identify: Protect IoT Devices from Being Fingerprinted

Tan, S Yu, S

Liu, W He, D Chan, S

Permalink

Publisher:: Institute of Electrical and Electronics Engineers (IEEE)
Publication Type:: Journal Article
Citation:: IEEE Transactions on Dependable and Secure Computing, 2023, PP, (99), pp. 1-14
Issue Date:: 2023-01-01

Closed Access

	Filename	Description	Size
	You_Can_Glimpse_but_You_Cannot_Identify_Protect_IoT_Devices_from_Being_Fingerprinted.pdf	Published version	5.24 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Tan, S
dc.contributor.author	Yu, S https://orcid.org/0000-0003-4485-6743
dc.contributor.author	Liu, W
dc.contributor.author	He, D
dc.contributor.author	Chan, S
dc.date.accessioned	2024-02-14T23:21:54Z
dc.date.available	2024-02-14T23:21:54Z
dc.date.issued	2023-01-01
dc.identifier.citation	IEEE Transactions on Dependable and Secure Computing, 2023, PP, (99), pp. 1-14
dc.identifier.issn	1545-5971
dc.identifier.issn	1941-0018
dc.identifier.uri	http://hdl.handle.net/10453/175683
dc.description.abstract	With pervasive IoT networking, traffic-analysis-based IoT fingerprinting techniques have been well researched. Though the primary motivations are identifying vulnerabilities and implementing access control, the techniques could be exploited to trace IoT users' privacy. We propose a traffic morphing scheme to protect IoT devices from being identified by fingerprinting models. The scheme mainly consists of a morphing policy learning algorithm, a rewarding model, and a time-series-based feature estimation algorithm. Backed by the timely rewarding model, a learning agent produces an optimal policy that perturbs the target fingerprinting model while preserving the original traffic function. The estimation algorithm predicts the feature vectors of unfinished flows to enable live traffic morphing. The scheme's advantage is that it requires minimal knowledge of the fingerprinting model and supports live morphing. Experimental results show that over 81% of the IoT devices become unidentifiable, and the scheme degrades the average F1 score of mainstream fingerprinting models from 0.996 to 0.526. For certain devices and target models, the scheme even reaches 100% effectiveness.
dc.language	en
dc.publisher	Institute of Electrical and Electronics Engineers (IEEE)
dc.relation.ispartof	IEEE Transactions on Dependable and Secure Computing
dc.relation.isbasedon	10.1109/TDSC.2023.3275850
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject	0803 Computer Software, 0804 Data Format, 0805 Distributed Computing
dc.subject.classification	Strategic, Defence & Security Studies
dc.subject.classification	4604 Cybersecurity and privacy
dc.subject.classification	4606 Distributed computing and systems software
dc.title	You Can Glimpse but You Cannot Identify: Protect IoT Devices from Being Fingerprinted
dc.type	Journal Article
utslib.citation.volume	PP
utslib.for	0803 Computer Software
utslib.for	0804 Data Format
utslib.for	0805 Distributed Computing
pubs.organisational-group	University of Technology Sydney
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
pubs.organisational-group	University of Technology Sydney/Strength - CCSP - Centre for Cyber Security and Privacy
utslib.copyright.status	closed_access	*
dc.date.updated	2024-02-14T23:21:53Z
pubs.issue	99
pubs.publication-status	Published
pubs.volume	PP
utslib.citation.issue	99

Abstract:

With pervasive IoT networking, traffic-analysis-based IoT fingerprinting techniques have been well researched. Though the primary motivations are identifying vulnerabilities and implementing access control, the techniques could be exploited to trace IoT users' privacy. We propose a traffic morphing scheme to protect IoT devices from being identified by fingerprinting models. The scheme mainly consists of a morphing policy learning algorithm, a rewarding model, and a time-series-based feature estimation algorithm. Backed by the timely rewarding model, a learning agent produces an optimal policy that perturbs the target fingerprinting model while preserving the original traffic function. The estimation algorithm predicts the feature vectors of unfinished flows to enable live traffic morphing. The scheme's advantage is that it requires minimal knowledge of the fingerprinting model and supports live morphing. Experimental results show that over 81% of the IoT devices become unidentifiable, and the scheme degrades the average F1 score of mainstream fingerprinting models from 0.996 to 0.526. For certain devices and target models, the scheme even reaches 100% effectiveness.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/175683