Performance Evaluation for Privacy-preserving Control of Domestic IoT Devices

TL;DR

This paper proposes a privacy-preserving home network model for IoT devices using WireGuard VPN, demonstrating improved remote access performance and enhanced security by limiting direct internet exposure of IoT devices.

Contribution

It introduces a novel network design that enhances IoT privacy and security by restricting device exposure and enabling secure remote access with VPN, validated through real-world testing.

Findings

VPN-based remote access improves end-to-end delay across various networks

Performance with HTTP is better over VPN than direct connection

HTTPS performance over VPN is comparable to direct connection

Abstract

Most of the existing models for deploying IoT ecosystem involves the vendor being in the loop of the command and control of IoT devices hence users' privacy and security is one of the main challenges. Despite these concerns, users are often faced with a choice between limiting the device functionality or enabling internet access to the IoT devices by signing up to the vendor centralized model in order to access their device from outside their home. In this paper, we argue that although IoT is promising a revolutionary way of offering services to users, most of these devices shouldn't be allowed to have Internet access due to the increased risks to privacy and security. We present an alternative home networking design model which limits the exposure of IoT devices, and enable seamless access to their functionality from outside the home using WireGuard (WG), a state-of-the-art Virtual Private Network (VPN) protocol. We built a test-bed using off-the-shelf IoT devices for testing our proposed network design under various conditions; including access from Home, 4G, Office and Public Wifi networks. We show that our VPN-based remote access to the IoT device offers a better performance in terms of end-to-end delay in all scenarios when using Hypertext Transport Protocol (HTTP) and comparable performance when using double encryption Hypertext Transport Protocol Secure (HTTPS) over the VPN.