VindiCo: Privacy Safeguard Against Adaptation Based Spyware in Human-in-the-Loop IoT
Salma Elmalaki, Bo-Jhang Ho, Moustafa Alzantot, Yasser Shoukry, and, Mani Srivastava
TL;DR
VindiCo is a novel detection and mitigation system designed to protect user privacy against a new category of context-aware spyware in IoT devices, effectively reducing spyware inference accuracy to baseline levels.
Contribution
The paper introduces VindiCo, a new information-based detection engine and mitigation techniques tailored for unknown spyware without prior signatures.
Findings
SpyCon can predict user behavior with 90.3% accuracy.
VindiCo reduces SpyCon's inference accuracy to baseline levels.
VindiCo operates with negligible overhead.
Abstract
Personalized IoT adapts their behavior based on contextual information, such as user behavior and location. Unfortunately, the fact that personalized IoT adapts to user context opens a side-channel that leaks private information about the user. To that end, we start by studying the extent to which a malicious eavesdropper can monitor the actions taken by an IoT system and extract users' private information. In particular, we show two concrete instantiations (in the context of mobile phones and smart homes) of a new category of spyware which we refer to as Context-Aware Adaptation Based Spyware (SpyCon). Experimental evaluations show that the developed SpyCon can predict users' daily behavior with an accuracy of 90.3%. The rest of this paper is devoted to introducing VindiCo, a software mechanism designed to detect and mitigate possible SpyCon. Being new spyware with no known prior…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.