Fingerprinting Mainstream IoT Platforms Using Traffic Analysis

Abstract

The Internet of Things (IoT) platforms have been widely used in many application scenarios, especially for the smart home. Under the management of the IoT platform, a massive amount of IoT devices have been connected between remote cloud servers and users’ mobile terminals. While bringing unprecedented convenience for device manufacturers and smart home users, the existence of mainstream IoT platforms has also become the primary target for malicious attackers. Thus, many intrusion detection mechanisms of specific IoT platform traffic have been proposed. However, as a prerequisites work of intrusion detection or vulnerability assessment, identifying target IoT platform traffic among real-world network traffic has not been deeply studied. Given this situation, we first time proposed and achieved “ <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">fingerprinting</i> ” for IoT platform traffic. We designed a set of standardized workflows of traffic capturing, fingerprint feature extraction, and fingerprint model construction. Based on such workflow, we implemented a software tool named IoTPF for distinguishing the traffic between the mobile terminal and remote server of different mainstream IoT platforms among network traffic. We also tested the usability and performance of IoTPF. Finally, we discuss the application scenarios of fingerprinting on IoT platforms.