Publications
2024
- PACAS: A Privacy-Aware Smart Camera SystemKeyang Yu, and Dong ChenIn 2024 IEEE Cloud Summit, 2024
Smart cameras have been increasingly deployed in smart homes for remote monitoring and enhancing home security. However, extensive recent research has uncovered potential user privacy threats associated with popular commercial camera systems. Some manufacture design of these commercial camera systems usually requires smart camera users to relinquish their control of camera recorded data. For instance, these cameras often upload camera recordings to their cloud servers to enable advanced data analysis for camera app services. To facilitate enhanced camera services, the data may be further shared with on-path vendors, third parties of manufacturers, and cloud providers, potentially allowing them to access video footage or image captures without users’ awareness or meaningful consent. To address this problem, we design a new smart camera system-PACAS that enables people to regain the control of their data while still retaining access to regular camera services. We evaluate PACAS using multiple camera video footage traces and on multiple real-world camera prototypes. We show that PACAS can achieve the performance of 0.5 second living streaming latency at a frame rate of 30 fps and a resolution of 240x320 on average. PACAS offers compelling evidence that smart camera systems can deliver on-device modern capabilities comparable to those provided by current commercial systems, all while upholding user privacy.
@inproceedings{10630953, author = {Yu, Keyang and Chen, Dong}, booktitle = {2024 IEEE Cloud Summit}, title = {PACAS: A Privacy-Aware Smart Camera System}, year = {2024}, volume = {}, number = {}, pages = {170-177}, keywords = {Cloud computing;Privacy;Smart cameras;Prototypes;Smart homes;Streaming media;Recording;Internet of Things;User Privacy;Tiny ML}, doi = {10.1109/Cloud-Summit61220.2024.00035}, } - EWSNI Still See You: Why Existing IoT Traffic Reshaping FailsSu Wang, Keyang Yu, Qi Li, and 1 more author2024
The Internet traffic data produced by the Internet of Things (IoT) devices are collected by Internet Service Providers (ISPs) and device manufacturers, and often shared with their third parties to maintain and enhance user services. Unfortunately, on-path adversaries could infer and fingerprint users’ sensitive privacy information such as occupancy and user activities by analyzing these network traffic traces. While there’s a growing body of literature on defending against this side-channel attack-malicious IoT traffic analytics (TA), there’s currently no systematic method to compare and evaluate the comprehensiveness of these existing studies. To address this problem, we design a new low-cost, open-source system framework-IoT Traffic Exposure Monitoring Toolkit (ITEMTK) that enables people to comprehensively examine and validate prior attack models and their defending approaches. In particular, we also design a novel image-based attack capable of inferring sensitive user information, even when users employ the most robust preventative measures in their smart homes. Researchers could leverage our new image-based attack to systematize and understand the existing literature on IoT traffic analysis attacks and preventing studies. Our results show that current defending approaches are not sufficient to protect IoT device user privacy. IoT devices are significantly vulnerable to our new image-based user privacy inference attacks, posing a grave threat to IoT device user privacy. We also highlight potential future improvements to enhance the defending approaches. ITEMTK’s flexibility allows other researchers for easy expansion by integrating new TA attack models and prevention methods to benchmark their future work.
@misc{wang2024iyouexistingiot, title = {I Still See You: Why Existing IoT Traffic Reshaping Fails}, author = {Wang, Su and Yu, Keyang and Li, Qi and Chen, Dong}, year = {2024}, eprint = {2406.10358}, archiveprefix = {arXiv}, primaryclass = {cs.CR}, url = {https://arxiv.org/abs/2406.10358}, }
2023
- ICCCNPAROS: The Missing “Puzzle” in Smart Home Router Operating SystemsKeyang Yu, and Dong ChenIn 2023 32nd International Conference on Computer Communications and Networks (ICCCN), 2023
The Internet of Things (IoT) devices have been increasingly deployed in smart homes for automation. Unfortunately, extensive recent research shows that external on-path adversaries can infer and fingerprint user sensitive in-home activities by analyzing IoT network traffic rates alone. Most recent traffic padding-based defending approaches cannot sufficiently protect user privacy with reasonable traffic overhead. In addition, these approaches typically assume the installation of additional hub hardware in smart homes to host their traffic padding-based defending approaches. To address these problems, we design a new open-source traffic reshaping system—privacy as a router operating system service (PAROS) that enables smart home users to significantly reduce private information leaked through IoT network traffic rates. PAROS does not assume the installation of any additional hardware device. We evaluate PAROS on open-source router Operating System (OS)—OpenWrt enabled virtual machine and also two real best-selling home routers. We find that PAROS can effectively prevent a wide range of state-of-the-art adversarial machine learning-based user in-home activity inference attacks, with near-zero system overhead increasing.
