PingPong: Packet-Level Signatures for Smart Home Devices

Project Page: Packet-Level Signatures for Smart Home Devices

Summary: Smart home devices are vulnerable to passive inference attacks based on network traffic, even in the presence of encryption. In this paper, we present PingPong, a tool that can automatically extract packet-level signatures for device events (e.g., light bulb turning ON/OFF) from network traffic. We evaluated PingPong on popular smart home devices ranging from smart plugs and thermostats to cameras, voice-activated devices, and smart TVs. We were able to: (1) automatically extract previously unknown signatures that consist of simple sequences of packet lengths and directions; (2) use those signatures to detect the devices or specific events with an average recall of more than 97%; (3) show that the signatures are unique among hundreds of millions of packets of real world network traffic; (4) show that our methodology is also applicable to publicly available datasets; and (5) demonstrate its robustness in different settings: events triggered by local and remote smartphones, as well as by home-automation systems.

Smart TV

Project Page: The TV is Smart and Full of Trackers

Summary: In this paper, we present a large-scale measurement study of the smart TV advertising and tracking ecosystem. First, we illuminate the network behavior of smart TVs as used in the wild by analyzing network traffic collected from residential gateways. We find that smart TVs connect to well-known and platform- specific advertising and tracking services (ATSes). Second, we design and implement software tools that systematically explore and collect traffic from the top-1000 apps on two popular smart TV platforms, Roku and Amazon Fire TV. We discover that a subset of apps communicate with a large number of ATSes, and that some ATS organizations only appear on certain platforms, showing a possible segmentation of the smart TV ATS ecosystem across platforms. Third, we evaluate the (in)effectiveness of DNS-based blocklists in preventing smart TVs from accessing ATSes. We highlight that even smart TV-specific blocklists suffer from missed ads and incur functionality breakage. Finally, we examine our Roku and Fire TV datasets for exposure of personally identifiable information (PII) and find that hundreds of apps exfiltrate PII to third parties and platform domains. We also find evidence that some apps send the advertising ID alongside static PII values, effectively eliminating the user’s ability to opt out of ad personalization.

Mobile Coverage (Signal) Maps

Project Page: Mobile Coverage (Signal) Maps

Summary: Mobile signal strength (coverage) maps are of great importance to cellular operators for network planning and operation particularly with the upcoming 5G deployments, however they are expensive to obtain, inaccurate in some locations, imperfectly reflective of call quality outcomes and potentially constructed from biased samples. In this project, we develop both mobile network data collection tools as well as a principal ML prediction framework to address the signal strength maps prediction challenges. First, we develop a user-space app to collect signal strength information from Android devices. Second, we develop machine learning (ML) predictors based on random-forests (RFs) which utilizes a rich set of features including location as well as time, cell ID, device hardware and other features. Our technique improves the tradeoff between prediction error and number of measurements needed compared to state-of- the-art data-driven predictors, i.e., requiring 80% less measurements for the same prediction accuracy, or reduces the relative error by 17% for the same number of measurements. For more information, please visit the project’s page.


Project Page: NoMoAds

Summary: Although advertising is a popular strategy for mobile app monetization, it is often desirable to block ads in order to improve usability, performance, privacy, and security. In this paper, we propose NoMoAds to block ads served by any app on a mobile device. NoMoAds leverages the network interface as a universal vantage point: it can intercept, inspect, and block outgoing packets from all apps on a mobile device. NoMoAds extracts features from packet headers and/or payload to train machine learning classifiers for detecting ad requests. To evaluate NoMoAds, we collect and label a new dataset using both EasyList and manually created rules. We show that NoMoAds is effective: it achieves an F-score of up to 97.8% and performs well when deployed in the wild. Furthermore, NoMoAds is able to detect mobile ads that are missed by EasyList (more than one-third of ads in our dataset). We also show that NoMoAds is efficient: it performs ad classification on a per-packet basis in real-time. To the best of our knowledge, NoMoAds is the first mobile ad-blocker to effectively and efficiently block ads served across all apps using a machine learning approach.

Network Sampling and Construction

Project Page: III

Summary:  The goal of this project is to study network data that are generated in the context of mobile and/or online social networks. The project develops methods for (i) network sampling to facilitate inference for network structure and/or attributes and, conversely, for (ii) construction of networks with target characteristics. The methods aim at improving the state-of-the-art in network inference and network data anonymization, with target application domains primarily mobile and social network data. Here is the NSF Abstract.


Project Page: AntMonitor

Summary: AntMonitor is mobile software that runs on the mobile device, and passively monitors all packets in and out of the network interface. We designed AntMonitor as a VPN-based service, and we developed and compared two versions of the architecture: Client-Server and Mobile-Only. We demonstrated  the lean performance of the AntMonitor Mobile-Only prototype, in terms of throughput and energy, and compared it to  the Client-Server one, as well as other state-of-the-art VPN-based approaches. For example, it achieves speeds of over 90 Mbps (downlink) and 65 Mbps (uplink), which are 2x and 8x throughput of existing mobile-only approaches, and at 94% of the throughput without VPN,  while using 2–12x less energy. AntMonitor can be used as a tool to support a number of passive monitoring applications, including: real-time detection and prevention of private information leakage from the device to the network; packet classification to predict a number of properties including ads, applications, etc based on packet headers; and passive performance measurements.