| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | March 12, 2020 |
| Latest Amendment Date: | March 3, 2022 |
| Award Number: | 1947913 |
| Award Instrument: | Standard Grant |
| Program Manager: |
James Joshi
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | March 1, 2020 |
| End Date: | February 28, 2023 (Estimated) |
| Total Intended Award Amount: | $175,000.00 |
| Total Awarded Amount to Date: | $207,000.00 |
| Funds Obligated to Date: |
FY 2021 = $16,000.00 FY 2022 = $16,000.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
2600 CLIFTON AVE CINCINNATI OH US 45220-2872 (513)556-4358 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
Cincinnati OH US 45221-0222 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): |
Special Projects - CNS, Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01002021DB NSF RESEARCH & RELATED ACTIVIT 01002122DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Millions of users interact with smart speakers every day. However, there remains a significant gap in the understanding of the privacy impacts of smart speakers. A poor understanding of the privacy impacts can lead to unauthorized disclosure, affect the well-beings of users, and thwart Internet freedom. To bridge this gap, this project investigates the privacy leakage of smart speakers under a new encrypted traffic analysis attack, referred to as voice command fingerprinting, and develops new defenses against this attack. This attack infers which voice command a user says to a smart speaker by analyzing side-channel information of encrypted network traffic.
This research includes four thrusts: (1) producing large-scale datasets for encrypted traffic analysis on smart speakers; (2) leveraging deep learning in the attack to investigate the privacy leakage; (3) promoting the efficiency of defenses by analyzing which encrypted packets should be protected with a higher priority; (4) developing a defense against the attack by generating adversarial examples on the fly. The research will promote the understanding of the privacy impacts of smart speakers and advance the knowledge in privacy-preserving technologies. The research findings will be disseminated through publications and presentations. The datasets and source code will be made publicly available for the research community. This project will integrate the research activities into curriculum development, render research opportunities to female and underrepresented students, and advance research experience for high school teachers and students in STEM (Science, Technology, Engineering and Math).
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
The main research outcomes of this project, entitled "CRII: SaTC: Fingerprinting Encrypted Voice Traffic on Smart Speakers," include (1) producing large-scale datasets for encrypted traffic analysis on smart speakers (including Alexa and Google Home); (2) demonstrating that an attacker running deep neural networks, such as Convolutional Neural Networks, can reveal which voice command a user says to a smart speaker with a high accuracy (over 90%) by fingerprinting encrypted network traffic; (3) developing new countermeasures that can effectively perturb encrypted network traffic with low overhead to defend against fingerprinting attacks; (4) building new algorithms to perturb encrypted network traffic on-the-fly, and therefore, effectively preserve user privacy against fingerprinting attacks. In addition to the findings of fingerprinting attacks over encrypted voice data on smart speakers, the team also extends the research findings to encrypted network traffic on video streams (e.g., YouTube videos) and encrypted traffic in anonymous networks (e.g., Tor networks).
The research findings have been disseminated by publications in major security and privacy conferences, including ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), ACM Conference on Data and Application Security and Privacy (CODASPY), IEEE Conference on Communications and Network Security (CNS), IEEE Conference on Information Reuse and Integration for Data Science (IRI), IEEE/ACM International Symposium on Quality of Services (IWQoS), and International Conference on Security and Privacy in Communication Networks (SecureComm). The source code and multiple large-scale datasets of encrypted network traffic (170 GBs in total) are made publicly available on GitHub and are shared with the research community for reproducing and expanding the research findings. Specifically, the dataset of encrypted network traffic on smart speakers (published by the PI and his team from WiSec'20 paper) has been utilized by researchers from multiple institutions, including Stevens Institute of Technology, Florida Institute of Technology, Colorado State University, and Worcester Polytechnic Institute. A dedicated project webpage is created and maintained by the PI to disseminate the outcomes of this project. The PI has delivered research talks on AI-based fingerpriting attacks over encrypted traffic at University of Dayton (OH) and Ohio Information Security Conference.
This project has also provided opportunities for teaching and mentoring in the field of machine learning, network security, and encryption. The project efforts and funds contributed, in part, to the training of three Ph.D. students and four undergraduate students (including an undergraduate student from underrepresented groups in STEM areas) at the University of Cincinnati. Specifically, one Ph.D. student (Chenggang Wang) successfully defended his dissertation and joined Auburn University at Montgomery as a tenure-track Assistant Professor in Spring 2023. In addition, parts of the project results have been incorporated into a graduate-level cybersecurity course that the PI teaches at the University of Cincinnati and the 2022 cybersecurity summer camp hosted by the Department of Electrical and Computer Engineering at the University of Cincinnati.
Last Modified: 04/02/2023
Modified by: Boyang Wang
Please report errors in award information by writing to: awardsearch@nsf.gov.