@inproceedings{10230103, author = {Yu, Keyang and Chen, Dong}, booktitle = {2023 32nd International Conference on Computer Communications and Networks (ICCCN)}, title = {PAROS: The Missing “Puzzle” in Smart Home Router Operating Systems}, year = {2023}, volume = {}, number = {}, pages = {1-10}, keywords = {Privacy;Automation;Operating systems;Smart homes;Telecommunication traffic;Fingerprint recognition;Hardware;Internet of Things;User Privacy;Machine Learning;Router OS;Data Analytics}, doi = {10.1109/ICCCN58024.2023.10230103}, }
2022
- CNSTrafficSpy: Disaggregating VPN-encrypted IoT Network Traffic for User Privacy InferenceQi Li, Keyang Yu, Dong Chen, and 2 more authorsIn 2022 IEEE Conference on Communications and Network Security (CNS), 2022
People have been increasingly deploying the Internet of Things (IoT) devices to monitor and control their environments. Unfortunately, extensive recent research has shown that IoT devices are vulnerable to multiple adversarial attacks, which analyze their network traffic to reveal a wide range of sensitive private information about user in-home activities. Thus, smart home users recently have a keen interest in employing virtual private networks (VPN) to obscure their privacy information in their IoT network traffic. Our key insight is that VPN-encrypted IoT network traffic data is not anonymous, since this aggregate traffic data can still be disaggregated into individual IoT device traffic data. And this individual IoT device traffic may have an identifiable traffic signature that already embeds detailed user sensitive information. To explore the severity and extent of this privacy threat, we design a new factorial hidden Markov model (FHMM)-based smart home network traffic disaggregator-TrafficSpy that can accurately disaggregate VPN-encrypted whole-house IoT network traffic data into individual IoT device network traffic data. We evaluate TrafficSpy using VPN network traffic data from three smart homes. We find that TrafficSpy can disaggregate VPN traffic data into individual IoT device data accurately. We also show that the disaggregated traffic traces can be further attacked by smart and adaptive adversaries and thus reveal user sensitive information. TrafficSpy represents a serious privacy threat, but also a potentially useful tool that provides important contextual information for smart home monitoring and automation.
