Soutenance de thèse : Guillaume CELOSIA

Privacy Challenges in Wireless Communications of the Internet of Things

Doctorant : Guillaume CELOSIA

Laboratoire INSA : CITI
Ecole doctorale : ED512 : Informatique et Mathématiques de Lyon

Also known as the Internet of Things (IoT), the proliferation of connected objects offers unprecedented opportunities to consumers. From fitness trackers to medical assistants, through smarthome appliances, the IoT objects are evolving in a plethora of application fields.
However, the benefits that they can bring to our society increase along with their privacy implications. Continuously communicating valuable information via wireless links such as Bluetooth and Wi-Fi, those connected devices support their owners within their activities. Most of the time emitted on open channels, and sometimes in the absence of encryption, those information are then easily accessible to any passive attacker in range.
In this thesis, we explore two major privacy concerns resulting from the expansion of the IoT and its wireless communications: physical tracking and inference of users information. Based on two large datasets composed of radio signals from Bluetooth/BLE devices, we first defeat existing anti-tracking features prior to detail several privacy invasive applications. Relying on passive and active attacks, we also demonstrate that broadcasted messages contain cleartext information ranging from the devices technical characteristics to personal data of the users such as e-mail addresses and phone numbers.
In a second time, we design practical countermeasures to address the identified privacy issues. In this direction, we provide recommendations to manufacturers, and propose an approach to verify the absence of flaws in the implementation of their protocols.
Finally, to further illustrate the investigated privacy threats, we implement two demonstrators. As a result, Venom introduces a visual and experimental physical tracking system, while Himiko proposes a human interface allowing to infer information on IoT devices and their owners.