It was late at night in Arlington county on 16th January 1991. An unusual number of lights were on in the offices of the Pentagon. The employee car park was much fuller than normal. Another telling indication a keen observer would have noticed was the frequency of late-night pizza deliveries to the building. This seemingly innocuous information indicated something big was up at US Defence HQ. It was of course, the start of Operation Desert Storm. One local pizza outlet reported deliveries to the Pentagon up 600% that night. Seemingly innocuous data can lead an acute observer to infer meaningful information and conclude that a military offensive was imminent.
An inference attack uses ancillary sources of data to infer meaningful information about something hidden. Inference attacks are privacy and security threats especially relevant to IoT. If IoT data indicates that early in the evening the car is not in the garage, the home lights are off, the doors are locked and the alarm is activated, then it may be inferred that the occupants are probably out.
Inference attacks require a degree of deduction. Interpretation can involve an aspect of aggregation where innocuous data from more than one source are combined, in order to provide meaningful insight. Office lights, car park occupancy and pizza deliveries for example.
As IoT brings about the intersection of sensors, smart devices, interconnectivity, cloud and big data, inference attacks are a particular threat. The IoT ecosystem collates, links and merges data from multiple sources, expanding the opportunity for inference. Data from smart meters and home security and lighting systems can be combined with location data for example. Inference can turn security prevention systems into security vulnerabilities. Consumers will be rightly concerned if IoT data introduces the threat of private aspects of their lives being inferred, such as their location, health, financial position, relationships, interests, proclivities, etc.
IoT devices range in complexity from relatively dumb sensors through to semi-autonomous and fully autonomous smart devices. Dumb sensors simply relay their sensor data. Semi-autonomous devices can sense context with other sensors, such as a fridge that measures inventory and generates a shopping list. A fully autonomous fridge goes one step further and orders food from the store, it may even have direct communication with health care and health insurance providers, and it could even control other smart devices such as the stove. The more autonomous the device, the greater the threat of data leaks leading to inferences.
In a smart car, data from sensors (such as seat settings, entertainment system settings, climate control settings, driving style, route and location) can be used to infer the identity of the driver. The smart car could get traffic data from the street light. A smart pizza could communicate with the microwave, and a smart T-shirt could communicate with the washing machine. With IoT there’s a whole lotta talkin’ going on.
As IoT matures, devices will become more autonomous. In a similar way that people communicate with others on social networking, smart autonomous devices communicate on a social network of things – it’s like a Facebook for IoT. Due to diverse data sources, it is difficult to predict possible inferences through data leaks from the social network of things, and therefore challenging to mitigate. There could even come a point at which just about everything treasured private could be accurately inferred about an individual through IoT data.
IoT developers should be considering countermeasures to IoT inference attacks such as securing even innocuous data through encryption, ensuring integrity of login credentials, anti-MITM solutions, locking down the endpoint mobile application, data classification, use of VPNs, cloaking data by adding noise, and generalising data before it is made available.