BibTeX for papers by David Kotz; for complete/updated list see https://www.cs.dartmouth.edu/~kotz/research/papers.html @InProceedings{zegeye:icnet25, author = {Wondimu K. Zegeye and Ravindra Mangar and Jingyu Qian and Vinton Morris and Mounib Khanafer and Kevin Kornegay and Timothy J. Pierson and David Kotz}, title = {{Comparing smart-home devices that use the Matter protocol}}, booktitle = {{Proceedings of the International Workshop on Intelligent Communication Network Technologies (ICNET'25)}}, year = 2025, month = {January}, publisher = {IEEE}, copyright = {IEEE}, URL = {https://www.cs.dartmouth.edu/~kotz/research/zegeye-icnet25/index.html}, note = {Accepted for publication}, abstract = {This paper analyzes Google Home, Apple HomeKit, Samsung SmartThings, and Amazon Alexa platforms, focusing on their integration with the Matter protocol. Matter is a connectivity standard developed by the Connectivity Standards Alliance (CSA) for the smart-home industry. By examining key features and qualitative metrics, this study aims to provide valuable insights for consumers and industry professionals in making informed decisions about smart-home devices. We conducted (from May to August 2024) a comparative analysis to explore how Google Home Nest, Apple Homepod Mini, Samsung SmartThings station, and Amazon Echo Dot platforms leverage the power of Matter to provide seamless and integrated smart-home experiences.}, } @InProceedings{arguello:battery, author = {Cesar Arguello and Beatrice Perez and Timothy J. Pierson and David Kotz}, title = {{Detecting Battery Cells with Harmonic Radar}}, booktitle = {{Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)}}, year = 2024, month = {May}, pages = {231--236}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3643833.3656137}, URL = {https://www.cs.dartmouth.edu/~kotz/research/arguello-battery/index.html}, abstract = {Harmonic radar systems have been shown to be an effective method for detecting the presence of electronic devices, even if the devices are powered off. Prior work has focused on detecting specific non-linear electrical components (such as transistors and diodes) that are present in any electronic device. In this paper we show that harmonic radar is also capable of detecting the presence of batteries. We tested a proof-of-concept system on Alkaline, NiMH, Li-ion, and Li-metal batteries. With the exception of Li-metal coin cells, the prototype harmonic radar detected the presence of batteries in our experiments with 100\% accuracy.}, } @InProceedings{he:ci-survey, author = { Weijia He and Nathan Reitinger and Atheer Almogbil and Yi-Shyuan Chiang and Timothy J. Pierson and David Kotz }, title = {{Contextualizing Interpersonal Data Sharing in Smart Homes}}, booktitle = {{Proceedings of the Privacy Enhancing Technologies Symposium (PETS)}}, year = 2024, month = {July}, volume = 2024, number = 2, pages = {295--312}, copyright = {Creative Commons Attribution 4.0}, DOI = {10.56553/popets-2024-0051}, URL = {https://www.cs.dartmouth.edu/~kotz/research/he-ci-survey/index.html}, abstract = { A key feature of smart home devices is monitoring the environment and recording data. These devices provide security via motion-detection video alerts, cost-savings via thermostat usage history, and peace of mind via functions like auto-locking doors or water leak detectors. At the same time, the sharing of this information in interpersonal relationships---though necessary---is currently accomplished on an all-or-nothing basis. This can easily lead to oversharing in a multi-user environment. Although prior work has studied people's perceptions of information sharing with vendors or ISPs, the sharing of household data among users who interact personally is less well understood. Interpersonal situations make data sharing much more context-based and, thus, more complicated. In this paper, we use themes from the theory of contextual integrity in an online survey (n{$=$}1,992) to study how people perceive data sharing with others in smart homes and inform future designs and research. Our results show that data recipients in a smart home can be reduced to three major groups, and data types matter more than device types. We also found that the types of access control desired by users can vary from scenario to scenario. Depending on whom they are sharing data with and about what data, participants expressed varying levels of comfort when presented with different types of access control (e.g., explicit approval versus time-limited access). Taken together, this provides strong evidence that a more dynamic access control system is needed, and we can design it in a more usable way.