Abstract
Personalized IoT adapt their behavior based on contextual information, such as user behavior and location. Unfortunately, the fact that personalized IoT adapt to user context opens a side-channel that leaks private information about the user. To that end, we start by studying the extent to which a malicious eavesdropper can monitor the actions taken by an IoT system and extract user's private information. In particular, we show two concrete instantiations (in the context of mobile phones and smart homes) of a new category of spyware which we refer to as Context-Aware Adaptation Based Spyware (SpyCon). Experimental evaluations show that the developed SpyCon can predict users' daily behavior with an accuracy of 90.3%. Being a new spyware with no known prior signature or behavior, traditional spyware detection that is based on code signature or system behavior are not adequate to detect SpyCon. We discuss possible detection and mitigation mechanisms that can hinder the effect of SpyCon.
Author supplied keywords
Cite
CITATION STYLE
Elmalaki, S., Ho, B. J., Alzantot, M., Shoukry, Y., & Srivastava, M. (2019). SpyCon: Adaptation based spyware in human-in-the-loop IoT. In Proceedings - 2019 IEEE Symposium on Security and Privacy Workshops, SPW 2019 (pp. 163–168). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/SPW.2019.00039
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.