Research On Detection Methods Of Communication Privacy Leakage Of Smart Home System

Using network technology,automatic control technology and intelligent cloud management technology,smart home system connects home devices to make them “smart” and complete daily tasks automatically without human intervention.However,device manufacturers mainly consider the practicality of the products in the research and development process,and then ignore the security of the products,which leads to a large number of security problems in the smart home system.Among them,privacy leakage is the most concerned security issue.This paper investigates each component of the smart home system and its communication mechanism,and divides the research into two parts according to the communication process: the research on the privacy leakage detection method of smart home devices and cloud platform communication and the research on the privacy leakage detection method of smart home cloud platform and mobile App communication,the specific research work is as follows.1)Aiming at the problem of encrypted traffic privacy leak detection of smart home devices and cloud platforms,a machine learn-based encryption traffic privacy leak detection scheme is proposed.Firstly,event signatures are performed on the encrypted traffic of smart home devices and cloud platform communications.According to the signatures,all events are classified into private events and non-private events,and the private events are detected by machine learning algorithm.Secondly,the privacy leakage detection is carried out for 7 popular smart home cloud platforms and their devices,and found that 5 of them have privacy leakage problems.Finally,the reasons for privacy leakage of encrypted traffic between intelligent home cloud platform and devices are analyzed,and we put forward corresponding mitigation measures.2)Aiming at the privacy leakage detection problem of smart home cloud platform and mobile App communication,a privacy leakage detection scheme based on API is proposed.According to the decrypted traffic,the API containing the unique identity of the device is extracted,and the general privacy information is obtained by identifying the unique identity of the device.Then reverse the mobile App and find the generation method of unique device identification.Modify the data packet through Hook technology to obtain the device privacy information without permission.Moreover,Ali Intelligent App and cloud platform communication were tested,and 16 APIs containing private information were found,among which 2 APIs had privacy leakage problems.