}, } @InProceedings{jois:sigcse, author = {Tushar Jois and Tina Pavlovich and Brigid McCarron and David Kotz and Timothy Pierson}, title = {{Smart Use of Smart Devices in Your Home: A Smart Home Security and Privacy Workshop for the General Public}}, booktitle = {{Proceedings of the ACM Technical Symposium on Computer Science Education (SIGCSE)}}, year = 2024, month = {March}, pages = {611--617}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3626252.3630925}, URL = {https://www.cs.dartmouth.edu/~kotz/research/jois-sigcse/index.html}, abstract = {With 'smart' technology becoming more prevalent in homes, computing is increasingly embedded into everyday life. The benefits are well-advertised, but the risks associated with these technologies are not as clearly articulated. We aim to address this gap by educating community members on some of these risks, and providing actionable advice to mitigate risks. To this end, we describe our efforts to design and implement a hands-on workshop for the public on smart-home security and privacy. \par Our workshop curriculum centers on the smart-home device lifecycle: obtaining, installing, using, and removing devices in a home. For each phase of the lifecycle, we present possible vulnerabilities along with preventative measures relevant to a general audience. We integrate a hands-on activity for participants to put best-practices into action throughout the presentation. \par We ran our designed workshop at a science museum in June 2023, and used participant surveys to evaluate the effectiveness of our curriculum. Prior to the workshop, 38.8\% of survey responses did not meet learning objectives, 22.4\% partially met them, and 38.8\% fully met them. After the workshop, only 9.2\% of responses did not meet learning objectives, while 29.6\% partially met them and 61.2\% fully met them. Our experience shows that consumer-focused workshops can aid in bridging information gaps and are a promising form of outreach.}, } @InProceedings{khanafer:discovery, author = {Mounib Khanafer and Logan Kostick and Chixiang Wang and Wondimu Zegeye and Weijia He and Berkay Kaplan and Nurzaman Ahmed and Kevin Kornegay and David Kotz and Timothy Pierson}, title = {{Device Discovery in the Smart Home Environment}}, booktitle = {{Proceedings of the IEEE/ACM Workshop on the Internet of Safe Things (SafeThings)}}, year = 2024, month = {May}, pages = {298--304}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/SPW63631.2024.10705647}, URL = {https://www.cs.dartmouth.edu/~kotz/research/khanafer-discovery/index.html}, abstract = {With the availability of Internet of Things (IoT) devices offering varied services, smart home environments have seen widespread adoption in the last two decades. Protecting privacy in these environments becomes an important problem because IoT devices may collect information about the home's occupants without their knowledge or consent. Furthermore, a large number of devices in the home, each collecting small amounts of data, may, in aggregate, reveal non-obvious attributes about the home occupants. A first step towards addressing privacy is discovering what devices are present in the home. In this paper, we formally define device discovery in smart homes and identify the features that constitute discovery in that environment. Then, we propose an evaluative rubric that rates smart home technology initiatives on their device discovery capabilities and use it to evaluate four commonly deployed technologies. We find none cover all device discovery aspects. We conclude by proposing a combined technology solution that provides comprehensive device discovery tailored to smart homes.}, } @Article{mangar:framework, author = {Ravindra Mangar and Timothy J. Pierson and David Kotz}, title = {{A framework for evaluating the security and privacy of smart-home devices, and its application to common platforms}}, journal = {IEEE Pervasive Computing}, year = 2024, month = {July}, volume = 23, number = 3, pages = {7--19}, publisher = {IEEE}, copyright = {the authors}, DOI = {10.1109/MPRV.2024.3421668}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mangar-framework/index.html}, abstract = {In this article, we outline the challenges associated with the widespread adoption of smart devices in homes. These challenges are primarily driven by scale and device heterogeneity: a home may soon include dozens or hundreds of devices, across many device types, and may include multiple residents and other stakeholders. We develop a framework for reasoning about these challenges based on the deployment, operation, and decommissioning life cycle stages of smart devices within a smart home. We evaluate the challenges in each stage using the well-known CIA triad---Confidentiality, Integrity, and Availability. In addition, we highlight open research questions at each stage. Further, we evaluate solutions from Apple and Google using our framework and find notable shortcomings in these products. Finally, we sketch some preliminary thoughts on a solution for the smart home of the near future.}, } @InProceedings{mangar:testbed, author = {Ravindra Mangar and Jingyu Qian and Wondimu Zegeye and Mounib Khanafer and Abdulrahman AlRabah and Ben Civjan and Shalni Sundram and Sam Yuan and Carl Gunter and Kevin Kornegay and Timothy J. Pierson and David Kotz}, title = {{Designing and Evaluating a Testbed for the Matter Protocol: Insights into User Experience}}, booktitle = {{Proceedings of the NDSS Workshop on Security and Privacy in Standardized IoT (SDIoTSec)}}, year = 2024, month = {February}, publisher = {NDSS}, copyright = {the authors}, DOI = {10.14722/sdiotsec.2024.23012}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mangar-testbed/index.html}, note = {Distinguished Paper Award}, abstract = {As the integration of smart devices into our daily environment accelerates, the vision of a fully integrated smart home is becoming more achievable through standards such as the Matter protocol. In response, this research paper explores the use of Matter in addressing the heterogeneity and interoperability problems of smart homes. We built a testbed and introduce a network utility device, designed to sniff network traffic and provide a wireless access point within IoT networks. This paper also presents experience of students using the testbed in an academic scenario.