Extrapolation and Prediction of User Behaviour from Wireless Home Automation Communication (bibtex)
by Frederik Möllers, Sebastian Seitz, Andreas Hellmann and Christoph Sorge
Abstract:
Wireless home automation systems are becoming increasingly popular. They can help users save energy and increase the comfort.However, this increased convenience also comes with new attack vectors. Many available systems provide little to no security. In this paper, we explore the possibilities of passive attacks against these systems. We exemplarily investigate two real-world installations of off-the-shelf home automation systems to see what amount of information can be obtained by a passive adversary.Our results show that the systems provide no privacy. They leak information about the users' habits as well as their presence and can be abused to plan burglaries. Furthermore, we conclude that even encrypted communication does not fully protect against the attack presented here. In particular, it is still possible to predict user presence and absence even if individual actions cannot be identified.
Reference:
Frederik Möllers, Sebastian Seitz, Andreas Hellmann and Christoph Sorge: Extrapolation and Prediction of User Behaviour from Wireless Home Automation Communication, In 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec 2014), ACM, pp. 195–200, 2014.
Bibtex Entry:
@InProceedings{	  moellers14wireless,
  title		= {{Extrapolation and Prediction of User Behaviour from
		  Wireless Home Automation Communication}},
  author	= { Frederik M{\"o}llers AND Sebastian Seitz AND Andreas
		  Hellmann AND Christoph Sorge},
  booktitle	= {{7th ACM Conference on Security and Privacy in Wireless
		  and Mobile Networks (ACM WiSec 2014)}},
  year		= {2014},
  address	= {New York, NY, USA},
  pages		= {195--200},
  publisher	= {ACM},
  series	= {{WiSec '14}},
  abstract	= {Wireless home automation systems are becoming increasingly
		  popular. They can help users save energy and increase the
		  comfort.However, this increased convenience also comes with
		  new attack vectors. Many available systems provide little
		  to no security. In this paper, we explore the possibilities
		  of passive attacks against these systems. We exemplarily
		  investigate two real-world installations of off-the-shelf
		  home automation systems to see what amount of information
		  can be obtained by a passive adversary.Our results show
		  that the systems provide no privacy. They leak information
		  about the users' habits as well as their presence and can
		  be abused to plan burglaries. Furthermore, we conclude that
		  even encrypted communication does not fully protect against
		  the attack presented here. In particular, it is still
		  possible to predict user presence and absence even if
		  individual actions cannot be identified.},
  doi		= {10.1145/2627393.2627407},
  isbn		= {978-1-4503-2972-9},
  slides	= {https://www.uni-saarland.de/fileadmin/upload/lehrstuhl/sorge/Paper-Downloads/WiSec-2014_Slides.pdf},
  url		= {https://www.uni-saarland.de/fileadmin/upload/lehrstuhl/sorge/Paper-Downloads/WiSec-2014.pdf}
}
Powered by bibtexbrowser