@inproceedings{9947251, author = {Li, Qi and Yu, Keyang and Chen, Dong and Sha, Mo and Cheng, Long}, booktitle = {2022 IEEE Conference on Communications and Network Security (CNS)}, title = {TrafficSpy: Disaggregating VPN-encrypted IoT Network Traffic for User Privacy Inference}, year = {2022}, volume = {}, number = {}, pages = {145-153}, keywords = {Privacy;Data privacy;Hidden Markov models;Telecommunication traffic;Smart homes;Network security;Virtual private networks;Disaggregation;IoT Privacy;Smart Homes;Machine Learning;Deep Learning}, doi = {10.1109/CNS56114.2022.9947251}, }
2021
- IGSCSolarDiagnostics: Automatic damage detection on rooftop solar photovoltaic arraysQi Li, Keyang Yu, and Dong ChenSustainable Computing: Informatics and Systems, 2021
Homeowners are increasingly deploying rooftop solar photovoltaic (PV) arrays due to the rapid decline in solar module prices. However, homeowners may have to spend up to ∼$375 to diagnose their damaged rooftop solar PV system. Thus, recently, there is a rising interest to inspect potential damage on solar PV arrays automatically and passively. Unfortunately, recent approaches that leverage machine learning techniques have the limitation of distinguishing solar PV array damages from other solar degradation (e.g., shading, dust, snow). To address this problem, we design a new system—SolarDiagnostics that can automatically detect and profile damages on rooftop solar PV arrays using their rooftop images with a lower cost. In essence, SolarDiagnostics first leverages an K-Means algorithm to isolate rooftop objects to extract solar panel residing contours. Then, SolarDiagnostics employs a convolutional neural networks to accurately identify and characterize the damage on each solar panel residing contour. We evaluate SolarDiagnostics by building a lower cost prototype and using 60,000 damaged solar PV array images generated by deep convolutional generative adversarial networks. We find that SolarDiagnostics is able to detect damaged solar PV arrays with a Matthews correlation coefficient (MCC) of 1.0. In addition, pre-trained SolarDiagnostics yields an MCC of 0.95, which is significantly better than other re-trained machine learning-based approaches and yields as the similar MCC as of re-trained SolarDiagnostics. We make the source code and datasets that we use to build and evaluate SolarDiagnostics publicly-available.
@article{LI2021100595, title = {SolarDiagnostics: Automatic damage detection on rooftop solar photovoltaic arrays}, journal = {Sustainable Computing: Informatics and Systems}, volume = {32}, pages = {100595}, year = {2021}, issn = {2210-5379}, doi = {https://doi.org/10.1016/j.suscom.2021.100595}, url = {https://www.sciencedirect.com/science/article/pii/S2210537921000834}, author = {Li, Qi and Yu, Keyang and Chen, Dong}, keywords = {Solar energy, Deep learning, Machine learning, Anomaly detection}, } - IPSNPrivacyGuard: Enhancing Smart Home User PrivacyKeyang Yu, Qi Li, Dong Chen, and 2 more authorsIn Proceedings of the 20th International Conference on Information Processing in Sensor Networks (Co-Located with CPS-IoT Week 2021), Nashville, TN, USA, 2021
The Internet of Things (IoT) devices have been increasingly deployed in smart homes and smart buildings to monitor and control their environments. The Internet traffic data produced by these IoT devices are collected by Internet Service Providers (ISPs) and IoT device manufacturers, and often shared with third-parties to maintain and enhance user services. Unfortunately, extensive recent research has shown that on-path adversaries can infer and fingerprint users’ sensitive privacy information such as occupancy and user in-home activities by analyzing IoT network traffic traces. Most recent approaches that aim at defending against these malicious IoT traffic analytics can not sufficiently protect user privacy with reasonable traffic overhead. In particular, many approaches did not consider practical limitations, e.g., network bandwidth, maximum package injection rate or actual user in-home behavior in their design.To address this problem, we design a new low-cost, open-source user "tunable" defense system—PrivacyGuard that enables users to significantly reduce the private information leaked through IoT device network traffic data, while still permitting sophisticated data analytics or control that is necessary in smart home management. In essence, our approach employs intelligent deep convolutional generative adversarial networks (DCGANs)-based IoT device traffic signature learning, long short-term memory (LSTM)-based artificial traffic signature injection, and partial traffic reshaping to obfuscate private information that can be observed in IoT device traffic traces. We evaluate PrivacyGuard using IoT network traffic traces of 31 IoT devices from 5 smart homes. We find that PrivacyGuard can effectively prevent a wide range of state-of-the-art machine learning-based and deep learning-based occupancy and other 9 user in-home activity detection attacks. We release the source code and datasets of PrivacyGuard to IoT research community.