}, } @Article{pierson:inspector, author = {Timothy J. Pierson and Cesar Arguello and Beatrice Perez and Wondimu Zegeye and Kevin Kornegay and Carl Gunter and David Kotz}, title = {{We need a ``building inspector for IoT'' when smart homes are sold}}, journal = {IEEE Security \& Privacy}, year = 2024, month = {Nov-Dec.}, volume = 22, number = 6, pages = {75--84}, publisher = {IEEE}, copyright = {Open access}, DOI = {10.1109/MSEC.2024.3386467}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-inspector/index.html}, abstract = {Internet of Things (IoT) devices left behind when a home is sold create security and privacy concerns for both prior and new residents. We envision a specialized ``building inspector for IoT'' to help securely facilitate transfer of the home.}, } @Article{wang:insideout, author = {Chixiang Wang and Weijia He and Timothy Pierson and David Kotz}, title = {{Moat: Adaptive Inside/Outside Detection System for Smart Homes}}, journal = {Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT)}, year = 2024, month = {September}, volume = 8, number = 4, articleno = 157, numpages = 31, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3699751}, URL = {https://www.cs.dartmouth.edu/~kotz/research/wang-insideout/index.html}, abstract = {Smart-home technology is now pervasive, demanding increased attention to the security of the devices and the privacy of the home's residents. To assist residents in making security and privacy decisions - e.g., whether to allow a new device to connect to the network, or whether to be alarmed when an unknown device is discovered - it helps to know whether the device is inside the home, or outside. \par In this paper we present MOAT, a system that leverages Wi-Fi sniffers to analyze the physical properties of a device's wireless transmissions to infer whether that device is located inside or outside of a home. MOAT can adaptively self-update to accommodate changes in the home indoor environment to ensure robust long-term performance. Notably, MOAT does not require prior knowledge of the home's layout or cooperation from target devices, and is easy to install and configure. \par We evaluated MOAT in four different homes with 21 diverse commercial smart devices and achieved an overall balanced accuracy rate of up to 95.6\%. Our novel periodic adaptation technique allowed our approach to maintain high accuracy even after rearranging furniture in the home. MOAT is a practical and efficient first step for monitoring and managing devices in a smart home. }, } @InProceedings{wang:onboarding, author = {Chixiang Wang and Liam Cassidy and Weijia He and Timothy J. Pierson and David Kotz}, title = {{Challenges and opportunities in onboarding smart-home devices}}, booktitle = {{Proceedings of the International Workshop on Mobile Computing Systems and Applications (HotMobile)}}, year = 2024, month = {February}, pages = {60--65}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3638550.3641137}, URL = {https://www.cs.dartmouth.edu/~kotz/research/wang-onboarding/index.html}, abstract = {Smart-home devices have become integral to daily routines, but their onboarding procedures - setting up a newly acquired smart device into operational mode - remain understudied. The heterogeneity of smart-home devices and their onboarding procedure can easily overwhelm users when they scale up their smart-home system. While Matter, the new IoT standard, aims to unify the smart-home ecosystem, it is still evolving, resulting in mixed compliance among devices. In this paper, we study the complexity of device onboarding from users' perspectives. We thus performed cognitive walkthroughs on 12 commercially available smart-home devices, documenting the commonality and distinctions of the onboarding process across these devices. We found that onboarding smart home devices can often be tedious and confusing. Users must devote significant time to creating an account, searching for the target device, and providing Wi-Fi credentials for each device they install. Matter-compatible devices are supposedly easier to manage, as they can be registered through one single hub independent of the vendor. Unfortunately, we found such a statement is not always true. Some devices still need their own companion apps and accounts to fully function. Based on our observations, we give recommendations about how to support a more user-friendly onboarding process.