Analysis of IoT Traffic using HTTP Proxy

Abstract

In this current era of Internet of Things, data privacy and security of internet enabled devices has become a major concern of many users and manufacturers. Massive amount of data is being generated by these IoT devices and there might be possibilities of user's information being exposed without any privacy protection. The rate of data transfer, size, kind of information transmitted and secure channels used by these IoT devices are of utmost importance and demand more exploratory research. It is not all IoT devices that utilize encryption in their data transmission and those devices that incorporate such security measure can be compromised by the interception of generated traffic via proxy server and its decryption. In this paper, we explore and investigate the data being transmitted by six representative IoT devices and analyze the data, using a proxy server to capture both HTTP and HTTPS traffic. Our results show that one of the IoT devices transmit data in plain text while others utilize encryption. User's information, MAC address and IP address were identified in our data analysis. We propose that IoT devices should not allow proxy connections and implement machine learning algorithms to detect proxies using network connection information.