@inproceedings{10.1145/3412382.3458257, author = {Yu, Keyang and Li, Qi and Chen, Dong and Rahman, Mohammad and Wang, Shiqiang}, title = {PrivacyGuard: Enhancing Smart Home User Privacy}, year = {2021}, isbn = {9781450380980}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3412382.3458257}, doi = {10.1145/3412382.3458257}, booktitle = {Proceedings of the 20th International Conference on Information Processing in Sensor Networks (Co-Located with CPS-IoT Week 2021)}, pages = {62–76}, numpages = {15}, keywords = {Smart Home, Machine Learning, IoT privacy, Deep Learning}, location = {Nashville, TN, USA}, series = {IPSN '21}, }
2020
- Automatic Damage Detection on Rooftop Solar Photovoltaic ArraysQi Li, Keyang Yu, and Dong ChenIn Proceedings of the 7th ACM International Conference on Systems for Energy-Efficient Buildings, Cities, and Transportation, Virtual Event, Japan, 2020
Homeowners may spend up to 375 to diagnose their damaged rooftop solar PV systems. Thus, recently, there is a rising interest to inspect potential damage on solar PV arrays automatically and passively. Unfortunately, current approaches may not reliably distinguish solar PV array damage from other degradation (e.g., shading, dust, snow). To address this issue, we design a new system—SolarDiagnostics that can automatically detect and profile damages on rooftop solar PV arrays using their rooftop images with a lower cost. We evaluate SolarDiagnostics by building a lower cost ( 35) prototype and using 60,000 damaged solar PV array images. We find that pre-trained SolarDiagnostics is able to detect damaged solar PV arrays with a Matthews Correlation Coefficient of 0.95.
@inproceedings{10.1145/3408308.3431130, author = {Li, Qi and Yu, Keyang and Chen, Dong}, title = {Automatic Damage Detection on Rooftop Solar Photovoltaic Arrays}, year = {2020}, isbn = {9781450380614}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3408308.3431130}, doi = {10.1145/3408308.3431130}, booktitle = {Proceedings of the 7th ACM International Conference on Systems for Energy-Efficient Buildings, Cities, and Transportation}, pages = {332–333}, numpages = {2}, keywords = {Solar Energy, Machine Learning, Image Processing, Deep Learning}, location = {Virtual Event, Japan}, series = {BuildSys '20}, } - SmartAttack: Open-source Attack Models for Enabling Security Research in Smart HomesKeyang Yu, and Dong ChenIn 2020 11th International Green and Sustainable Computing Workshops (IGSC), 2020
The Internet of Things (IoT) has been erupting the world widely over the decade. Smart home and smart building owners are increasingly deploying IoT devices to monitor and control their environments due to the rapid decline in the price of IoT devices. The recent intensive research has shown that network traffic traces of IoT devices have significant cybersecurity and privacy issues. These security and privacy defending techniques have enabled sophisticated approaches to ensure security and preserve user privacy. However, due to the fact that different approaches are evaluated using their own datasets, their own developed security and privacy attack models, and their own evaluating metrics, it is being significantly difficult to make a fair and comprehensive comparisons among different IoT security strengthening and user privacy preserving research to better understand IoT security issues and end-user benefits. To address this problem, we present a deep learning-based adversarial attack model framework-SmartAttack, which enables a set of sophisticated adversarial attack models that can be leveraged by researchers and industrial users from IoT security community to better evaluate their work. In essence, we leverage the most widely used unsupervised machine learning and deep learning models to design and implement these attack models. SmartAttack also provides user options to select the detailed configuration for each attack model, such as kernel, dataset splitting, cross-validation states, and evaluating metrics. We also evaluate the performance of SmartAttack using two different datasets. In addition, we made the source codes and the related datasets of SmartAttack publicly-available on our research website such that researchers can use our SmartAttack to benchmark their security strengthening and privacy-preserving approaches.
@inproceedings{9290797, author = {Yu, Keyang and Chen, Dong}, booktitle = {2020 11th International Green and Sustainable Computing Workshops (IGSC)}, title = {SmartAttack: Open-source Attack Models for Enabling Security Research in Smart Homes}, year = {2020}, volume = {}, number = {}, pages = {1-8}, keywords = {Security;Smart homes;Measurement;Data models;Data privacy;Training;Privacy;Deep Learning;IoT security;Adversarial Machine Learning;Attack Models;User Privacy}, doi = {10.1109/IGSC51522.2020.9290797}, }