HomeSnitch: behavior transparency and control for smart home IoT devices

The widespread adoption of smart home IoT devices has led to a broad and heterogeneous market with flawed security designs and privacy concerns. While the quality of IoT device software is unlikely to be fixed soon, there is great potential for a network-based solution that helps protect and inform consumers. Unfortunately, the encrypted and proprietary protocols used by devices limit the value of traditional network-based monitoring techniques. In this paper, we present HomeSnitch, a building block for enhancing smart home transparency and control by classifying IoT device communication by semantic behavior (e.g., heartbeat, firmware check, motion detection). HomeSnitch ignores payload content (which is often encrypted) and instead identifies behaviors using features of connection-oriented application data unit exchanges, which represent application-layer dialog between clients and servers. We evaluate HomeSnitch against an independent labeled corpus of IoT device network flows and correctly detect over 99% of behaviors. We further deployed HomeSnitch in a home environment and empirically evaluated its ability to correctly classify known behaviors as well as discover new behaviors. Through these efforts, we demonstrate the utility of network-level services to classify behaviors of and enforce control on smart home devices.