Recent advances in the Internet of Things are leading to a proliferation of smart devices in our daily life. Having so many connected devices around us potentially introduces new witnesses that can be a reference for forensic investigations. For these reasons, IoT Forensics has become a popular research area with the goal of extracting information from IoT devices to be used as potential evidence. This work presents Feature-Sniffer , a framework to be installed in Wi-Fi access points with the aim of facilitating the extraction of network traffic information from IoT devices, to be later used for forensic purposes. The tool allows the on-the-fly computation of traffic features from connected IoT devices by using a simple user interface for its configuration. After presenting the tool logic and its implementation details, we present an accurate analysis of the tool computational impact on two different consumer Wi-Fi access points. Finally, we present four different IoT forensics use cases, in which network traffic features extracted with the proposed tool from consumer IoT devices are analyzed with machine learning techniques with the goal of 1) identifying the device producing the traffic; 2) recognizing the activity performed by the user; 3) detecting the user’s passage through a room door; and 4) detecting and classifying user interactions with a smart speaker. We conclude the work by presenting an analysis of possible storage optimization for evidence preservation with the use of lossy compression techniques.

Designing a Forensic-Ready Wi-Fi Access Point for the Internet of Things

Palmese, Fabio;Redondi, Alessandro Enrico Cesare;Cesana, Matteo
2023-01-01

Abstract

Recent advances in the Internet of Things are leading to a proliferation of smart devices in our daily life. Having so many connected devices around us potentially introduces new witnesses that can be a reference for forensic investigations. For these reasons, IoT Forensics has become a popular research area with the goal of extracting information from IoT devices to be used as potential evidence. This work presents Feature-Sniffer , a framework to be installed in Wi-Fi access points with the aim of facilitating the extraction of network traffic information from IoT devices, to be later used for forensic purposes. The tool allows the on-the-fly computation of traffic features from connected IoT devices by using a simple user interface for its configuration. After presenting the tool logic and its implementation details, we present an accurate analysis of the tool computational impact on two different consumer Wi-Fi access points. Finally, we present four different IoT forensics use cases, in which network traffic features extracted with the proposed tool from consumer IoT devices are analyzed with machine learning techniques with the goal of 1) identifying the device producing the traffic; 2) recognizing the activity performed by the user; 3) detecting the user’s passage through a room door; and 4) detecting and classifying user interactions with a smart speaker. We conclude the work by presenting an analysis of possible storage optimization for evidence preservation with the use of lossy compression techniques.
2023
Internet of Things, IoT forensics, network traffic analysis, network traffic collection
File in questo prodotto:
File Dimensione Formato  
Designing_a_Forensic-Ready_Wi-Fi_Access_Point_for_the_Internet_of_Things.pdf

accesso aperto

Descrizione: Article
: Publisher’s version
Dimensione 6.08 MB
Formato Adobe PDF
6.08 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11311/1256264
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? ND
social impact