Despite the prevalence of Internet of Things (IoT) devices, there is little information about the purpose and risks of the Internet traffic these devices generate, and consumers have limited options for controlling those risks. A key open question is whether one can mitigate these risks by automatically blocking some of the Internet connections from IoT devices, without rendering the devices inoperable.

To answer this, we have created IoTrim. Under a new line of work, led by Postdoctoral Research Fellow Dr Anna Mandalari of Systems and Algorithms Laboratory (SysAL), in collaboration with colleagues at Khoury College of Computer Sciences at Northeastern University, investigate this question by developing a rigorous methodology that relies on automated IoT-device experimentation to reveal which network connections (and the information they expose) are essential, and which are not, hence allowing firewall rules to block traffic sent to non-required destinations without breaking the functionality of the device. In the majority of the devices examined, devices have been exposing information to several non-required destinations.

Based on the limitations of existing blocklists on IoT traffic, the team propose a set of guidelines for automatically limiting non-essential IoT traffic, and develop a prototype system that implements these guidelines. The work has been done using the Advanced IoT Testbed at the SysAL group at Imperial College London. The team has recently won one of the TOP 10 spots in the Telekom Challenge Development Stream, receiving a generous gift to develop a prototype for the blocking system, IoTrimmer.

The full paper (to appear in the The 21st Privacy Enhancing Technologies Symposium 2021 PETS’21) and details are available here, and the project software, data, and blocking lists are available at http://iotrim.net/.

Our project won one of the Top 10 spots in the Telekom Challenge amongst 180 startup teams around the world.