The privacy threat of IoT device traffic rate metadata

The privacy threat of IoT device traffic rate metadata

By | May 29th, 2017
No Comments on The privacy threat of IoT device traffic rate metadata

Even though many IoT devices for smart homes encrypt their traffic, a

passive network observer – e.g. an ISP, or a neighborhood WiFi

eavesdropper – can infer consumer behavior and sensitive details about

users from IoT device-associated traffic rate metadata.


A group of researchers from the Computer Science Department of Princeton University have proven this fact by setting up smart home laboratory with a passive network tap, and examining the traffic rates of four IoT smart home devices.

The researchers noted that encryption alone does not provide adequate privacy protection for smart homes, as their analysis did not rely on deep packet inspection, just send/receive rates of encrypted traffic.

“A systematic solution for preserving consumer privacy would therefore require ob- fuscating or shaping all smart home traffic to mask variations that encode real world behavior,” they pointed out, and added that such a solution should ideally not negatively impact IoT device performance, should respect data limits, and should not require modification of proprietary device software.

The researchers are aware that each of these solutions is not currently ideal. For example, all the tested IoT devices have limited or no functionality when firewalled to prevent communication outside of the smart home LAN, and that’s something that definitely won’t work both for users and manufacturers.


Nisheeth Bhakuni