}, } @Misc{perez:scanner-patent, author = {Beatrice Perez and Timothy Pierson and Gregory Mazzaro and David Kotz}, title = {{Harmonic Radar Scanner for Electronics}}, howpublished = {Patent Application 18/749,826, published as US2024/0426974}, year = 2024, month = {December}, day = 26, URL = {https://www.cs.dartmouth.edu/~kotz/research/perez-scanner-patent/index.html}, note = {Priority date 6/21/23; filed 6/21/24; published 12/26/24}, abstract = {A harmonic radar system for detecting an electronic device includes a signal generator for generating one or more transmit radio frequency (RF) signals, a transmitting antenna for sending the transmit RF signals into an environment, a receiving antenna for receiving signals reflected or re-radiated by the electronic device in the environment in response to the transmit RF signals, and a spectrum analyzer for identifying a harmonic frequency of the transmit RF signals in the filtered signals.}, } @InProceedings{perez:identification, author = {Beatrice Perez and Timothy J. Pierson and Gregory Mazzaro and David Kotz}, title = {{Identification and Classification of Electronic Devices Using Harmonic Radar}}, booktitle = {{Proceedings of the Distributed Computing in Smart Systems and the Internet of Things (DCOSS-IoT)}}, year = 2023, month = {June}, pages = {248--255}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/DCOSS-IoT58021.2023.00050}, URL = {https://www.cs.dartmouth.edu/~kotz/research/perez-identification/index.html}, abstract = { Smart home electronic devices invisibly collect, process, and exchange information with each other and with remote services, often without a home occupants' knowledge or consent. These devices may be mobile or fixed and may have wireless or wired network connections. Detecting and identifying all devices present in a home is a necessary first step to control the flow of data, but there exists no universal mechanism to detect and identify all electronic devices in a space. In this paper we present ICED (Identification and Classification of Electronic Devices), a system that can (i) identify devices from a known set of devices, and (ii) detect the presence of previously unseen devices. ICED, based on harmonic radar technology, collects measurements at the first harmonic of the radar's transmit frequency. We find that the harmonic response contains enough information to infer the type of device. It works when the device has no wireless network interface, is powered off, or attempts to evade detection. We evaluate performance on a collection of 17 devices and find that by transmitting a range of frequencies we correctly identify known devices with 97.6\% accuracy and identify previously unseen devices as `unknown' with 69.0\% balanced accuracy.}, } @InProceedings{perez:range, author = {Beatrice Perez and Cesar Arguello and Timothy J. Pierson and Gregory Mazzaro and David Kotz}, title = {{Evaluating the practical range of harmonic radar to detect smart electronics}}, booktitle = {{Proceedings of the IEEE Military Communications Conference (MILCOM)}}, year = 2023, month = {October}, pages = {528--535}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/MILCOM58377.2023.10356371}, URL = {https://www.cs.dartmouth.edu/~kotz/research/perez-range/index.html}, abstract = {Prior research has found that harmonic radar systems are able to detect the presence of electronic devices, even if the devices are powered off. These systems could be a powerful tool to help mitigate privacy invasions. For example, in a rental property devices such as cameras or microphones may be surreptitiously placed by a landlord to monitor renters without their knowledge or consent. A mobile harmonic radar system may be able to quickly scan the property and locate all electronic devices. The effective range of these systems for detecting consumer-grade electronics, however, has not been quantified. We address that shortcoming in this paper and evaluate a prototype harmonic radar system. We find the system, a variation of what has been proposed in the literature, is able to reliably detect some devices at a range of about two meters. We discuss the effect of hardware on the range of detection and propose an algorithm for automated detection.}, } @Article{perez:presence, author = {Beatrice Perez and Gregory Mazzaro and Timothy J. Pierson and David Kotz}, title = {{Detecting the Presence of Electronic Devices in Smart Homes Using Harmonic Radar}}, journal = {Remote Sensing}, year = 2022, month = {January}, volume = 14, number = 2, articleno = 327, numpages = 18, publisher = {MDPI}, copyright = {open-access (Creative Commons Attribution)}, DOI = {10.3390/rs14020327}, URL = {https://www.cs.dartmouth.edu/~kotz/research/perez-presence/index.html}, note = {Special issue on Nonlinear Junction Detection and Harmonic Radar}, abstract = {Data about users is collected constantly by phones, cameras, Internet websites, and others. The advent of so-called `Smart Things' now enable ever-more sensitive data to be collected inside that most private of spaces: the home. The first step in helping users regain control of their information (inside their home) is to alert them to the presence of potentially unwanted electronics. In this paper, we present a system that could help homeowners (or home dwellers) find electronic devices in their living space. Specifically, we demonstrate the use of harmonic radars (sometimes called nonlinear junction detectors), which have also been used in applications ranging from explosives detection to insect tracking. We adapt this radar technology to detect consumer electronics in a home setting and show that we can indeed accurately detect the presence of even `simple' electronic devices like a smart lightbulb. We evaluate the performance of our radar in both wired and over-the-air transmission scenarios.