PhD Defence: “Privacy Challenges in Wireless Communications of the Internet of Things”, Guillaume Celosia, 22th of September 2020 at 9.30AM

Title

Privacy Challenges in Wireless Communications of the Internet of Things

 

Abstract

Also known as the Internet of Things (IoT), the proliferation of connected objects offers unprecedented opportunities to consumers. From fitness trackers to medical assistants, through smarthome appliances, the IoT objects are evolving in a plethora of application fields. However, the benefits that they can bring to our society increase along with their privacy implications. Continuously communicating valuable information via wireless links such as Bluetooth and Wi-Fi, those connected devices support their owners within their activities. Most of the time emitted on open channels, and sometimes in the absence of encryption, those information are then easily accessible to any passive attacker in range. In this thesis, we explore two major privacy concerns resulting from the expansion of the IoT and its wireless communications: physical tracking and inference of users information. Based on two large datasets composed of radio signals from Bluetooth/BLE devices, we first defeat existing anti-tracking features prior to detail several privacy invasive applications. Relying on passive and active attacks, we also demonstrate that broadcasted messages contain cleartext information ranging from the devices technical characteristics to personal data of the users such as e-mail addresses and phone numbers. In a second time, we design practical countermeasures to address the identified privacy issues. In this direction, we provide recommendations to manufacturers, and propose an approach to verify the absence of flaws in the implementation of their protocols. Finally, to further illustrate the investigated privacy threats, we implement two demonstrators. As a result, Venom introduces a visual and experimental physical tracking system, while Himiko proposes a human interface allowing to infer information on IoT devices and their owners.

 

Jury

  • Kasper Rasmussen – Associate Professor, University of Oxford – Rapporteur
  • Bernard Tourancheau – Professeur des Universités, Université Grenoble Alpes – Rapporteur
  • Sonia Ben Mokhtar – Directeur de Recherche, CNRS – Examinateur
  • Jean-Marie Gorce – Professeur des Universités, INSA Lyon – Examinateur
  • Vincent Nicomette – Professeur des Universités, INSA Toulouse – Examinateur
  • Valérie Viet Triem Tong – Professeur des Universités, CentraleSupélec Rennes – Examinateur
  • Daniel Le Métayer – Directeur de Recherche, Inria – Directeur de thèse
  • Mathieu Cunche – Maître de Conférences, INSA Lyon – co Directeur de thèse