}, } @MastersThesis{malik:thesis, author = {Namya Malik}, title = {{SPLICEcube Architecture: An Extensible Wi-Fi Monitoring Architecture for Smart-Home Networks}}, school = {Dartmouth Computer Science}, year = 2022, month = {May}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/malik-thesis/index.html}, abstract = { The vision of smart homes is rapidly becoming a reality, as the Internet of Things and other smart devices are deployed widely. Although smart devices offer convenience, they also create a significant management problem for home residents. With a large number and variety of devices in the home, residents may find it difficult to monitor, or even locate, devices. A central controller that brings all the home's smart devices under secure management and a unified interface would help homeowners and residents track and manage their devices.\par We envision a solution called the SPLICEcube whose goal is to detect smart devices, locate them in three dimensions within the home, securely monitor their network traffic, and keep an inventory of devices and important device information throughout the device's lifecycle. The SPLICEcube system consists of the following components: 1) a main \emph{cube}, which is a centralized hub that incorporates and expands on the functionality of the home router, 2) a \emph{database} that holds network data, and 3) a set of support \emph{cubelets} that can be used to extend the range of the network and assist in gathering network data.\par To deliver this vision of identifying, securing, and managing smart devices, we introduce an architecture that facilitates intelligent research applications (such as network anomaly detection, intrusion detection, device localization, and device firmware updates) to be integrated into the SPLICEcube. In this thesis, we design a general-purpose Wi-Fi architecture that underpins the SPLICEcube. The architecture specifically showcases the functionality of the cubelets (Wi-Fi frame detection, Wi-Fi frame parsing, and transmission to cube), the functionality of the cube (routing, reception from cubelets, information storage, data disposal, and research application integration), and the functionality of the database (network data storage). We build and evaluate a prototype implementation to demonstrate our approach is \emph{scalable} to accommodate new devices and \emph{extensible} to support different applications. Specifically, we demonstrate a successful proof-of-concept use of the SPLICEcube architecture by integrating a security research application: an "Inside-Outside detection" system that classifies an observed Wi-Fi device as being inside or outside the home.}, } @Misc{vandenbussche:thesis, author = {Adam Vandenbussche}, title = {{TorSH: Obfuscating consumer Internet-of-Things traffic with a collaborative smart-home router network}}, school = {Dartmouth Computer Science}, year = 2022, month = {June}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/vandenbussche-thesis/index.html}, note = {Undergraduate Thesis}, abstract = {When consumers install Internet-connected "smart devices" in their homes, metadata arising from the communications between these devices and their cloud-based service providers enables adversaries privy to this traffic to profile users, even when adequate encryption is used. Internet service providers (ISPs) are one potential adversary privy to users' incoming and outgoing Internet traffic and either currently use this insight to assemble and sell consumer advertising profiles or may in the future do so. With existing defenses against such profiling falling short of meeting user preferences and abilities, there is a need for a novel solution that empowers consumers to defend themselves against profiling by ISP-like actors and that is more in tune with their wishes. In this thesis, we present The Onion Router for Smart Homes (TorSH), a network of smart-home routers working collaboratively to defend smart-device traffic from analysis by ISP-like adversaries. We demonstrate that TorSH succeeds in deterring such profiling while preserving smart-device experiences and without encumbering latency-sensitive, non-smart-device experiences like web browsing.}, } @InProceedings{mazzaro:preliminary, author = {Gregory Mazzaro and Kyle Gallagher and Kelly Sherbondy and Alex Bouvy and Beatrice Perez and Timothy Pierson and David Kotz}, title = {{Harmonic response vs. target orientation: a preliminary study of the effect of polarization on nonlinear junction detection}}, booktitle = {{Proceedings of the SPIE Radar Sensor Technology XXVI}}, year = 2022, month = {May}, day = 27, volume = 12108, articleno = 1210803, numpages = 21, publisher = {Society of Photo-Optical Instrumentation Engineers}, copyright = {SPIE}, DOI = {10.1117/12.2617881}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mazzaro-preliminary/index.html}, abstract = {When an electromagnetically-nonlinear radar target is illuminated by a high-power stepped-frequency probe, a sequence of harmonics is unintentionally emitted by that target. Detection of the target is accomplished by receiving stimulated emissions somewhere in the sequence, while ranging is accomplished by processing amplitude and phase recorded at multiple harmonics across the sequence. The strength of the harmonics reflected from an electronic target depends greatly upon the orientation of that target (or equivalently, the orientation of the radar antennas). Data collected on handheld wireless devices reveals the harmonic angular-dependence of commercially-available electronics. Data collected on nonlinearly-terminated printed circuit boards implies the origin of this dependency. The results of this work suggest that electronic targets may be classified and ultimately identified by their unique harmonic-response-vs.-angle patterns.}, } @Article{spangler:privacy, author = { Spangler, Hillary B. and Driesse, Tiffany M. and Lynch, David H. and Liang, Xiaohui and Roth, Robert M. and Kotz, David and Fortuna, Karen and Batsis, John A. }, title = {{Privacy Concerns of Older Adults Using Voice Assistant Systems}}, journal = {Journal of the American Geriatrics Society}, year = 2022, month = {August}, day = 26, volume = 70, number = 12, pages = {3643--3647}, publisher = {Wiley}, copyright = {The American Geriatrics Society}, DOI = {10.1111/jgs.18009}, URL = {https://www.cs.dartmouth.edu/~kotz/research/spangler-privacy/index.html}, abstract = {Voice assistant systems (VAS) are software platforms that complete various tasks using voice commands. It is necessary to understand the juxtaposition of younger and older adults' VAS privacy concerns as younger adults may have different concerns impacting VAS acceptance. Therefore, we examined the differences in VAS related privacy concerns across the lifespan. }, } @InProceedings{peters:via, author = {Travis Peters and Timothy J. Pierson and Sougata Sen and Jos{\'{e}} Camacho and David Kotz}, title = {{Recurring Verification of Interaction Authenticity Within Bluetooth Networks}}, booktitle = {{Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2021)}}, year = 2021, month = {June}, pages = {192--203}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3448300.3468287}, URL = {https://www.cs.dartmouth.edu/~kotz/research/peters-via/index.html}, abstract = {Although user authentication has been well explored, device-to-device authentication -- specifically in Bluetooth networks -- has not seen the same attention. We propose Verification of Interaction Authenticity (VIA) -- a recurring authentication scheme based on evaluating characteristics of the communications (interactions) between devices. We adapt techniques from wireless traffic analysis and intrusion detection systems to develop behavioral models that capture typical, authentic device interactions (behavior); these models enable recurring verification of device behavior. To evaluate our approach we produced a new dataset consisting of more than 300 Bluetooth network traces collected from 20 Bluetooth-enabled smart-health and smart-home devices. In our evaluation, we found that devices can be correctly verified at a variety of granularities, achieving an F1-score of 0.86 or better in most cases.}, } @Misc{gralla:inside-outside, author = {Paul Gralla}, title = {{An inside vs. outside classification system for Wi-Fi IoT devices}}, school = {Dartmouth Computer Science}, year = 2021, month = {June}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/gralla-inside-outside/index.html}, note = {Undergraduate Thesis}, abstract = {We are entering an era in which Smart Devices are increasingly integrated into our daily lives. Everyday objects are gaining computational power to interact with their environments and communicate with each other and the world via the Internet. While the integration of such devices offers many potential benefits to their users, it also gives rise to a unique set of challenges. One of those challenges is to detect whether a device belongs to one's own ecosystem, or to a neighbor -- or represents an unexpected adversary. An important part of determining whether a device is friend or adversary is to detect whether a device's location is within the physical boundaries of one's space (e.g. office, classroom, home). In this thesis we propose a system that is able to decide with 82\% accuracy whether the location of an IoT device is inside or outside of a defined space based on a small number of transmitted Wi- Fi frames. The classification is achieved by leveraging a machine-learning classifier trained and tested on RSSI data of Wi-Fi transmissions recorded by three or more observers. In an initialization phase the classifier is trained by the user on Wi-Fi transmissions of a variety of locations, inside (and outside). The system can be built with off-the-shelf Wi-Fi observing devices that do not require any special hardware modifications. With the exception of the training period, the system can accurately classify the indoor/outdoor state of target devices without any cooperation from the user or from the target devices.}, }